Ba da dadewa ba, Mail.Ru Cloud Solutions (MCS) da sabis na Dobro Mail.Ru sun ƙaddamar da aikin "”, godiya ga wanda ƙungiyoyi masu zaman kansu za su iya samun albarkatun dandalin girgije na MCS kyauta. Gidauniyar agaji"» ya shiga cikin aikin kuma ya sami nasarar tura wani ɓangare na kayan aikin sa bisa MCS.
Bayan wucewa da inganci, NPO na iya karɓar ƙarfin kama-da-wane daga MCS, amma ƙarin daidaitawa yana buƙatar wasu cancanta. A cikin wannan kayan, muna so mu raba takamaiman umarni don kafa uwar garken tushen tushen Ubuntu Linux don gudanar da babban gidan yanar gizon tushe da adadin ƙananan yanki ta amfani da takaddun shaida na SSL kyauta. Ga mutane da yawa, wannan zai zama jagora mai sauƙi, amma muna fatan cewa kwarewarmu za ta kasance da amfani ga sauran kungiyoyi masu zaman kansu, kuma ba kawai ba.
FYI: Me za ku iya samu daga MCS? 4 CPUs, 32 GB RAM, 1 TB HDD, Ubuntu Linux OS, 500 GB ajiya abu.
Mataki 1: kaddamar da Virtual Server
Bari mu kai ga batun kuma mu ƙirƙiri sabar mu mai kama-da-wane (aka “misali”) a cikin keɓaɓɓen asusun ku na MCS. A cikin kantin sayar da app, kuna buƙatar zaɓi da shigar da tarin LAMP wanda aka shirya, wanda shine saitin software na uwar garken (LAMP = Linux, Apache, MySQL, PHP) waɗanda suka wajaba don gudanar da yawancin gidajen yanar gizo.
Zaɓi saitin uwar garken da ya dace kuma ƙirƙirar sabon maɓallin SSH. Bayan danna maɓallin "Shigar", za a fara shigar da uwar garken da tari na LAMP, wannan zai ɗauki ɗan lokaci. Hakanan tsarin zai ba da damar zazzage maɓalli na sirri zuwa kwamfutarka don sarrafa injin kama-da-wane ta na'ura mai kwakwalwa, adana shi.
Bayan shigar da aikace-aikacen, bari mu saita Firewall nan da nan, ana yin haka a cikin asusunka na sirri: je zuwa sashin “Cloud Computing -> Injin Virtual” kuma zaɓi “Setting the Firewall”:
Kuna buƙatar ƙara izini don zirga-zirga masu shigowa ta tashar jiragen ruwa 80 da 9997. Wannan ya zama dole a nan gaba don shigar da takaddun shaida na SSL kuma don yin aiki tare da phpMyAdmin. A sakamakon haka, saitin dokoki ya kamata ya kasance kamar haka:
Yanzu zaku iya haɗawa zuwa uwar garken ku ta layin umarni ta amfani da ka'idar SSH. Don yin wannan, rubuta umarni mai zuwa, yana nuna maɓallin SSH akan kwamfutarku da adireshin IP na waje na uwar garken ku (zaku iya samunsa a cikin sashin "Injini na gani"):
$ ssh -i /путь/к/ключу/key.pem ubuntu@<ip_сервера>Lokacin haɗawa zuwa uwar garken a karon farko, ana ba da shawarar shigar da duk sabuntawa na yanzu akan sa kuma sake kunna shi. Don yin wannan, gudanar da umarni masu zuwa:
$ sudo apt-get updateTsarin zai karɓi jerin abubuwan sabuntawa, shigar da su ta amfani da wannan umarnin kuma bi umarnin:
$ sudo apt-get upgradeBayan shigar da sabuntawa, sake kunna uwar garken:
$ sudo rebootMataki 2: Saita runduna mai kama-da-wane
Yawancin ƙungiyoyin sa-kai suna buƙatar kula da yankuna da yawa ko ƙananan yanki a lokaci guda (misali, babban gidan yanar gizon yanar gizo da shafukan saukowa da yawa don kamfen talla, da sauransu). Duk waɗannan ana iya sanya su cikin dacewa akan sabar guda ɗaya ta ƙirƙirar runduna masu kama da juna da yawa.
Da farko muna buƙatar ƙirƙirar tsarin kundin adireshi don rukunin yanar gizon da za a nuna wa baƙi. Bari mu ƙirƙiri wasu kundayen adireshi:
$ sudo mkdir -p /var/www/a-dobra.ru/public_html$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_htmlKuma saka ma'abucin mai amfani na yanzu:
$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html
Mai canzawa $USER ya ƙunshi sunan mai amfani wanda a halin yanzu kuke shiga ciki (ta tsohuwa wannan shine mai amfani ubuntu). Yanzu mai amfani na yanzu ya mallaki kundin adireshi na jama'a_html inda za mu adana abubuwan.
