LookingGlass服务端网络探测工具部署


项目背景

由于原始项目: https://github.com/telephone/LookingGlass/

原作者已有数年未更新维护且项目仅为英文版 ( 最新版本号: v1.3.0 ) ,所以本次采用国人基于原项目 v1.3.0 进行一些汉化及优化版本。

  • Fork后的修改:
  1. 修改IPv4下的路由追踪,结果将包含由IPIP提供的IP地理信息数据
  2. 修改configure.sh文件测试文件生成方式,改由DD命令生成测试文件
  3. 汉化index.php文件,并适度修改底部作者信息
  4. 添加英文页面,调整路由追踪结果语言
  5. 修改IPv6下的路由追踪,结果将包含由IPIP提供的IP地理信息数据

项目地址:https://github.com/ILLKX/LookingGlass


部署流程

环境要求

  • PHP >= 5.3
  • PHP PDO with SQLite driver (required for rate-limit)
  • SSH/Terminal access (able to install commands/functions if non-existent)

环境安装

此处忽略Nginx安装,请自行准备

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
yum install -y php55w-fpm php55w-pdo

项目包准备

mkdir /opt/web_static
cd /opt/web_static/
wget https://github.com/ILLKX/LookingGlass/archive/master.zip
unzip master.zip
LookingGlass-master/LookingGlass

# 执行安装,脚本会自行安装相关依赖及编译
./configure.sh

在安装最后会有如下提示指引你做初始配置

配置流程:

###                    ###
# Starting configuration #
###                    ###

Running setup:
Enter your website name (Header/Logo) []: NesNode
Enter the public URL to this LG (including http://) []: https://looking-glass.nestealin.com
Enter the servers location []: AUS-SYD-1-Node
Enter the test IPv4 address []: 8.8.8.8
Enter the test IPv6 address (Re-enter everytime this script is run) []:
Enter the size of test files in MB (Example: 25 50 100) []: 25
Do you wish to enable rate limiting of network commands? (y/n): y
Enter the # of commands allowed per hour (per IP) []: 5

Removing old test files:

Creating new test files:
Creating 25MB test file

Would you like to choose a different theme? (y/n): n

Creating Config.php...

Creating SQLite database...
Enter the username of your webserver (E.g. www-data): www
Enter the user group of your webserver (E.g. www-data): www
Fixing MTR permissions...
Fixing besttrace permissions...

Installation is complete

PHP-FPM配置

vi /etc/php-fpm.d/www.conf

listenusergroup 三个参数注释,并添加如下配置:

listen = /var/run/php5-fpm.sock
listen.owner = www
listen.owner = www
user = www
group = www

用于对接Nginx,请确保Nginx与PHP-FPM运行的系统用户一致

Nginx配置参考

server {
    listen  80;
    server_name lookingglass.nestealin.com ;
    rewrite ^(.*)$  https://$host$1 permanent;
}

server {
    listen    443 ssl;
    server_name  lookingglass.nestealin.com;

    access_log  logs/$http_host.access.main.log  main;
    error_log  logs/lookingglass.nestealin.com.error.log error;

    ssl_certificate      keys/server.cer;
    ssl_certificate_key  keys/server.key;
    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ;

    root /opt/web_static/LookingGlass-master;
    set $cgi_pass 'unix:/var/run/php5-fpm.sock';

    ############# DO NOT EDIT BELOW THIS LINE #############

    # Do not send Nginx version
    server_tokens off;

    # Set index and use UTF-8
    index index.php;
    charset utf-8;

    # Avoid clickjacking. If you need to allow [i]frames, you can use SAMEORIGIN
    # or even set an uri with ALLOW-FROM uri
    add_header X-Frame-Options DENY;

    # This header enables the Cross-site scripting (XSS) filter built into most
    # recent web browsers. It's usually enabled by default anyway, so the role
    # of this header is to re-enable the filter
    add_header X-XSS-Protection "1; mode=block";

    # Validate request type
    if ($request_method !~ ^(GET|HEAD|POST)$ ) {
        return 403;
    }

    # Disable log for favicon.ico
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # Disable log for robots.txt
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Deny access to private folder/s
    # Assumes LookingGlass is on a root install
    location ~ ^/LookingGlass {
       deny all;
       return 404;
    }

    # Deny access to hidden files/folders
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
        return 404;
    }

    # CSS/IMG/JS caching policy. Access log is turned off by default
    location ~* \.(?:css|js|gif|jpe?g|png)$ {
        access_log off;
        expires 30d;
        add_header Cache-Control public;
        break;
    }

    # Disable Gzip for test files
    location ~* \.test$ {
        gzip off;
        sendfile on;
    }

    # Full PHP setup. No includes necessary
    location ~ \.php$ {
        fastcgi_pass $cgi_pass;
        fastcgi_index index.php;

        # FastCGI params
        fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
        fastcgi_param   QUERY_STRING            $query_string;
        fastcgi_param   REQUEST_METHOD          $request_method;
        fastcgi_param   CONTENT_TYPE            $content_type;
        fastcgi_param   CONTENT_LENGTH          $content_length;
        fastcgi_param   SCRIPT_FILENAME         $request_filename;
        fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
        fastcgi_param   REQUEST_URI             $request_uri;
        fastcgi_param   DOCUMENT_URI            $document_uri;
        fastcgi_param   DOCUMENT_ROOT           $document_root;
        fastcgi_param   SERVER_PROTOCOL         $server_protocol;
        fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
        fastcgi_param   SERVER_SOFTWARE         nginx;
        fastcgi_param   REMOTE_ADDR             $remote_addr;
        fastcgi_param   REMOTE_PORT             $remote_port;
        fastcgi_param   SERVER_ADDR             $server_addr;
        fastcgi_param   SERVER_PORT             $server_port;
        fastcgi_param   SERVER_NAME             $server_name;
        fastcgi_param   HTTPS                   $https if_not_empty;
        fastcgi_param   REDIRECT_STATUS         200;

        # Enable output buffering
        try_files $uri = 404;
        fastcgi_buffering          on;
        fastcgi_buffer_size        1k;
        fastcgi_buffers            128 1k;
        fastcgi_max_temp_file_size 0;
        gzip off;
    }
}

启动 PHP-FPM 及 reload Nginx 即可完成部署

service php-fpm start
chkconfig php-fpm on

访问验证

访问地址:https://lookingglass.nestealin.com/

Host

用于获取域名DNS解析

MTR

用于检测远程主机到目标主机的时延信息

Traceroute/Besttrace

用于检测远程主机到目标主机的路由线路走向

触发限频


可能遇到的问题

  1. 执行traceroute时没有反应

    请确保运行 PHP-FPM 的系统用户有权限执行besttrace命令; 如果本机已存在besttrace也请确保有相关执行权限。

    解决方式参考:

    chown root.root /usr/local/besttrace/besttrace
    chmod +s /usr/local/besttrace/besttrace

其他

暴雪战网的Looking-Glass: https://looking-glass.battlenet.com.cn/?lang=zh_Hans_CN

Vultr的Looking-Glass: https://sgp-ping.vultr.com/

Bandwagon的Looking-Glass: https://dc3.bwg.net/lg/


文章作者: NesTeaLin
版权声明: 本博客所有文章除特別声明外,均采用 CC BY 4.0 许可协议。转载请注明来源 NesTeaLin !
  目录