Dell Wyse 3040 安裝 Debian 11

安裝後若無法正常開機，新增一檔案
touch  /boot/EFI/BOOT/BOOTX64.EFI

Apache2 基本認證排除 IP設定

<Location />
  AuthType Basic
  AuthName "You need to login"
  AuthUserFile /etc/apache2/.htpasswd
  Require valid-user

  Deny from all
  Allow from 192.168.1.1
  Satisfy any
</Location>

Debian 11 Apache2 使用自訂腳本身份認證

安裝軟體及設定
apt install libapache2-mod-authnz-external
a2enmod authnz_external
apache2ctl graceful

編輯 /etc/apache2/apache2 
 <VirtualHost 192.168.1.1:80>
#<VirtualHost *:80>
DefineExternalAuth bashtest pipe "/home/apache2/1.sh"
     #   ServerName example.com
     #   ServerAlias www.example.com
        ServerAdmin webmaster@example.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests Off
        ProxyPreserveHost Off
        AllowEncodedSlashes On
        KeepAlive Off

        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        <Location />
          AuthType Basic
          AuthName "You need to login"

        AuthBasicProvider external
        AuthExternal bashtest
        Require valid-user
          Order allow,deny
          Allow from all
        </Location>

        RequestHeader unset Authorization
        ProxyPass / http://192.168.0.1:8080/
        ProxyPassReverse / http://192.168.0.1:8080/
   </VirtualHost>

編輯 認證腳本 /home/apache2/1.sh

#!/bin/bash

f=/home/apache2/1

read user ;echo user=$user >$f

read password ;echo password=$password >>$f

env >>$f

[ "$user" = "user" ]&&[ "$password" = "password" ]&& {

  echo "username/password allowed for user $user\n";

  exit 0;

}

echo "wrong username or password for user $user\n";

sleep(1);

exit 1;

Debian 11 Nginx reverse proxy 增加帳號認證設定

編輯/etc/nginx/sites-enabled/default 加入
location / {
proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.1.1:8080/;
        proxy_redirect off;

        # Password
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
        # Don't forward auth to Tomcat
        proxy_set_header   Authorization "";
}

Debian 11 安裝 Apace2 reverse proxy 摘要

安裝 Apache2
sudo apt-get install apache2

設定 Apache2 相關模組
sudo a2enmod headers
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests

編輯 Apache2 設定檔  /etc/apache2/apache2.conf 加入
 <VirtualHost 192.168.6.1:80>
#<VirtualHost *:80>
     #   ServerName example.com
     #   ServerAlias www.example.com
        ServerAdmin webmaster@example.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        ProxyRequests Off
        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>

        RequestHeader unset Authorization
        ProxyPass / http://192.168.0.1:8080/
        ProxyPassReverse / http://192.168.0.1:8080/

        <Location />
          AuthType Basic
          AuthName "You need to login"
          AuthUserFile /etc/apache2/.htpasswd
          Require valid-user
          Order allow,deny
          Allow from all
        </Location>

   </VirtualHost>

設定密碼檔 /etc/apache2/.htpasswd
sudo sh -c "echo -n 'user:' >> /etc/apache2/.htpasswd"
sudo sh -c "openssl passwd -apr1 >> /etc/apache2/.htpasswd"

HAPROXY設定摘要

編輯 /etc/haproxy/haproxy.cfg
 global
 maxconn 256
 daemon
# pidfile /run/haproxy/haproxy.pid

defaults
# timeout connect  5000ms
# timeout client  50000ms
# timeout server  50000ms

frontend SSHLB
 mode tcp
 bind *:222

default_backend servers

backend servers
 server sftp01 192.168.92.1:22  maxconn 32
 server sftp02 192.168.92.2:22  maxconn 32

除錯指令

haproxy -f /etc/haproxy/haproxy.cfg -d