Hakanan muna buƙatar gyara izini kaɗan don tabbatar da cewa an ba da izinin samun damar karantawa zuwa kundin adireshin gidan yanar gizon da aka raba da duk fayiloli da manyan fayilolin da ke ƙunsa. Wannan wajibi ne don shafukan yanar gizon su nuna daidai:
$ sudo chmod -R 755 /var/wwwSabar gidan yanar gizon ku yakamata yanzu yana da izinin da yake buƙata don nuna abun ciki. Bugu da kari, mai amfani yanzu yana da ikon ƙirƙirar abun ciki a cikin kundayen adireshi da ake buƙata.
An riga an sami fayil ɗin index.php a cikin /var/www/html directory, bari mu kwafa shi zuwa sababbin kundayen adireshi - wannan zai zama abun ciki namu a yanzu:
$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.phpYanzu kuna buƙatar tabbatar da cewa mai amfani zai iya shiga rukunin yanar gizon ku. Don yin wannan, za mu fara daidaita fayilolin mai watsa shiri na kama-da-wane, waɗanda ke ƙayyade yadda sabar yanar gizo ta Apache za ta amsa buƙatun zuwa yankuna daban-daban.
Ta hanyar tsoho, Apache yana da babban fayil ɗin 000-default.conf wanda zamu iya amfani dashi azaman farawa. Za mu kwafi wannan don ƙirƙirar fayilolin mai masaukin baki ga kowane yanki na mu. Za mu fara da yanki ɗaya, daidaita shi, kwafi shi zuwa wani yanki, sannan mu sake yin gyare-gyaren da suka dace.
Tsarin tsoho na Ubuntu yana buƙatar kowane fayil ɗin mai masaukin baki yana da tsawo * .conf.
Bari mu fara da kwafin fayil ɗin don yanki na farko:
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.confBude sabon fayil a cikin edita tare da haƙƙin tushen:
$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf
Shirya bayanan kamar haka, ƙayyade tashar jiragen ruwa 80, bayanan ku don ServerAdmin, ServerName, ServerAlias, da kuma hanyar zuwa tushen directory na rukunin yanar gizonku, adana fayil ɗin (Ctrl+X, sannan Y):
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName a-dobra.ru
ServerAlias www.a-dobra.ru
DocumentRoot /var/www/a-dobra.ru/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/a-dobra.ru/public_html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch .php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
</VirtualHost>
ServerName saita babban yanki, wanda dole ne ya dace da sunan mai masaukin baki. Wannan dole ne ya zama sunan yankinku. Na biyu, ServerAlias, ya bayyana wasu sunaye da ya kamata a fassara su kamar dai su ne yanki na farko. Wannan ya dace don amfani da ƙarin sunayen yanki, misali ta amfani da www.
Bari mu kwafi wannan saitin don wani mai watsa shiri kuma mu gyara shi ta hanyar:
$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.confKuna iya ƙirƙirar kundayen adireshi da yawa da runduna kama-da-wane don gidajen yanar gizon ku yadda kuke so! Yanzu da muka ƙirƙiri fayilolin mai watsa shirye-shiryen mu, muna buƙatar kunna su. Za mu iya amfani da mai amfani a2ensite don kunna kowane rukunin yanar gizon mu kamar haka:
$ sudo a2ensite a-dobra.ru.conf$ sudo a2ensite promo.a-dobra.ru.conf Ta hanyar tsoho, tashar jiragen ruwa 80 tana rufe a LAMP, kuma za mu buƙaci ta daga baya don shigar da takardar shaidar SSL. Don haka bari mu gyara fayil ɗin ports.conf nan da nan sannan mu sake farawa Apache:
$ sudo nano /etc/apache2/ports.confƘara sabon layi kuma ajiye fayil ɗin don yayi kama da haka:
Listen 80
Listen 443
Listen 9997Bayan kammala saitunan, kuna buƙatar sake kunna Apache don duk canje-canjen don aiwatarwa:
$ sudo systemctl reload apache2Mataki 3: Saita sunayen yanki
Na gaba, kuna buƙatar ƙara bayanan DNS waɗanda zasu nuna sabon sabar ku. Don sarrafa yanki, Arthmetic na Good Foundation ɗinmu yana amfani da sabis ɗin dns-master.ru, za mu nuna shi da misali.
Saita rikodin A don babban yanki yawanci ana nunawa kamar haka (alama @):
Yawancin rikodi na Reshen yanki ana keɓance shi kamar haka:
Adireshin IP shine adireshin uwar garken Linux da muka ƙirƙira. Kuna iya ƙayyade TTL = 3600.
Bayan wani lokaci, zai yiwu a ziyarci rukunin yanar gizon ku, amma a yanzu ta hanyar kawai http://. A mataki na gaba za mu ƙara goyon baya https://.
