- 浏览: 2542917 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
Grav CMS System(4)Multiple Domain Sites in HAProxy and HTTPS
Follow
https://www.jianshu.com/p/907eec663cf1
Free SSL Org https://letsencrypt.org/
Tool to generate key https://certbot.eff.org/
Install Certbot on CentOS
> sudo yum install certbot
Install Certbot on Ubuntu
> sudo apt-get update
> sudo apt-get install software-properties-common
> sudo add-apt-repository ppa:certbot/certbot
> sudo apt-get update
> sudo apt-get install certbot
Install that on RaspberryPi
> wget https://dl.eff.org/certbot-auto
> sudo chmod a+x certbot-auto
> sudo mv certbot-auto /usr/local/bin/
Verify the installation
> certbot -h
Or
> certbot-auto -h
Set Up HAProxy proxy to our 8081 NGINX PHP Grav Application
https://seanmcgary.com/posts/haproxy---route-by-domain-name/
These configuration in nginx will work haproxy.conf
global
maxconn 400
defaults
mode http
timeout connect 30000
timeout client 50000
timeout server 50000
stats enable
stats hide-version
stats uri /stats
stats auth admin:admin
frontend http-in
bind :80
default_backend grav-web
backend grav-web
balance leastconn
option httpclose
cookie JSESSIONID prefix
server grav-web1 192.168.1.108:8081 cookie A check
listen scrapyd
bind *:6800
mode tcp
balance roundrobin
server scrapyd1 192.168.1.108:6801 check
server scrapyd2 192.168.1.108:6802 check
With Multiple domains and ACLs
First of all, I start a static web site at port 8082
Here is the multiple nodes binding configuration haproxy.conf
global
maxconn 400
defaults
mode http
timeout connect 30000
timeout client 50000
timeout server 50000
stats enable
stats hide-version
stats uri /stats
stats auth admin:admin
frontend http-in
bind :80
acl host_sillycathome hdr(host) -i sillycat.ddnshome.net
acl host_sillycat hdr(host) -i sillycat.ddns.net
acl host_kikokanghome hdr(host) -i kikokang.ddnshome.net
acl host_kikokang hdr(host) -i kikokang.ddns.net
use_backend grav-web if host_sillycathome
use_backend grav-web if host_sillycat
use_backend static-web if host_kikokanghome
use_backend static-web if host_kikokang
backend grav-web
balance leastconn
option httpclose
cookie JSESSIONID prefix
server grav-web1 192.168.1.108:8081 cookie A check
backend static-web
balance leastconn
option httpclose
cookie JSESSIONID prefix
server static-web1 192.168.1.108:8082 cookie A check
listen scrapyd
bind *:6800
mode tcp
balance roundrobin
server scrapyd1 192.168.1.108:6801 check
server scrapyd2 192.168.1.108:6802 check
Generate Keys
Webroot Mode
> sudo certbot-auto certonly --webroot -w /home/carl/work/html -d sillycat.ddns.net --agree-tos --email luohuazju@gmail.com
If everything goes well, it will generate the keys here
Your certificate and chain have been saved at:
/etc/letsencrypt/live/kikokang.ddns.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/kikokang.ddns.net/privkey.pem
Standalone Mode
> sudo certbot-auto certonly --standalone -d sillycat.ddns.net --agree-tos --email luohuazju@gmail.com
The similar thing, it saves
Your certificate and chain have been saved at:
/etc/letsencrypt/live/sillycat.ddns.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sillycat.ddns.net/privkey.pem
In the docs, in nginx, it will be similar to
Listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/sillycat.ddns.net/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/sillycat.ddns.net/privkey.pem
Configure HTTPS in HAProxy
https://www.ilanni.com/?p=10641
Merge the files and keys for 2 domain.
> cat kiko.pem kiko_key.pem | tee kikokangname.pem
> cat sillycat.pem sillycat_key.pem | tee sillycatname.pem
Exception in HAProxy
2018-11-14T06:06:46.233312600Z [ALERT] 317/060646 (8) : parsing [conf/haproxy.conf:24] : error detected in frontend 'webapp' while parsing redirect rule : error in condition: unknown fetch method 'ssl_fc' in ACL expression 'ssl_fc'.
