å°ãåã«ãMail.Ru Cloud Solutions (MCS) ãš Dobro Mail.Ru ãµãŒãã¹ã¯ãããžã§ã¯ããç«ã¡äžããŸããã
æ€èšŒã«åæ ŒãããšãNPO 㯠MCS ããä»®æ³å®¹éãåãåãããšãã§ããŸãããããã«æ§æããã«ã¯ç¹å®ã®è³æ Œãå¿
èŠã§ãã ãã®è³æã§ã¯ãç¡æã® SSL 蚌ææžã䜿çšããŠã¡ã€ã³ã®åºç€ Web ãµã€ããšå€æ°ã®ãµããã¡ã€ã³ãå®è¡ããããã® Ubuntu Linux ããŒã¹ã®ãµãŒããŒãã»ããã¢ããããããã®å
·äœçãªæé ãå
±æããããšæããŸãã å€ãã®äººã«ãšã£ãŠãããã¯ç°¡åãªã¬ã€ãã§ãããç§ãã¡ã®çµéšãéå¶å©å£äœã ãã§ãªããä»ã®éå¶å©å£äœã«ã圹ç«ã€ããšãé¡ã£ãŠããŸãã
FYIïŒMCSããäœãåŸãããŸããïŒ 4 CPUã32 GB RAMã1 TB HDDãUbuntu Linux OSã500 GB ãªããžã§ã¯ã ã¹ãã¬ãŒãžã
ã¹ããã 1: ä»®æ³ãµãŒããŒãèµ·åãã
æ©éæ¬é¡ã«å ¥ããMCS å人ã¢ã«ãŠã³ãã«ä»®æ³ãµãŒã㌠(å¥åãã€ã³ã¹ã¿ã³ã¹ã) ãäœæããŸãããã ã¢ã㪠ã¹ãã¢ã§ã¯ãæ¢è£œã® LAMP ã¹ã¿ãã¯ãéžæããŠã€ã³ã¹ããŒã«ããå¿ èŠããããŸããããã¯ãã»ãšãã©ã® Web ãµã€ããå®è¡ããããã«å¿ èŠãªãµãŒã㌠ãœãããŠã§ã¢ (LAMP = LinuxãApacheãMySQLãPHP) ã®ã»ããã§ãã
é©åãªãµãŒããŒæ§æãéžæããæ°ãã SSH ããŒãäœæããŸãã ãã€ã³ã¹ããŒã«ããã¿ã³ãã¯ãªãã¯ãããšããµãŒããŒãš LAMP ã¹ã¿ãã¯ã®ã€ã³ã¹ããŒã«ãéå§ãããŸããããã«ã¯å°ãæéãããããŸãã ãŸããã·ã¹ãã ã¯ãã³ã³ãœãŒã«çµç±ã§ä»®æ³ãã·ã³ã管çããããã«ç§å¯ããŒãã³ã³ãã¥ãŒã¿ã«ããŠã³ããŒãããä¿åããããææ¡ããŸãã
ã¢ããªã±ãŒã·ã§ã³ãã€ã³ã¹ããŒã«ããããããã«ãã¡ã€ã¢ãŠã©ãŒã«ãèšå®ããŸãããããããå人ã¢ã«ãŠã³ãã§è¡ããŸãããã¯ã©ãŠã ã³ã³ãã¥ãŒãã£ã³ã° -> ä»®æ³ãã·ã³ãã»ã¯ã·ã§ã³ã«ç§»åããããã¡ã€ã¢ãŠã©ãŒã«ã®èšå®ããéžæããŸãã
ããŒã 80 ããã³ 9997 ãä»ããåä¿¡ãã©ãã£ãã¯ã«å¯Ÿããèš±å¯ãè¿œå ããå¿
èŠããããŸãã ããã¯ãå°æ¥ SSL 蚌ææžãã€ã³ã¹ããŒã«ããphpMyAdmin ãæäœããããã«å¿
èŠã«ãªããŸãã çµæãšããŠãã«ãŒã«ã®ã»ããã¯æ¬¡ã®ããã«ãªããŸãã
ããã§ãSSH ãããã³ã«ã䜿çšããŠã³ãã³ã ã©ã€ã³çµç±ã§ãµãŒããŒã«æ¥ç¶ã§ããããã«ãªããŸããã ãããè¡ãã«ã¯ãã³ã³ãã¥ãŒã¿äžã® SSH ããŒãšãµãŒããŒã®å€éš IP ã¢ãã¬ã¹ (ãä»®æ³ãã·ã³ãã»ã¯ã·ã§ã³ã«ãããŸã) ãæå®ããŠã次ã®ã³ãã³ããå
¥åããŸãã
$ ssh -i /пÑÑÑ/к/клÑÑÑ/key.pem ubuntu@<ip_ÑеÑвеÑа>
