Tsis ntev dhau los, Mail.Ru Cloud Solutions (MCS) thiab Dobro Mail.Ru kev pabcuam tau pib ua haujlwm "”, ua tsaug rau cov koom haum tsis muaj txiaj ntsig tuaj yeem tau txais cov peev txheej ntawm MCS huab platform dawb. Charitable Foundation "» tau koom nrog hauv qhov project thiab ua tiav ib feem ntawm nws cov infrastructure raws li MCS.
Tom qab dhau qhov kev lees paub, NPO tuaj yeem tau txais lub peev xwm virtual los ntawm MCS, tab sis kev teeb tsa ntxiv yuav tsum muaj qee yam kev tsim nyog. Hauv cov ntaub ntawv no, peb xav qhia cov lus qhia tshwj xeeb rau kev teeb tsa Ubuntu Linux-based server los khiav lub vev xaib tseem ceeb thiab ntau tus subdomains siv daim ntawv pov thawj SSL dawb. Rau ntau tus, qhov no yuav yog cov lus qhia yooj yim, tab sis peb cia siab tias peb cov kev paub dhau los yuav muaj txiaj ntsig zoo rau lwm lub koom haum tsis muaj txiaj ntsig, thiab tsis yog xwb.
FYI: Koj tuaj yeem tau txais dab tsi los ntawm MCS? 4 CPUs, 32 GB RAM, 1 TB HDD, Ubuntu Linux OS, 500 GB khoom cia.
Kauj ruam 1: qhib lub virtual server
Cia peb ncaj nraim mus rau qhov taw tes thiab tsim peb lub server virtual (aka "piv txwv") hauv koj tus account MCS tus kheej. Nyob rau hauv lub khw app, koj yuav tsum xaiv thiab nruab ib pawg LAMP npaj txhij, uas yog ib txheej ntawm server software (LAMP = Linux, Apache, MySQL, PHP) tsim nyog los khiav ntau lub vev xaib.
Xaiv qhov tsim nyog server configuration thiab tsim ib tug tshiab SSH key. Tom qab nyem rau ntawm "Nruab" khawm, kev teeb tsa ntawm lub server thiab LAMP pawg yuav pib, qhov no yuav siv sijhawm qee lub sijhawm. Lub kaw lus tseem yuav muab rub tawm tus yuam sij ntiag tug rau koj lub computer los tswj lub tshuab virtual ntawm lub console, txuag nws.
Tom qab txhim kho daim ntawv thov, cia li teeb tsa lub firewall tam sim ntawd, qhov no kuj tseem ua tiav hauv koj tus kheej tus account: mus rau "Cloud computing -> Virtual machines" thiab xaiv "Setting the firewall":
Koj yuav tsum tau ntxiv kev tso cai rau kev nkag mus los ntawm chaw nres nkoj 80 thiab 9997. Qhov no yog qhov tsim nyog rau yav tom ntej rau nruab SSL daim ntawv pov thawj thiab ua haujlwm nrog phpMyAdmin. Yog li ntawd, cov txheej txheem yuav tsum zoo li no:
Tam sim no koj tuaj yeem txuas rau koj lub server ntawm kab hais kom ua siv SSH raws tu qauv. Txhawm rau ua qhov no, ntaus cov lus txib hauv qab no, taw rau SSH tus yuam sij ntawm koj lub khoos phis tawj thiab qhov chaw nyob IP sab nraud ntawm koj lub server (koj tuaj yeem pom nws hauv ntu "Virtual machines"):
$ ssh -i /путь/к/ключу/key.pem ubuntu@<ip_сервера>Thaum txuas mus rau tus neeg rau zaub mov thawj zaug, nws raug nquahu kom nruab tag nrho cov kev hloov tshiab tam sim no ntawm nws thiab rov pib dua. Txhawm rau ua qhov no, khiav cov lus txib hauv qab no:
$ sudo apt-get updateLub kaw lus yuav tau txais cov npe hloov tshiab, nruab lawv siv cov lus txib no thiab ua raws li cov lus qhia:
$ sudo apt-get upgradeTom qab txhim kho qhov hloov tshiab, rov pib lub server:
$ sudo rebootKauj ruam 2: Teeb tsa virtual hosts
Ntau lub koom haum tsis muaj txiaj ntsig yuav tsum tswj hwm ntau lub npe lossis subdomains tib lub sijhawm (piv txwv li, lub vev xaib tseem ceeb thiab ntau nplooj ntawv tsaws rau kev tshaj tawm, thiab lwm yam). Tag nrho cov no tuaj yeem yooj yim tso rau ntawm ib tus neeg rau zaub mov los ntawm kev tsim ntau tus tswv tsev virtual.