Solution:
When compile, we need enable SSL
https://stackoverflow.com/questions/25520526/centos-6-5-haproxy-fatal-error
>make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
Here is the changes in Dockerfile
ADD conf/kikokangname.pem /tool/haproxy-1.8.14/conf/
ADD conf/sillycatname.pem /tool/haproxy-1.8.14/conf/
#start the application
EXPOSE 6800
EXPOSE 80
EXPOSE 443
Here is the changes in Makefile to expose more ports
run:
docker run -d -p 80:80 -p 443:443 -p 6800:6800 --name $(NAME) $(IMAGE):$(TAG)
debug:
docker run -ti -p 80:80 -p 443:443 -p 6800:6800 --name $(NAME) $(IMAGE):$(TAG) /bin/bash
Here is the HTTPS configuration in HAProxy in haproxy.conf
frontend webapp
bind :80
acl host_sillycat hdr(host) -i sillycat.ddns.net
redirect scheme https if !{ ssl_fc }
bind :443 ssl crt /tool/haproxy-1.8.14/conf/sillycatname.pem
acl host_kikokang hdr(host) -i kikokang.ddns.net
redirect scheme https if !{ ssl_fc }
bind :443 ssl crt /tool/haproxy-1.8.14/conf/kikokangname.pem
Then we can visit the page
https://sillycat.ddns.net
https://kikokang.ddns.net
References:
https://seanmcgary.com/posts/haproxy---route-by-domain-name/
http://seanmcgary.com/posts/using-sslhttps-with-haproxy/
https://www.jianshu.com/p/907eec663cf1
http://blog.51cto.com/11538244/1912152
Follow
https://www.jianshu.com/p/907eec663cf1
Free SSL Org https://letsencrypt.org/
Tool to generate key https://certbot.eff.org/
Install Certbot on CentOS
> sudo yum install certbot
Install Certbot on Ubuntu
> sudo apt-get update
> sudo apt-get install software-properties-common
> sudo add-apt-repository ppa:certbot/certbot
> sudo apt-get update
> sudo apt-get install certbot
Install that on RaspberryPi
> wget https://dl.eff.org/certbot-auto
> sudo chmod a+x certbot-auto
> sudo mv certbot-auto /usr/local/bin/
Verify the installation
> certbot -h
Or
> certbot-auto -h
Set Up HAProxy proxy to our 8081 NGINX PHP Grav Application
https://seanmcgary.com/posts/haproxy---route-by-domain-name/
These configuration in nginx will work haproxy.conf
global
maxconn 400
defaults
mode http
timeout connect 30000
timeout client 50000
timeout server 50000
stats enable
stats hide-version
stats uri /stats
stats auth admin:admin
frontend http-in
bind :80
default_backend grav-web
backend grav-web
balance leastconn
option httpclose
cookie JSESSIONID prefix
server grav-web1 192.168.1.108:8081 cookie A check
listen scrapyd
bind *:6800
mode tcp
balance roundrobin
server scrapyd1 192.168.1.108:6801 check
server scrapyd2 192.168.1.108:6802 check
With Multiple domains and ACLs
First of all, I start a static web site at port 8082
Here is the multiple nodes binding configuration haproxy.conf
global
maxconn 400
defaults
mode http
timeout connect 30000
timeout client 50000
timeout server 50000
stats enable
stats hide-version
stats uri /stats
stats auth admin:admin
frontend http-in
bind :80
acl host_sillycathome hdr(host) -i sillycat.ddnshome.net
acl host_sillycat hdr(host) -i sillycat.ddns.net
acl host_kikokanghome hdr(host) -i kikokang.ddnshome.net
acl host_kikokang hdr(host) -i kikokang.ddns.net
use_backend grav-web if host_sillycathome
use_backend grav-web if host_sillycat
use_backend static-web if host_kikokanghome
use_backend static-web if host_kikokang
backend grav-web
balance leastconn
option httpclose
cookie JSESSIONID prefix
server grav-web1 192.168.1.108:8081 cookie A check
backend static-web
balance leastconn
option httpclose
cookie JSESSIONID prefix
server static-web1 192.168.1.108:8082 cookie A check
listen scrapyd
bind *:6800
mode tcp
balance roundrobin
server scrapyd1 192.168.1.108:6801 check
server scrapyd2 192.168.1.108:6802 check
Generate Keys
Webroot Mode
> sudo certbot-auto certonly --webroot -w /home/carl/work/html -d sillycat.ddns.net --agree-tos --email luohuazju@gmail.com
If everything goes well, it will generate the keys here
Your certificate and chain have been saved at:
/etc/letsencrypt/live/kikokang.ddns.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/kikokang.ddns.net/privkey.pem
Standalone Mode
> sudo certbot-auto certonly --standalone -d sillycat.ddns.net --agree-tos --email luohuazju@gmail.com
The similar thing, it saves
Your certificate and chain have been saved at:
/etc/letsencrypt/live/sillycat.ddns.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sillycat.ddns.net/privkey.pem
In the docs, in nginx, it will be similar to
Listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/sillycat.ddns.net/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/sillycat.ddns.net/privkey.pem
Configure HTTPS in HAProxy
https://www.ilanni.com/?p=10641
Merge the files and keys for 2 domain.