ãµãŒããŒã«åããŠæ¥ç¶ãããšãã¯ãçŸåšã®ãã¹ãŠã®ã¢ããããŒãããµãŒããŒã«ã€ã³ã¹ããŒã«ããŠåèµ·åããããšããå§ãããŸãã ãããè¡ãã«ã¯ã次ã®ã³ãã³ããå®è¡ããŸãã
$ sudo apt-get update
ã·ã¹ãã ã¯æŽæ°ã®ãªã¹ããåä¿¡ãã次ã®ã³ãã³ãã䜿çšããŠæŽæ°ãã€ã³ã¹ããŒã«ããæ瀺ã«åŸããŸãã
$ sudo apt-get upgrade
ã¢ããããŒããã€ã³ã¹ããŒã«ããåŸããµãŒããŒãåèµ·åããŸãã
$ sudo reboot
ã¹ããã 2: ä»®æ³ãã¹ããã»ããã¢ãããã
å€ãã®éå¶å©å£äœã¯ãåæã«è€æ°ã®ãã¡ã€ã³ãŸãã¯ãµããã¡ã€ã³ãç¶æããå¿ èŠããããŸã (ããšãã°ãã¡ã€ã³ Web ãµã€ããšããã¢ãŒã·ã§ã³ ãã£ã³ããŒã³çšã®è€æ°ã®ã©ã³ãã£ã³ã° ããŒãžãªã©)ã è€æ°ã®ä»®æ³ãã¹ããäœæããããšã§ãããããã¹ãŠã XNUMX ã€ã®ãµãŒããŒã«ç°¡åã«é 眮ã§ããŸãã
ãŸãã蚪åè ã«è¡šç€ºããããµã€ãã®ãã£ã¬ã¯ããªæ§é ãäœæããå¿ èŠããããŸãã ããã€ãã®ãã£ã¬ã¯ããªãäœæããŸãããã
$ sudo mkdir -p /var/www/a-dobra.ru/public_html
$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_html
ãããŠãçŸåšã®ãŠãŒã¶ãŒã®ææè ãæå®ããŸãã
$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html
$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html
å¯å€ $USER
çŸåšãã°ã€ã³ããŠãããŠãŒã¶ãŒåãå«ãŸããŸã (ããã©ã«ãã§ã¯ãããã¯ãŠãŒã¶ãŒåã§ã) ubuntu
ïŒã çŸåšã®ãŠãŒã¶ãŒã¯ãã³ã³ãã³ããä¿åãã public_html ãã£ã¬ã¯ããªãææããŠããŸãã
ãŸããå ±æ Web ãã£ã¬ã¯ããªãšããã«å«ãŸãããã¹ãŠã®ãã¡ã€ã«ãšãã©ã«ããŒãžã®èªã¿åãã¢ã¯ã»ã¹ã確å®ã«èš±å¯ãããããã«ãã¢ã¯ã»ã¹èš±å¯ãå°ãç·šéããå¿ èŠããããŸãã ããã¯ãµã€ã ããŒãžãæ£ãã衚瀺ãããããã«å¿ èŠã§ãã
$ sudo chmod -R 755 /var/www
ããã§ãWeb ãµãŒããŒã«ã¯ãã³ã³ãã³ãã衚瀺ããããã«å¿ èŠãªæš©éãä»äžãããã¯ãã§ãã ããã«ããŠãŒã¶ãŒã¯å¿ èŠãªãã£ã¬ã¯ããªã«ã³ã³ãã³ããäœæã§ããããã«ãªããŸããã
/var/www/html ãã£ã¬ã¯ããªã«ã¯ãã§ã«index.php ãã¡ã€ã«ããããŸãããããæ°ãããã£ã¬ã¯ããªã«ã³ããŒããŸãããããããä»ã®ã³ã³ãã³ãã«ãªããŸãã
$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php
$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.php