Mataki 4: Kafa takaddun shaida na SSL kyauta
Kuna iya samun kyauta Bari Mu Encrypt takaddun shaida na SSL don babban rukunin yanar gizonku da duk yankin yanki. Hakanan zaka iya saita sabuntawar su ta atomatik, wanda ya dace sosai. Don samun takaddun shaida na SSL, shigar da Certbot akan sabar ku:
$ sudo add-apt-repository ppa:certbot/certbot
Shigar da fakitin Certbot don Apache ta amfani da shi apt:
$ sudo apt install python-certbot-apache Yanzu Certbot yana shirye don amfani, gudanar da umarni:
$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru
Wannan umarnin yana gudanar da certbot, maɓallai -d ayyana sunayen wuraren da ya kamata a ba da takardar shaidar.
Idan wannan shine karo na farko da kuka ƙaddamar da certbot, za a umarce ku da shigar da adireshin imel ɗin ku kuma ku yarda da sharuɗɗan amfani da sabis ɗin. certbot zai tuntuɓi uwar garken Mu Encrypt sa'an nan kuma tabbatar da cewa da gaske kuna sarrafa yankin da kuka nemi takardar shaidar.
Idan komai ya yi kyau, certbot zai tambayi yadda kuke son daidaita tsarin HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):Muna ba da shawarar zaɓar zaɓi na 2 kuma danna ENTER. Za a sabunta tsarin kuma Apache za a sake farawa don amfani da canje-canje.
Ana zazzage takaddun takaddun ku, shigar da aiki. Gwada sake loda rukunin yanar gizonku tare da https:// kuma zaku ga alamar tsaro a cikin burauzar ku. Idan kun gwada uwar garken ku , zai sami maki A.
Bari mu Encrypt takaddun shaida suna aiki ne kawai na kwanaki 90, amma fakitin certbot da muka shigar yanzu zai sabunta takaddun shaida ta atomatik. Don gwada tsarin sabuntawa, za mu iya yin busassun gudu na certbot:
$ sudo certbot renew --dry-run Idan ba ku ga wasu kurakurai ba sakamakon gudanar da wannan umarni, to komai yana aiki!
Mataki 5: Shiga MySQL da phpMyAdmin
Yawancin gidajen yanar gizo suna amfani da bayanan bayanai. An riga an shigar da kayan aikin phpMyAdmin don sarrafa bayanai akan sabar mu. Don samun dama gare shi, je zuwa burauzar ku ta amfani da hanyar haɗi kamar:
https://<ip-адрес сервера>:9997Ana iya samun kalmar sirri don samun tushen tushen a cikin keɓaɓɓen asusun ku na MCS (). Kar ku manta da canza tushen kalmar sirrinku a farkon lokacin da kuka shiga!
Mataki 6: Saita loda fayil ta hanyar SFTP
Masu haɓakawa za su sami dacewa don loda fayiloli don gidan yanar gizon ku ta hanyar SFTP. Don yin wannan, za mu ƙirƙiri sabon mai amfani, kira shi mai kula da gidan yanar gizo:
$ sudo adduser webmasterTsarin zai tambaye ka ka saita kalmar sirri da shigar da wasu bayanai.
Canza ma'abucin kundin adireshi tare da gidan yanar gizon ku:
$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_htmlYanzu bari mu canza tsarin SSH don sabon mai amfani kawai ya sami damar zuwa SFTP kuma ba tashar SSH ba:
$ sudo nano /etc/ssh/sshd_configGungura zuwa ƙarshen fayil ɗin sanyi kuma ƙara toshe mai zuwa:
Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding noAjiye fayil ɗin kuma sake kunna sabis ɗin:
$ sudo systemctl restart sshdYanzu zaku iya haɗawa zuwa uwar garken ta kowane abokin ciniki na SFTP, misali, ta hanyar FileZilla.
Sakamakon
- Yanzu kun san yadda ake ƙirƙira sabbin kundayen adireshi da kuma daidaita rundunonin runduna don gidajen yanar gizon ku a cikin sabar iri ɗaya.
- Kuna iya ƙirƙirar takaddun shaida na SSL cikin sauƙi - kyauta ne, kuma za a sabunta su ta atomatik.
- Kuna iya dacewa aiki tare da MySQL database ta hanyar saba phpMyAdmin.
- Ƙirƙirar sababbin asusun SFTP da kafa haƙƙin shiga ba ya buƙatar ƙoƙari sosai. Ana iya canza irin waɗannan asusun zuwa masu haɓaka gidan yanar gizo na ɓangare na uku da masu gudanar da rukunin yanar gizo.
- Kar a manta da sabunta tsarin lokaci-lokaci, kuma muna ba da shawarar yin madadin - a cikin MCS za ku iya ɗaukar “snapshots” na tsarin gaba ɗaya tare da dannawa ɗaya, sannan, idan ya cancanta, ƙaddamar da duka hotuna.
Abubuwan da aka yi amfani da su waɗanda za su iya zama masu amfani:
Af, Kuna iya karantawa akan VC yadda gidauniyarmu ta tura dandali don ilimin kan layi don marayu bisa ga girgijen MCS.
source: www.habr.com