Ua ntej peb yuav tsum tsim ib daim ntawv teev cov qauv rau cov chaw uas yuav tsum tau nthuav tawm rau cov qhua. Cia peb tsim ib co directory:
$ sudo mkdir -p /var/www/a-dobra.ru/public_html$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_htmlThiab qhia tus tswv ntawm tus neeg siv tam sim no:
$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html
Kuj tsis paub meej $USER muaj cov username nyob rau hauv uas koj tam sim no nkag rau hauv (los ntawm lub neej ntawd qhov no yog tus neeg siv ubuntu). Tam sim no tus neeg siv tam sim no muaj cov npe public_html qhov twg peb yuav khaws cov ntsiab lus.
Peb kuj yuav tsum tau hloov kho cov kev tso cai me ntsis kom paub tseeb tias kev nyeem ntawv tau tso cai rau cov npe hauv lub vev xaib sib koom thiab tag nrho cov ntaub ntawv thiab folders nws muaj. Qhov no yog qhov tsim nyog rau lub vev xaib nplooj ntawv kom pom tseeb:
$ sudo chmod -R 755 /var/wwwKoj lub vev xaib server tam sim no yuav tsum muaj kev tso cai nws xav tau los tso saib cov ntsiab lus. Tsis tas li ntawd, koj tus neeg siv tam sim no muaj peev xwm los tsim cov ntsiab lus hauv cov npe uas xav tau.
Muaj twb muaj cov ntaub ntawv index.php nyob rau hauv /var/www/html directory, cia peb luam nws rau peb cov npe tshiab - qhov no yuav yog peb cov ntsiab lus rau tam sim no:
$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.phpTam sim no koj yuav tsum xyuas kom meej tias tus neeg siv tuaj yeem nkag mus rau koj qhov chaw. Txhawm rau ua qhov no, peb yuav ua ntej teeb tsa cov ntaub ntawv virtual host, uas txiav txim siab seb Apache web server yuav teb li cas rau kev thov rau cov npe sib txawv.
Los ntawm lub neej ntawd, Apache muaj cov ntaub ntawv virtual host 000-default.conf uas peb tuaj yeem siv los ua qhov pib. Peb tab tom yuav luam qhov no los tsim cov ntaub ntawv virtual host rau txhua qhov ntawm peb cov npe. Peb mam li pib nrog ib lub npe, teeb tsa nws, luam nws mus rau lwm lub npe, thiab tom qab ntawd ua qhov tsim nyog hloov dua tshiab.
Ubuntu lub default configuration xav kom txhua virtual host file muaj ib tug *.conf extension.
Cia peb pib los ntawm kev luam cov ntaub ntawv rau thawj lub npe:
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.confQhib cov ntaub ntawv tshiab hauv tus editor nrog cov cai hauv paus:
$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf
Kho cov ntaub ntawv raws li hauv qab no, qhia qhov chaw nres nkoj 80, koj cov ntaub ntawv rau ServerAdmin, ServerName, ServerAlias, nrog rau txoj kev mus rau hauv paus directory ntawm koj qhov chaw, txuag cov ntaub ntawv (Ctrl + X, ces Y):
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName a-dobra.ru
ServerAlias www.a-dobra.ru
DocumentRoot /var/www/a-dobra.ru/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/a-dobra.ru/public_html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch .php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
</VirtualHost>
ServerName teeb tsa thawj lub npe, uas yuav tsum phim lub npe virtual host. Qhov no yuav tsum yog koj lub npe sau npe. Thib ob, ServerAlias, txhais lwm lub npe uas yuav tsum tau txhais raws li nws yog thawj lub npe. Qhov no yooj yim rau kev siv cov npe sau ntxiv, piv txwv li siv www.