次ã«ããŠãŒã¶ãŒããµã€ãã«ã¢ã¯ã»ã¹ã§ããããšã確èªããå¿ èŠããããŸãã ãããè¡ãã«ã¯ããŸãä»®æ³ãã¹ã ãã¡ã€ã«ãèšå®ããŸãããã®ãã¡ã€ã«ã¯ãApache Web ãµãŒããŒãããŸããŸãªãã¡ã€ã³ãžã®ãªã¯ãšã¹ãã«ã©ã®ããã«å¿çãããã決å®ããŸãã
ããã©ã«ãã§ã¯ãApache ã«ã¯éå§ç¹ãšããŠäœ¿çšã§ããä»®æ³ãã¹ã ãã¡ã€ã« 000-default.conf ããããŸãã ãããã³ããŒããŠãåãã¡ã€ã³ã®ä»®æ³ãã¹ã ãã¡ã€ã«ãäœæããŸãã XNUMX ã€ã®ãã¡ã€ã³ããéå§ããŠæ§æããå¥ã®ãã¡ã€ã³ã«ã³ããŒããŠãå¿ èŠãªç·šéãå床è¡ããŸãã
Ubuntu ã®ããã©ã«ãæ§æã§ã¯ãåä»®æ³ãã¹ã ãã¡ã€ã«ã« *.conf æ¡åŒµåãå¿ èŠã§ãã
æåã®ãã¡ã€ã³ã®ãã¡ã€ã«ãã³ããŒããããšããå§ããŸãããã
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.conf
root æš©éã䜿çšããŠãšãã£ã¿ã§æ°ãããã¡ã€ã«ãéããŸãã
$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf
次ã®ããã«ããŒã¿ãç·šéããããŒã 80ãããŒã¿ãæå®ããŸãã ServerAdmin
, ServerName
, ServerAlias
ããµã€ãã®ã«ãŒã ãã£ã¬ã¯ããªãžã®ãã¹ãæå®ããŠããã¡ã€ã«ãä¿åããŸã (Ctrl+Xã次㫠Y)ã
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName a-dobra.ru
ServerAlias www.a-dobra.ru
DocumentRoot /var/www/a-dobra.ru/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/a-dobra.ru/public_html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch .php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
</VirtualHost>
ServerName
ãã©ã€ã㪠ãã¡ã€ã³ãèšå®ããŸããããã¯ä»®æ³ãã¹ãåãšäžèŽããå¿
èŠããããŸãã ããã¯ããªãã®ãã¡ã€ã³åã§ããå¿
èŠããããŸãã XNUMXçªã ServerAlias
ããã©ã€ã㪠ãã¡ã€ã³ã§ãããã®ããã«è§£éãããä»ã®ååãå®çŸ©ããŸãã ããã¯ãwww ãªã©ã®è¿œå ã®ãã¡ã€ã³åã䜿çšããå Žåã«äŸ¿å©ã§ãã
ãã®èšå®ãå¥ã®ãã¹ãã«ã³ããŒããåãæ¹æ³ã§ç·šéããŠã¿ãŸãããã
$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.conf
Web ãµã€ãçšã®ãã£ã¬ã¯ããªãšä»®æ³ãã¹ãã¯å¥œããªã ãäœæã§ããŸãã ä»®æ³ãã¹ã ãã¡ã€ã«ãäœæããã®ã§ãããããæå¹ã«ããå¿ èŠããããŸãã a2ensite ãŠãŒãã£ãªãã£ã䜿çšãããšã次ã®ããã«åãµã€ããæå¹ã«ããããšãã§ããŸãã
$ sudo a2ensite a-dobra.ru.conf
