free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Convert pump.io to nginx

This commit is contained in:
Bob Mottram 2014-09-11 21:30:33 +01:00
parent 00b3d2b7e1
commit fff123e88e
1 changed files with 53 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
beaglebone.txt
View File

@ -4911,7 +4911,7 @@ Add the following, replacing /mypumpiodomainname.com/ with your domain name.
"serverUser": "pumpio", "serverUser": "pumpio",
"rejectUnauthorized": false, "rejectUnauthorized": false,
"key": "/var/local/pump.io/keys/mypumpiodomainname.com.key", "key": "/var/local/pump.io/keys/mypumpiodomainname.com.key",
"cert": "/var/local/pump.io/keys/mypumpiodomainname.com.crt", "cert": "/var/local/pump.io/keys/mypumpiodomainname.com.bundle.crt",
"uploaddir": "/var/local/pump.io/uploads", "uploaddir": "/var/local/pump.io/uploads",
"debugClient": false, "debugClient": false,
"firehose": "ofirehose.example", "firehose": "ofirehose.example",
@ -4929,80 +4929,81 @@ mkdir /var/local/pump.io/uploads
mkdir /var/local/pump.io/keys mkdir /var/local/pump.io/keys
cp /etc/ssl/private/$HOSTNAME.key /var/local/pump.io/keys cp /etc/ssl/private/$HOSTNAME.key /var/local/pump.io/keys
cp /etc/ssl/certs/$HOSTNAME.crt /var/local/pump.io/keys cp /etc/ssl/certs/$HOSTNAME.crt /var/local/pump.io/keys
cp /etc/ssl/certs/$HOSTNAME.bundle.crt /var/local/pump.io/keys
useradd -s /bin/bash -d /var/local/pump.io pumpio useradd -s /bin/bash -d /var/local/pump.io pumpio
chown -R pumpio:pumpio /var/local/pump.io chown -R pumpio:pumpio /var/local/pump.io
chmod 400 /var/local/pump.io/keys/* chmod 400 /var/local/pump.io/keys/*
chmod -R 777 /opt chmod -R 777 /opt
#+END_SRC #+END_SRC
Patch the version of Apache. Edit your web server configuration.
#+BEGIN_SRC: bash #+BEGIN_SRC: bash
mkdir ~/build editor /etc/nginx/sites-available/$HOSTNAME
mkdir ~/build/apache2
cd ~/build/apache2
apt-get build-dep apache2
apt-get install autoconf
apt-get source apache2
cd apache2-*
wget http://freedombone.uk.to/apache-2.2-wstunnel.patch
sha256sum apache-2.2-wstunnel.patch
cfc4866da2688a8eb76e0300cf16b52539ef4e525053a3851d4b6bba9a77e439
patch -p1 -i apache-2.2-wstunnel.patch
autoconf
./configure --enable-so --enable-proxy=shared --enable-proxy-wstunnel=shared
make
make install
cp modules/proxy/.libs/mod_proxy_wstunnel.so /usr/lib/apache2/modules/
cd /etc/apache2/mods-enabled
ln -s /usr/lib/apache2/modules/mod_proxy_wstunnel.so ../mods-available/proxy_wstunnel.load
#+END_SRC #+END_SRC
Within the section of your Apache site configuration: Delete all existing contents then add the following:
#+BEGIN_SRC: bash #+BEGIN_SRC: bash
editor /etc/apache2/sites-available/mypumpiodomainname.com upstream pumpbackend {
#+END_SRC server 127.0.0.1:7270 max_fails=3 fail_timeout=30s;
server 127.0.0.1:7270 max_fails=3 fail_timeout=60s;
server 127.0.0.1:7270 max_fails=3 fail_timeout=90s;
}
The initial section which begins with *<VirtualHost *:80>* should be replaced by the following, replacing /mypumpiodomainname.com/ with your pump.io domain name and /myusername@mydomainname.com/ with your email address. server {
listen 80;
server_name mypumpiodomainname.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
#+BEGIN_SRC: bash map $http_upgrade $connection_upgrade {
<VirtualHost *:80> default upgrade;
ServerAdmin myusername@mydomainname.com '' close;
ServerName mypumpiodomainname.com }
RewriteEngine On server {
RewriteCond %{HTTPS} off listen 443 ssl;
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} server_name mypumpiodomainname.com;
</VirtualHost>
#+END_SRC
Add the following in the section which begins with *<VirtualHost *:443>*. error_log /var/www/mypumpiodomainname.com/error.log debug;
#+BEGIN_SRC: bash ssl on;
ProxyVia On ssl_certificate /etc/ssl/certs/mypumpiodomainname.com.bundle.crt;
ProxyPreserveHost On ssl_certificate_key /etc/ssl/private/mypumpiodomainname.com.key;
ProxyRequests Off
SSLProxyEngine On
ProxyPass / https://localhost:7270/ ssl_session_timeout 5m;
ProxyPassReverse / https://localhost:7270/ ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # not possible to do exclusive
ssl_ciphers 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA';
#add_header Strict-Transport-Security max-age=15768000; # six months
# use this only if all subdomains support HTTPS!
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
client_max_body_size 6m;
keepalive_timeout 75 75;
gzip_vary off;
location / {
proxy_pass https://pumpbackend;
proxy_http_version 1.1;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffers 16 32k;
}
}
#+END_SRC #+END_SRC
Save and exit. Save and exit.
#+BEGIN_SRC: bash #+BEGIN_SRC: bash
a2enmod ssl sed "s/mypumpiodomainname.com/$HOSTNAME/g" /etc/nginx/sites-available/$HOSTNAME > /tmp/website
a2enmod cache cp -f /tmp/website /etc/nginx/sites-available/$HOSTNAME
a2enmod disk_cache service nginx restart
a2enmod expires
a2enmod proxy
a2enmod proxy_connect
a2enmod proxy_http
apachectl configtest
service apache2 restart
npm install forever -g npm install forever -g
#+END_SRC #+END_SRC