faecher:informatik:pt2024:freigabe_ins_netz:start

Freigabe ins Internet

  • Zertifikate kann man nur erhalten, wenn man einen DNS Namen hat, z.B. wolke.qg-moessingen.de. der Host muss auf Port 80 und Port 443 erreichbar sein.
  • Problem: Die IP-Adresse an einem Hausanschluss ändert sich gelegentlich.
  • Lösung: Ein „Dyndns“ Provider, z.B. dynv6.com

  • https://dynv6.com/ öffnen und einen Host/Domainnamen wählen - gültige Mailadresse angeben.
  • Bestätigungsmail öffnen, Bestätigungslink anklicken
  • Melde dich bei dynv6.com an
  • Auf dem Nextcloud Server das Paket ddclient installieren: apt install ddclient. Alle Rückfragen kann man zunächst bei der Installation mit Enter leer lassen und bestätigen.
  • Editiere die Datei /etc/ddclient.conf:
ssl=yes
protocol=dyndns2 
use=web, web=ipify-ipv4 
server=dynv6.com
login=none 
password='DEIN_TOKEN_AUS_DEINEM_ACCOUNT'
DEINHOST.DEINE.DOMAIN

Anschließend kannst du die Funktion auf der Kommandozeile testen:

ddclient -daemon=0 -debug -verbose -noquiet -force

und

ddclient -daemon=0 -debug -verbose -noquiet

Wenn das klappt, kann man den ddclient-Daemon neu starten: systemctl restart ddclient.service, mit journalctl -f -u ddclient kann man die Meldungen des Daemons im Log anschauen.

  • Demo an den PT mit der Fritz Box der Schule.
  • Port 80 und 443 sollten an die interne IP-Adresse der Cloud weitergeleitet werden.
  • Mod-MD Paket installieren: apt install libapache2-mod-md
  • SSL und Mod–MD bei apache anschalten: a2enmod ssl md und systemctl restart apache2 * Nun muss man die Datei /etc/apache2/sites-enabled/000-default.conf'' anpassen, so dass sie wie unten aussieht - meinecloud.dns.army muss dabei alletrdings durch einen DynDNS Namen ersetzt werden.
ServerName meinecloud.dns.army

MDomain meinecloud.dns.army
MDContactEmail certifica@ua25.de
MDCertificateAgreement accepted
MDPrivateKeys RSA 4096


<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /srv/nextcloud
	
	<Directory "/srv/nextcloud">
		AllowOverride all
		Require all granted
	</Directory>

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

<VirtualHost *:443>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /srv/nextcloud
	
	<Directory "/srv/nextcloud">
		AllowOverride all
		Require all granted
	</Directory>

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
	SSLEngine on
</VirtualHost>
  • faecher/informatik/pt2024/freigabe_ins_netz/start.txt
  • Zuletzt geändert: 19.07.2024 11:19
  • von sbel