$ sudo a2ensite promo.a-dobra.ru.conf
ããã©ã«ãã§ã¯ãããŒã 80 㯠LAMP ã§éããããŠãããåŸã§ SSL 蚌ææžãã€ã³ã¹ããŒã«ããããã«å¿ èŠã«ãªããŸãã ããã§ã¯ãããã« ports.conf ãã¡ã€ã«ãç·šéããŠãApache ãåèµ·åããŸãããã
$ sudo nano /etc/apache2/ports.conf
æ°ããè¡ãè¿œå ããŠãã¡ã€ã«ãä¿åãããšã次ã®ããã«ãªããŸãã
Listen 80
Listen 443
Listen 9997
èšå®ãå®äºãããããã¹ãŠã®å€æŽãæå¹ã«ããããã« Apache ãåèµ·åããå¿ èŠããããŸãã
$ sudo systemctl reload apache2
ã¹ããã 3: ãã¡ã€ã³åãèšå®ãã
次ã«ãæ°ãããµãŒããŒãæã DNS ã¬ã³ãŒããè¿œå ããå¿ èŠããããŸãã ãã¡ã€ã³ã管çããããã«ãArithmetic of Good Foundation 㯠dns-master.ru ãµãŒãã¹ã䜿çšããŸããäŸã瀺ããŸãã
ã¡ã€ã³ ãã¡ã€ã³ã® A ã¬ã³ãŒãã®èšå®ã¯ãé垞次ã®ããã«ç€ºãããŸã (èšå· @
):
ãµããã¡ã€ã³ã® A ã¬ã³ãŒãã¯éåžžã次ã®ããã«æå®ããŸãã
IP ã¢ãã¬ã¹ã¯ãäœæããã°ããã® Linux ãµãŒããŒã®ã¢ãã¬ã¹ã§ãã TTL = 3600 ãæå®ã§ããŸãã
ãã°ãããããšãµã€ãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãããä»ã®ãšãã㯠http://
ã 次ã®ã¹ãããã§ã¯ããµããŒããè¿œå ããŸã https://
.
ã¹ããã 4: ç¡æã® SSL 蚌ææžãã»ããã¢ãããã
ã¡ã€ã³ ãµã€ããšãã¹ãŠã®ãµããã¡ã€ã³çšã® Let's Encrypt SSL 蚌ææžãç¡æã§ååŸã§ããŸãã èªåæŽæ°ãèšå®ã§ããã®ã§ãšãŠã䟿å©ã§ãã SSL 蚌ææžãååŸããã«ã¯ããµãŒããŒã« Certbot ãã€ã³ã¹ããŒã«ããŸãã
$ sudo add-apt-repository ppa:certbot/certbot
次ã䜿çšããŠãApache çšã® Certbot ããã±ãŒãžãã€ã³ã¹ããŒã«ããŸãã apt
:
$ sudo apt install python-certbot-apache
ãã㧠Certbot ã䜿çšã§ããããã«ãªããŸããã次ã®ã³ãã³ããå®è¡ããŸãã
$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru
ãã®ã³ãã³ã㯠certbotãkeys ãå®è¡ããŸãã -d
蚌ææžãçºè¡ããå¿
èŠããããã¡ã€ã³ã®ååãå®çŸ©ããŸãã
åã㊠certbot ãèµ·åããå Žåã¯ãé»åã¡ãŒã« ã¢ãã¬ã¹ãå ¥åãããµãŒãã¹ã®äœ¿çšæ¡ä»¶ã«åæããããæ±ããããŸãã 次ã«ãcertbot 㯠Let's Encrypt ãµãŒããŒã«æ¥ç¶ãã蚌ææžãèŠæ±ãããã¡ã€ã³ãå®éã«ç®¡çããŠããããšã確èªããŸãã
ãã¹ãŠãããŸãããã°ãcertbot 㯠HTTPS æ§æãã©ã®ããã«æ§æããããå°ããŸãã
