由於網上爬真係比較慢,而4G雖然快但始終有用量限制(我subscribe 個plan係50G 4.5G network) , 正因為我想方便utilitize system resources, 所以我把張家中network分家. 而今次這個project, 我是希望通過一台OrangePi Zero 做 reverse proxy, 令到活在4G network部份的器材可經網上爬這個fix fee接口進出internet.
首先簡單講解一下家中infrastructure, 我把”網上爬部份叫作#TurtleNet而4G部份則叫作#FastNet. 家中設司如下圖分佈:
#TurtleNet主要作Video Streaming 用途, 如NowTV 及myTVB, 相反其他設司則放在#FastNet內. 當然在同一屋簷下其實不應分你我, 正因為呢個原因, 所以我決定制作這個mini project, 方便我用WiFi或LAN attach #TurtleNet時也可以access到放在#FastNet的設司及器材, 另外也同時可以經#TurtleNet 接口由internet進入#FastNet (如remote access NAS)而不必使用#FastNet的4G用量.
在這次制作中,我需要既物件相當簡單:只是一隻約值$100的OrangePi Zero, LAN Cable兩條及一隻USB to FastEthernet adaptor 1隻.
OrangePi Zero 本身安裝Linux或Armbian的方式實在太簡易, 所以我暫且跳過這部份. 至於我用的Domain hosting是Namecheap.com, 它本身已經提供DDNS服務, 需要做的只是在Armbian(linux)上安裝 ddclient, command 如下
apt-get install ddclient
如果你同我一樣是用Namecheap.com, 可以跟這個page制作configuration file. 完成後可直接張execution的command放入crontab.放入crontab的好處是自動化update您的DNS entry. 完成了ddclient其實已經離開可經#TurtleNet進出#FastNet不遠了.
root@orangepizero:/etc/nginx/sites-enabled# cat /etc/crontab # /etc/crontab: system-wide crontab SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin # m h dom mon dow user command 17 * * * * root cd / && run-parts --report /etc/cron.hourly 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --repor t /etc/cron.daily ) 47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --repor t /etc/cron.weekly ) 52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --repor t /etc/cron.monthly ) 01 * * * * root /usr/sbin/ddclient -daemon=0 -noquiet -debug
至於reverse proxy方面, 今次我是選用nginx而不是大家慣用的Apache. 主要原因是Nginx比Apache lightweight及簡易. 使用reverse proxy的理念是把Nginx當作man-in-middle, 一方面提供接口,同時也減低disclose backend的風險.
安裝nginx 的command也很簡單
apt-get install nginx
完成安裝nginx後, 只需修改configuration file就可以了
/etc/nginx/sites-enabled/default
server {
listen 80;
server_name xxx.unixwise.xyz;
# auth_basic "Restricted Access";
# auth_basic_user_file /etc/nginx/htpasswd.users;
location / {
proxy_pass https://192.168.10.xx:80;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
} >> service nginx restart
> service nginx status
root@orangepizero:/etc/nginx/sites-enabled# service nginx status
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: active (running) since Fri 2019-02-01 12:30:39 HKT; 2 days ago
Docs: man:nginx(8)
Main PID: 1011 (nginx)
Tasks: 5 (limit: 855)
CGroup: /system.slice/nginx.service
├─1011 nginx: master process /usr/sbin/nginx -g daemon on; master_pro
├─1012 nginx: worker process
├─1013 nginx: worker process
├─1015 nginx: worker process
└─1016 nginx: worker process
Warning: Journal has been rotated since unit was started. Log output is incomple 