> cat kiko.pem kiko_key.pem | tee kikokangname.pem
> cat sillycat.pem sillycat_key.pem | tee sillycatname.pem
Exception in HAProxy
2018-11-14T06:06:46.233312600Z [ALERT] 317/060646 (8) : parsing [conf/haproxy.conf:24] : error detected in frontend 'webapp' while parsing redirect rule : error in condition: unknown fetch method 'ssl_fc' in ACL expression 'ssl_fc'.
Solution:
When compile, we need enable SSL
https://stackoverflow.com/questions/25520526/centos-6-5-haproxy-fatal-error
>make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_CRYPT_H=1 USE_LIBCRYPT=1
Here is the changes in Dockerfile
ADD conf/kikokangname.pem /tool/haproxy-1.8.14/conf/
ADD conf/sillycatname.pem /tool/haproxy-1.8.14/conf/
#start the application
EXPOSE 6800
EXPOSE 80
EXPOSE 443
Here is the changes in Makefile to expose more ports
run:
docker run -d -p 80:80 -p 443:443 -p 6800:6800 --name $(NAME) $(IMAGE):$(TAG)
debug:
docker run -ti -p 80:80 -p 443:443 -p 6800:6800 --name $(NAME) $(IMAGE):$(TAG) /bin/bash
Here is the HTTPS configuration in HAProxy in haproxy.conf
frontend webapp
bind :80
acl host_sillycat hdr(host) -i sillycat.ddns.net
redirect scheme https if !{ ssl_fc }
bind :443 ssl crt /tool/haproxy-1.8.14/conf/sillycatname.pem
acl host_kikokang hdr(host) -i kikokang.ddns.net
redirect scheme https if !{ ssl_fc }
bind :443 ssl crt /tool/haproxy-1.8.14/conf/kikokangname.pem
Then we can visit the page
https://sillycat.ddns.net
https://kikokang.ddns.net
References:
https://seanmcgary.com/posts/haproxy---route-by-domain-name/
http://seanmcgary.com/posts/using-sslhttps-with-haproxy/
https://www.jianshu.com/p/907eec663cf1
http://blog.51cto.com/11538244/1912152
发表评论
-
NodeJS12 and Zlib
2020-04-01 07:44 468NodeJS12 and Zlib It works as ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 330Traefik 2020(1)Introduction and ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 428Private Registry 2020(1)No auth ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 377Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 468NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 414Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 332Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 243GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 445GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 321GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 307Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 310Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 286Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(1)Running with Component
2020-02-19 01:17 303Serverless with NodeJS and Tenc ... -
NodeJS MySQL Library and npmjs
2020-02-07 06:21 282NodeJS MySQL Library and npmjs ... -
Python Library 2019(1)requests and aiohttp
2019-12-18 01:12 257Python Library 2019(1)requests ... -
NodeJS Installation 2019
2019-10-20 02:57 565NodeJS Installation 2019 Insta ... -
Monitor Tool 2019(2)Monit on Multiple Instances and Email Alerts
2019-10-18 10:57 257Monitor Tool 2019(2)Monit on Mu ... -
Sqlite Database 2019(1)Sqlite3 Installation and Docker phpsqliteadmin
2019-09-05 11:24 362Sqlite Database 2019(1)Sqlite3 ... -
Supervisor 2019(2)Ubuntu and Multiple Services
2019-08-19 10:53 366Supervisor 2019(2)Ubuntu and Mu ...
相关推荐
Grav不依赖传统的数据库,而是采用文件系统存储内容,这种设计使得Grav在安装、配置和扩展上比许多其他CMS更加简便。 Grav的核心特性包括: 1. **无需数据库**:Grav使用Markdown格式存储页面内容,并将其存储在...
这些配置来自Grav文档中显示的内容。 Master分支将安装Grav Admin'Vanilla'单页网站。 如果要尝试使用“ 氦骨架”站点,则需要克隆该分支。 说明。 当前支持最新版本的Amazon Linux , CentOS , Debian , ...
