ENGroup 網站

  • Home
    • SMap
    • reveal
    • blog
  • About
    • Reveal
    • MISC
    • GW
    • Webots
    • FossilSCM
    • Reeborg
    • NX2312
    • Brython
    • RL
      • Rocket1
      • PGP
  • Linux
    • HP server
    • Lubuntu
    • Windows
  • Bind
  • Squid
    • VM1
  • Rocket
  • cmsimde
  • VM
    • Virtualbox
    • Proxmox VE
      • Intro_PVE
HP server << Previous Next >> Windows

Lubuntu

Letsencrypt: https://certbot.eff.org/instructions 

add s1.eng.nfu.edu.tw into DNS server

https://certbot.eff.org/instructions?ws=nginx&os=pip

Get site certificate:

sudo apt update

sudo apt install nginx

sudo apt install python3 python3-dev python3-venv libaugeas-dev gcc

sudo python3 -m venv /opt/certbot/

sudo /opt/certbot/bin/pip install --upgrade pip

sudo /opt/certbot/bin/pip install certbot certbot-nginx

sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

sudo certbot certonly --nginx

echo "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q" | sudo tee -a /etc/crontab > /dev/null

Certificate is saved at: /etc/letsencrypt/live/s1.eng.nfu.edu.tw/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/s1.eng.nfu.edu.tw/privkey.pem

Nginx:

server {
	listen [::]:80 default_server;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html;

	server_name s1.eng.nfu.edu.tw;

	location / {
		try_files $uri $uri/ =404;
	}
	
	# ~/public_html for every user - Lubuntu style
	location ~ ^/~([^/]+)(/.*)?$ {
	    alias /home/$1/public_html$2;
	    autoindex on;

	    # Block hidden files/folders (.git, .htaccess, etc.)
	    location ~ /\.[^/]*$ { deny all; }
	}
}

set nginx as system service:

sudo systemctl enable nginx

sudo systemctl restart nginx

sudo systemctl status nginx

set user's directory as og+r:

sudo chmod 711 /home/*

Result: http://s1.eng.nfu.edu.tw/~mde

stunnel and waitress:

stunnel.conf

[https]
accept = server_name:443
connect = 127.0.0.1:9443
cert = /etc/stunnel/fullchain.pem
key = /etc/stunnel/privkey.pem
TIMEOUTClose = 0

啟動 stunnel: sudo /etc/init.d/stunnel4 start

必須要將 stunnel 與 waitress_server.py 的執行設為系統服務。

stunnel:

    sudo -E scite /etc/default/stunnel4 

    add ENABLED=1

    sudo systemctl enable stunnel4

    sudo systemctl start stunnel4

    sudo systemctl status stunnel4

set python waitress_server.py under venv as system service:

/etc/systemd/system/waitress.service:

[Unit]
Description=Waitress Python Web Server
After=network.target

[Service]
# The user account to run the service as:
User=account
Group=account
WorkingDirectory=/home/account/github/eng

# Command to start your script
# Assume the venv is named cmsimde
ExecStart=/home/account/cmsimde/bin/python /home/account/github/eng/waitress_server.py

Restart=always
RestartSec=5
Environment=PYTHONUNBUFFERED=1

[Install]
WantedBy=multi-user.target

Set waitress as system service:

Create service    sudo nano /etc/systemd/system/waitress.service
Reload systemd    sudo systemctl daemon-reload
Enable on boot    sudo systemctl enable waitress
Start service    sudo systemctl start waitress
Check logs    sudo journalctl -u waitress -f


HP server << Previous Next >> Windows

Copyright © All rights reserved | This template is made with by Colorlib