Cia peb luam qhov kev teeb tsa no rau lwm tus tswv thiab kuj hloov nws tib yam:
$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.confKoj tuaj yeem tsim ntau cov npe thiab virtual hosts rau koj lub vev xaib raws li koj nyiam! Tam sim no peb tau tsim peb cov ntaub ntawv virtual host, peb yuav tsum tau pab lawv. Peb tuaj yeem siv a2ensite qhov hluav taws xob los pab kom txhua qhov ntawm peb qhov chaw zoo li no:
$ sudo a2ensite a-dobra.ru.conf$ sudo a2ensite promo.a-dobra.ru.conf Los ntawm lub neej ntawd, qhov chaw nres nkoj 80 raug kaw hauv LAMP, thiab peb yuav xav tau nws tom qab rau nruab ib daim ntawv pov thawj SSL. Yog li cia peb hloov kho cov ntaub ntawv ports.conf tam sim ntawd thiab rov pib Apache:
$ sudo nano /etc/apache2/ports.confNtxiv ib kab tshiab thiab txuag cov ntaub ntawv kom nws zoo li no:
Listen 80
Listen 443
Listen 9997Tom qab ua tiav cov kev teeb tsa, koj yuav tsum rov pib Apache rau txhua qhov kev hloov pauv kom muaj txiaj ntsig:
$ sudo systemctl reload apache2Kauj ruam 3: Teeb tsa cov npe sau npe
Tom ntej no, koj yuav tsum ntxiv DNS cov ntaub ntawv uas yuav taw tes rau koj tus neeg rau zaub mov tshiab. Txhawm rau tswj hwm tus thawj tswj hwm, peb qhov Arithmetic of Good Foundation siv qhov kev pabcuam dns-master.ru, peb yuav qhia nws nrog piv txwv.
Kev teeb tsa A-cov ntaub ntawv rau lub ntsiab tseem ceeb feem ntau yog qhia raws li hauv qab no (kos npe @):
Cov ntaub ntawv A rau subdomains feem ntau teev tseg zoo li no:
Qhov chaw nyob IP yog qhov chaw nyob ntawm Linux server peb nyuam qhuav tsim. Koj tuaj yeem qhia TTL = 3600.
Tom qab qee lub sijhawm, nws yuav tuaj yeem tuaj xyuas koj lub xaib, tab sis tam sim no tsuas yog dhau los http://. Hauv kauj ruam tom ntej peb yuav ntxiv kev txhawb nqa https://.
Kauj Ruam 4: Teeb daim ntawv pov thawj SSL dawb
Koj tuaj yeem tau txais dawb Let's Encrypt SSL daim ntawv pov thawj rau koj qhov chaw tseem ceeb thiab tag nrho cov subdomains. Koj tuaj yeem teeb tsa lawv tsis siv neeg rov ua dua tshiab, uas yooj yim heev. Txhawm rau kom tau txais daim ntawv pov thawj SSL, nruab Certbot ntawm koj lub server:
$ sudo add-apt-repository ppa:certbot/certbot
Nruab Certbot pob rau Apache siv apt:
$ sudo apt install python-certbot-apache Tam sim no Certbot tau npaj siv, khiav cov lus txib:
$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru
Cov lus txib no khiav certbot, yuam sij -d txhais cov npe ntawm cov npe uas yuav tsum tau muab daim ntawv pov thawj.
Yog tias qhov no yog thawj zaug koj tso certbot, koj yuav raug nug kom nkag mus rau koj tus email chaw nyob thiab pom zoo rau cov nqe lus ntawm kev siv cov kev pabcuam. certbot yuav tom qab ntawd hu rau Let's Encrypt server thiab tom qab ntawd txheeb xyuas tias koj tau tswj hwm tus sau npe uas koj tau thov daim ntawv pov thawj.
Yog tias txhua yam ua tau zoo, certbot yuav nug seb koj xav tau kev teeb tsa HTTPS li cas:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):Peb pom zoo xaiv qhov kev xaiv 2 thiab nias ENTER. Cov kev teeb tsa yuav raug hloov kho thiab Apache yuav rov pib dua los siv cov kev hloov pauv.
