diff --git a/beaglebone.txt b/beaglebone.txt index 16ef1e67..8c40c083 100644 --- a/beaglebone.txt +++ b/beaglebone.txt @@ -4911,7 +4911,7 @@ Add the following, replacing /mypumpiodomainname.com/ with your domain name. "serverUser": "pumpio", "rejectUnauthorized": false, "key": "/var/local/pump.io/keys/mypumpiodomainname.com.key", - "cert": "/var/local/pump.io/keys/mypumpiodomainname.com.crt", + "cert": "/var/local/pump.io/keys/mypumpiodomainname.com.bundle.crt", "uploaddir": "/var/local/pump.io/uploads", "debugClient": false, "firehose": "ofirehose.example", @@ -4929,80 +4929,81 @@ mkdir /var/local/pump.io/uploads mkdir /var/local/pump.io/keys cp /etc/ssl/private/$HOSTNAME.key /var/local/pump.io/keys cp /etc/ssl/certs/$HOSTNAME.crt /var/local/pump.io/keys +cp /etc/ssl/certs/$HOSTNAME.bundle.crt /var/local/pump.io/keys useradd -s /bin/bash -d /var/local/pump.io pumpio chown -R pumpio:pumpio /var/local/pump.io chmod 400 /var/local/pump.io/keys/* chmod -R 777 /opt #+END_SRC -Patch the version of Apache. +Edit your web server configuration. #+BEGIN_SRC: bash -mkdir ~/build -mkdir ~/build/apache2 -cd ~/build/apache2 -apt-get build-dep apache2 -apt-get install autoconf -apt-get source apache2 -cd apache2-* -wget http://freedombone.uk.to/apache-2.2-wstunnel.patch -sha256sum apache-2.2-wstunnel.patch -cfc4866da2688a8eb76e0300cf16b52539ef4e525053a3851d4b6bba9a77e439 - -patch -p1 -i apache-2.2-wstunnel.patch -autoconf -./configure --enable-so --enable-proxy=shared --enable-proxy-wstunnel=shared -make -make install - -cp modules/proxy/.libs/mod_proxy_wstunnel.so /usr/lib/apache2/modules/ -cd /etc/apache2/mods-enabled -ln -s /usr/lib/apache2/modules/mod_proxy_wstunnel.so ../mods-available/proxy_wstunnel.load +editor /etc/nginx/sites-available/$HOSTNAME #+END_SRC -Within the section of your Apache site configuration: +Delete all existing contents then add the following: #+BEGIN_SRC: bash -editor /etc/apache2/sites-available/mypumpiodomainname.com -#+END_SRC +upstream pumpbackend { + server 127.0.0.1:7270 max_fails=3 fail_timeout=30s; + server 127.0.0.1:7270 max_fails=3 fail_timeout=60s; + server 127.0.0.1:7270 max_fails=3 fail_timeout=90s; +} -The initial section which begins with ** should be replaced by the following, replacing /mypumpiodomainname.com/ with your pump.io domain name and /myusername@mydomainname.com/ with your email address. +server { + listen 80; + server_name mypumpiodomainname.com; + rewrite ^ https://$server_name$request_uri? permanent; +} -#+BEGIN_SRC: bash - - ServerAdmin myusername@mydomainname.com - ServerName mypumpiodomainname.com +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} - RewriteEngine On - RewriteCond %{HTTPS} off - RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} - -#+END_SRC +server { + listen 443 ssl; + server_name mypumpiodomainname.com; -Add the following in the section which begins with **. + error_log /var/www/mypumpiodomainname.com/error.log debug; -#+BEGIN_SRC: bash - ProxyVia On - ProxyPreserveHost On - ProxyRequests Off - SSLProxyEngine On + ssl on; + ssl_certificate /etc/ssl/certs/mypumpiodomainname.com.bundle.crt; + ssl_certificate_key /etc/ssl/private/mypumpiodomainname.com.key; - ProxyPass / https://localhost:7270/ - ProxyPassReverse / https://localhost:7270/ + ssl_session_timeout 5m; + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive + ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA'; + #add_header Strict-Transport-Security max-age=15768000; # six months + # use this only if all subdomains support HTTPS! + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains"; + + client_max_body_size 6m; + + keepalive_timeout 75 75; + gzip_vary off; + + location / { + proxy_pass https://pumpbackend; + proxy_http_version 1.1; + proxy_redirect off; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_buffers 16 32k; + } +} #+END_SRC Save and exit. #+BEGIN_SRC: bash -a2enmod ssl -a2enmod cache -a2enmod disk_cache -a2enmod expires -a2enmod proxy -a2enmod proxy_connect -a2enmod proxy_http -apachectl configtest -service apache2 restart +sed "s/mypumpiodomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website +cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME +service nginx restart npm install forever -g #+END_SRC