Installation on VPS hosting

Eonza is an ordinary web server which listens to a certain port and has an API. Thus, if you have VPS hosting, you can install Eonza on the server and manage your hosting from the browser. It is recommended to additionally use NGINX or another web server as a proxy server. Let's consider an example of Eonza installation on CentOS 64-bit with nginx web-server and a ready-made domain name my-eonza-domain.org. Assume that this domain already has a website, so let's make Eonza open in the browser at https://www.my-eonza-domain.org:[port].

Step 1. Installing Eonza

Create a directory on the server, download and save the program distribution for Linux there. For example, let's save the program to the /home/eonza directory. It is better to immediately set a password for the login, to do this, run the program with the -install and -psw parameters. In this case, Eonza will create the necessary files, set the login password and finish its work.

1cd /home/eonza
2./eonza -install -psw=mypassword 

Step 2. Configuring Eonza

Select localhost port for Eonza program and external port for nginx proxy server. Open configuration file eonza.yaml in any editor and specify the following fields in the http section:

  • host - host name
  • port - the port the program will listen to.
  • open - specify false, so that the program does not try to open Eonza in the browser on the server.
  • access - specify host
  • jwtkey - specify a random string for creating JWT keys.

So the settings could be something like this

1http:
2    host: www.my-eonza-domain.org
3    port: 5001
4    open: false
5    theme: default
6    access: host
7    jwtkey: my-secret-jwt-key

For security reasons, it is recommended to define a list of "white" IP addresses and subnets. In this case, all requests from other ip-addresses will be ignored. You can specify subnets belonging to your ISP. Also, be sure to add local subnets ::1/128 and 127.0.0.0/31. The "white" list of ip-addresses and subnets is specified in the whiltelist section. For example,

1whitelist:
2    - ::1/128
3    - 127.0.0.0/31
4    - 92.140.108.0/24
5    - 92.140.109.0/24

Since each script runs as a separate process and occupies its own port, specify two more parameters.

  • portshift - the difference between nginx port and real port. For example, if -1000 is specified, then https://www.my-eonza-domain.org:4002 will correspond to localhost:5002.
  • cdn - specify Eonza address so that scripts can use the js and html files already loaded in the browser.
1portshift: -1000
2cdn: https://www.my-eonza-domain.org:4001

Step 3. Create systemd service

Let's register the Eonza program as a service. To do this, create a eonza.service file in the /usr/lib/systemd/system directory. The example given below is the simplest eonza.service, although .service file can have many more parameters.

1[Unit]
2Description=Eonza Service
3
4[Service]
5ExecStart=/home/eonza/eonza
6WorkingDirectory=/home/eonza
7
8[Install]
9WantedBy=multi-user.target

Start and enable the service. Eonza will automatically start after rebooting the system.

1systemctl start eonza.service
2systemctl enable eonza.service

If you change the eonza.service file, you must run systemctl daemon-reload to update the settings. Use systemctl status eonza.service or service eonza status to get service status.

Step 4. Configuring the proxy server

Using nginx as a proxy server, allows you to connect Eonza to an existing domain name via https protocol. Suppose that you already have a website https://www.my-eonza-domain.org with Let's Encrypt certificate and you want to open Eonza at https://www.my-eonza-domain.org:4001. To do this, add the following sections to the /etc/nginx/conf.d/my-eonza-domain.org.conf configuration file:

 1map $server_port $port {
 2    "~^4(?P<1>[0-9]+)$" "5$1";
 3}
 4
 5server {
 6    listen 4001-4100 ssl;
 7    server_name www.my-eonza-domain.org;
 8    
 9    ssl_certificate /etc/letsencrypt/live/my-eonza-domain.org/fullchain.pem; 
10    ssl_certificate_key /etc/letsencrypt/live/my-eonza-domain.org/privkey.pem;
11
12    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
13    ssl_prefer_server_ciphers on;
14
15    ssl_dhparam /etc/ssl/certs/dhparam.pem;
16    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
17    ssl_session_timeout 1d;
18    ssl_session_cache shared:SSL:50m;
19
20    ssl_stapling on;
21    ssl_stapling_verify on;
22    add_header Strict-Transport-Security max-age=15768000;
23
24    location = /ws {
25        proxy_pass http://127.0.0.1:$port/ws;
26        proxy_http_version 1.1;
27        proxy_set_header Upgrade $http_upgrade;
28        proxy_set_header Connection "Upgrade";
29        proxy_set_header Host $host;
30    }
31    
32    location / {
33        if ($http_origin ~ '^https://www.my-eonza-domain.org') {
34            add_header Access-Control-Allow-Origin "$http_origin";
35        }
36        access_log off;
37        proxy_pass http://127.0.0.1:$port;
38        proxy_set_header Host $host;
39        proxy_set_header X-Real-IP $remote_addr;
40        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
41        proxy_redirect off;
42    }
43}

These settings instruct nginx to listen on all ports from 4001 to 4100 and redirect requests to the appropriate ports 5001-5100 to localhost. It should be noted that older versions of nginx do not support listen 4001-4100 ssl entry. In this case, update nginx to the latest stable version or create separate partitions for multiple ports. Save the configuration file and restart nginx (service nginx restart). Enter https://my-eonza-domain.org:4001 in your browser and if everything has been configured correctly, you will see the login page of Eonza program.

Online Demo
Downloads Documentation Scripts Pro Version
English
Русский