Tam sim no koj daim ntawv pov thawj tau rub tawm, nruab thiab ua haujlwm. Sim reloading koj qhov chaw nrog https:// thiab koj yuav pom qhov kev ruaj ntseg icon hauv koj tus browser. Yog tias koj sim koj lub server , nws yuav tau txais qib A.
Cia's Encrypt daim ntawv pov thawj tsuas yog siv tau rau 90 hnub, tab sis pob ntawv certbot peb nyuam qhuav teeb tsa yuav rov ua dua daim ntawv pov thawj. Txhawm rau kuaj cov txheej txheem hloov tshiab, peb tuaj yeem ua qhov qhuav ntawm certbot:
$ sudo certbot renew --dry-run Yog tias koj tsis pom muaj qhov yuam kev los ntawm kev khiav cov lus txib no, ces txhua yam ua haujlwm!
Kauj ruam 5: Nkag mus rau MySQL thiab phpMyAdmin
Ntau lub vev xaib siv databases. phpMyAdmin cov cuab yeej rau kev tswj hwm database twb tau teeb tsa rau ntawm peb lub server. Txhawm rau nkag mus rau nws, mus rau koj tus browser siv qhov txuas xws li:
https://<ip-адрес сервера>:9997Tus password rau hauv paus nkag tuaj yeem muab tau hauv koj tus account MCS (). Tsis txhob hnov qab hloov koj tus password hauv paus thawj zaug koj nkag rau hauv!
Kauj ruam 6: Teeb cov ntaub ntawv upload ntawm SFTP
Cov neeg tsim khoom yuav pom tias nws yooj yim rau upload cov ntaub ntawv rau koj lub vev xaib ntawm SFTP. Txhawm rau ua qhov no, peb yuav tsim tus neeg siv tshiab, hu rau nws tus webmaster:
$ sudo adduser webmasterLub kaw lus yuav hais kom koj teev tus password thiab nkag mus rau lwm cov ntaub ntawv.
Hloov tus tswv ntawm cov npe nrog koj lub vev xaib:
$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_htmlTam sim no cia peb hloov SSH config kom tus neeg siv tshiab tsuas muaj kev nkag mus rau SFTP thiab tsis yog SSH davhlau ya nyob twg:
$ sudo nano /etc/ssh/sshd_configScroll mus rau qhov kawg ntawm cov ntaub ntawv teeb tsa thiab ntxiv cov block hauv qab no:
Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding noTxuag cov ntaub ntawv thiab rov pib qhov kev pabcuam:
$ sudo systemctl restart sshdTam sim no koj tuaj yeem txuas rau lub server los ntawm ib tus neeg siv SFTP, piv txwv li, los ntawm FileZilla.
Qhov no
- Tam sim no koj paub yuav ua li cas los tsim cov npe tshiab thiab teeb tsa virtual hosts rau koj lub vev xaib hauv tib lub server.
- Koj tuaj yeem yooj yim tsim cov ntawv pov thawj SSL uas tsim nyog - nws yog dawb, thiab lawv yuav raug hloov kho tshiab.
- Koj tuaj yeem yooj yim ua haujlwm nrog MySQL database los ntawm phpMyAdmin paub.
- Tsim cov nyiaj SFTP tshiab thiab teeb tsa cov cai nkag tsis tas yuav siv zog ntau. Cov nyiaj no tuaj yeem raug xa mus rau lwm tus neeg tsim tawm lub vev xaib thiab cov thawj coj ntawm lub xaib.
- Tsis txhob hnov qab hloov kho lub kaw lus ib ntus, thiab peb kuj pom zoo kom ua thaub qab - hauv MCS koj tuaj yeem nqa "snapshots" ntawm tag nrho cov kab ke nrog ib nyem, thiab tom qab ntawd, yog tias tsim nyog, tso tag nrho cov duab.
Cov khoom siv uas yuav pab tau:
Los ntawm txoj kev, Koj tuaj yeem nyeem ntawm VC li cas peb lub hauv paus tau siv lub platform rau kev kawm online rau cov menyuam ntsuag raws li MCS huab.
Tau qhov twg los: www.hab.com