Ссылки
https://casaos.zimaspace.com/ https://github.com/IceWhaleTech/CasaOS
Установка:
0. Обновляем source.list и ставим пакеты # debian12 vim /etc/apt/sources.list ------------------------- deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware ------------------------- apt update apt install sudo vim curl qemu-kvm libvirt-daemon-system ovmf virtinst openvswitch-switch bridge-utils rsync openssl 1. Создаем юзера adduser user1 usermod -aG sudo user1 2. Редактируем судоерс, находим блок и редактируем его добавив "user1 ALL=(ALL:ALL) NOPASSWD: ALL" visudo ------ # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL user1 ALL=(ALL:ALL) NOPASSWD: ALL ------ 3. Ставим casaos под пользователем user1 su user1 curl -fsSL https://get.casaos.io | sudo bash
https to http proxy / используем само подписанный сертификат
0. Ставим nginx
apt install nginx
Остановим его пока что
systemctl stop nginx
1. Генерируем сертификаты, увеличиваем кол-во дней жизни сертификата
На все вопросы жмем Enter
#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
Генерируем ДХ
openssl dhparam -out /etc/nginx/dhparam.pem 4096
2. Приводим конфиг примерно к такому виду
vim /etc/nginx/sites-available/default
--------------------------------------
# Default server configuration
server {
listen 555 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
#ssl_protocols TLSv1.2;
#ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling off; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
server {
listen 443 ssl;
#server_name casaos.b14esh.com;
server_name 192.168.15.100;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://192.168.15.100:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 10082 ssl;
#server_name b14esh.com;
server_name 192.168.15.100;
client_max_body_size 32G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://192.168.15.100:10081;
}
}
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# vim /etc/nginx/sites-available/default
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl stop nginx
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl start nginx
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# cat /etc/nginx/sites-available/default
# Default server configuration
server {
listen 555 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
#ssl_protocols TLSv1.2;
#ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling off; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
server {
listen 443 ssl;
#server_name casaos.b14esh.com;
server_name 192.168.15.100;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://192.168.15.100:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 10082 ssl;
#server_name b14esh.com;
server_name 192.168.15.100;
client_max_body_size 32G;
client_body_timeout 300s;
fastcgi_buffers 64 4K;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
location / {
proxy_pass http://192.168.15.100:10081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
--------------------------------------
Запускаем nginx
systemctl start nginx
Дополнительные пакеты для casaos
https://github.com/WisdomSky/CasaOS-Coolstore