Grav 是一个现代开源平面文件 CMS。 性能不仅仅是事后的想法,我们从一开始就将其融入其中。 Grav 拥有强大的 API 和复杂的包管理器,使其非常灵活。 Grav 是开源的,所有代码都可以在 GitHub.com 上找到。 Grav ...
Grav CMS的Mache主题 麻车的主题是港口通过通过,原PSD设计 。 Mache HTML模板不包含博客和联系表单的设计。 为了使该Grav主题更有用,该Grav主题的作者根据Mache HTML模板提供的样式添加了博客和联系表单。 博客和...
**JsonDB:Grav CMS 的简单 JsonDB 类** 在 Web 开发领域,内容管理系统(CMS)如 Grav CMS 提供了一种便捷的方式来管理和发布网站内容。Grav 是一个基于 PHP 的现代、轻量级且无需数据库的 CMS。它依赖于文件系统...
Grav CMS的X-Corporation主题 X-Corporation主题是进行的的。 演示版 可在上获取此骨架的演示。 特征 专业的用户界面 React灵敏且移动友好 轻量级和快速加载 干净利落的字体 大型,粘性和画布菜单 搜索引擎优化 ...
这 :black_circle: Blackhole插件适用于 。 如果此插件对您有帮助,请 描述 为什么是黑洞? Grav是一个空格术语,因此我认为此插件也应效仿。...必须在Grav System Configuration(重力系统配置)中启用绝对URL
Grav是一个非常强大的CMS,但对于想要尽可能接近手动编码HTML的用户,应该有一个选择。 该主题试图将形式和功能分开以创建真正独特的体验。 ! 产品特点 几乎失重以实现最佳性能 CSS / JS静噪可完全消除所有不必要...
Grav CMS的X-Corporation主题 X-Corporation主题是进行的的。演示版有关这个主题的演示,请访问特征专业的用户界面React灵敏且移动友好轻量级和快速加载干净利落的字体大型,粘性和画布菜单搜索引擎优化兼容现代...
基础 Foundation是使用Zurb的Foundation前端框架的... 在您的Grav安装目录的根目录中: bin/gpm install foundation这会将Foundation主题安装到Grav中的/user/themes目录中。 它的文件可以在/your/site/grav/user/them
Grav-码头工人Docker容器。 该图像基于PHP fpm-buster图像。 您可以在找到源代码标签最新(当前为1.7) 最新产品(当前为1.7产品) 1.6 1.6。* 1.6产品1.6。*-prod 1.7 1.7。* 1.7产品1.7。*-prod用法这纯粹是基于...
Grav 的自由职业者主题 这个 Grav 主题基于的,源自的。 演示 这个主题的演示可以在这里找到: : 完全加载的 Grav 骨架,所有必要的插件和内容都在此处提交: : 特征 flaticons.com 的平面图标 包含 LESS 文件和...
Grav 的自由职业者骨架 这个 Grav 骨架基于,而又基于的,该源自的。演示这个骨架的演示可以在这里找到: : 另外添加了内容的基本本地化,请尝试: (与相同) 特征flaticons.com 的平面图标包含 LESS 文件和编译的 ...
Grav 可使用 ContentTools 插件进行编辑 使用ContentTools可编辑插件是用于。 版本 1.6.2 已成功通过 Grav 1.7.0-rc.20 测试 该插件允许作者使用 WYSIWYG 编辑器在前端编辑页面内容并将其保存为 Markdown。 重要...
Grav Topic菜单插件 topicmenu是一个简单的插件,它遍历网站的一部分(通常为/blog ,并创建一个包含第一级分类法和与之相关的每个第二级分类法的二维数组。 换句话说,它返回一个像这样的数组: topicmenu_array...
《基于Python的重力反演GUI程序:grav3d-gui深入解析》 在现代地球科学和地质勘探领域,重力反演是一种重要的技术手段,它通过对地表或地下物体的重力场进行分析,来推断其密度分布和结构特征。在Python编程环境中...
它遵循与其他平面文件 CMS 平台类似的原则,但具有与大多数不同的设计理念。 Grav 带有一个强大的包管理系统,允许简单地安装和升级插件和主题,以及简单地更新 Grav 本身。 Grav 的底层架构设计为在适用的情况下...
Grav是现代的开源平面文件CMS。 性能不仅是事后的想法,我们从一开始就将其融入进来。 Grav具有强大的API和完善的Package Manager,使其具有超强的灵活性。 Grav是开源的,所有代码都可以在GitHub.com上获得。 Grav...