现在一般部署 web 服务都会选择使用 nginx 或者 apache 等 web 服务器作为前置,然后进行反向代理将请求转发至真实的后端。
使用前置服务器,可以帮我们完成 https 的加密功能,可以提供负载均衡,可以隐藏源站,甚至可以实现缓存,速率控制等统一的功能。
以 nginx 使用为例,一般大家都是配置很多不同的 server 段,并且每个 server 段中通过 proxy_pass 指令将请求转发至给定的后端。
如果安全部门想要审计流量,在这样的前提下很难操作:
| *.[7z,xz,bzip2,gzip,tar,zip,wim,ar,arj,cab,chm,cpio,cramfs,dmg,ext,fat,gpt,hfs,ihex,iso,lzh,lzma,mbr,.msi,nsis,ntfs,qcow2,rar,rpm,squashfs,udf,uefi,vdi,vhd,vmdk,wim,xar,z] diff=archive |
Unlike your typical computer where you usually shutdown properly, I cannot rely on this during the use of my Raspberry Pi. If the Raspberry Pi is improperly shutdown too many times, data corruption in the file system leading to unbootable SD card may result. So we should use a read-only file system.
Full instructions and explanations are obtained from this link but you can run these commands directly. I modified some of the instructions for personal convenience.
Login with default username: alarm, password: alarm
#Optionally enable root over SSH. The rest of these instructions assume u are in root.
To setup your computer to work with *.test domains, e.g. project.test, awesome.test and so on, without having to add to your hosts file each time.