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
ãªãã·ã§ã³ 2 ãéžæã㊠Enter ããŒãæŒãããšããå§ãããŸãã èšå®ãæŽæ°ãããå€æŽãé©çšããããã« Apache ãåèµ·åãããŸãã
ããã§ã蚌ææžãããŠã³ããŒããã€ã³ã¹ããŒã«ãããæ©èœããããã«ãªããŸããã https:// ã䜿çšããŠãµã€ãããªããŒãããŠã¿ããšããã©ãŠã¶ã«ã»ãã¥ãªã㣠ã¢ã€ã³ã³ã衚瀺ãããŸãã ãµãŒããŒããã¹ãããå Žå
Let's Encrypt 蚌ææžã¯ 90 æ¥éã®ã¿æå¹ã§ãããã€ã³ã¹ããŒã«ããã°ããã® certbot ããã±ãŒãžã«ãã蚌ææžãèªåçã«æŽæ°ãããŸãã æŽæ°ããã»ã¹ããã¹ãããã«ã¯ãcertbot ã®ãã©ã€ã©ã³ãå®è¡ããŸãã
$ sudo certbot renew --dry-run
ãã®ã³ãã³ããå®è¡ããçµæããšã©ãŒã衚瀺ãããªããã°ããã¹ãŠãæ£åžžã«åäœããŠããŸãã
ã¹ããã 5: MySQL ãš phpMyAdmin ã«ã¢ã¯ã»ã¹ãã
å€ãã® Web ãµã€ãã§ã¯ããŒã¿ããŒã¹ã䜿çšãããŠããŸãã ããŒã¿ããŒã¹ç®¡ççšã® phpMyAdmin ããŒã«ã¯ããµãŒããŒã«ãã§ã«ã€ã³ã¹ããŒã«ãããŠããŸãã ã¢ã¯ã»ã¹ããã«ã¯ã次ã®ãããªãªã³ã¯ã䜿çšããŠãã©ãŠã¶ã«ã¢ã¯ã»ã¹ããŸãã
https://<ip-аЎÑÐµÑ ÑеÑвеÑа>:9997
root ã¢ã¯ã»ã¹çšã®ãã¹ã¯ãŒãã¯ãMCS å人ã¢ã«ãŠã³ã (
ã¹ããã 6: SFTP çµç±ã§ã®ãã¡ã€ã«ã®ã¢ããããŒããèšå®ãã
éçºè ã¯ãSFTP çµç±ã§ Web ãµã€ãã®ãã¡ã€ã«ãã¢ããããŒããããšäŸ¿å©ã§ãã ãããè¡ãã«ã¯ãæ°ãããŠãŒã¶ãŒãäœæããWebmaster ãšåŒã³ãŸãã
$ sudo adduser webmaster
ã·ã¹ãã ã¯ããã¹ã¯ãŒããèšå®ãããã®ä»ã®ããŒã¿ãå ¥åããããã«æ±ããŸãã
Web ãµã€ãã®ãã£ã¬ã¯ããªã®ææè ãå€æŽããŸãã
$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_html
次ã«ãæ°ãããŠãŒã¶ãŒã SSH 端æ«ã§ã¯ãªã SFTP ã«ã®ã¿ã¢ã¯ã»ã¹ã§ããããã« SSH æ§æãå€æŽããŸãããã
$ sudo nano /etc/ssh/sshd_config
æ§æãã¡ã€ã«ã®æåŸãŸã§ã¹ã¯ããŒã«ãã次ã®ãããã¯ãè¿œå ããŸãã
Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
ãã¡ã€ã«ãä¿åãããµãŒãã¹ãåèµ·åããŸãã
$ sudo systemctl restart sshd
ããã§ãFileZilla ãªã©ã® SFTP ã¯ã©ã€ã¢ã³ããä»ããŠãµãŒããŒã«æ¥ç¶ã§ããããã«ãªããŸãã
åèš
- ããã§ãåããµãŒããŒå ã§æ°ãããã£ã¬ã¯ããªãäœæããWeb ãµã€ãã®ä»®æ³ãã¹ããæ§æããæ¹æ³ãããããŸããã
- å¿ èŠãª SSL 蚌ææžã¯ç°¡åã«äœæã§ããŸããç¡æã§ãèªåçã«æŽæ°ãããŸãã
- 䜿ãæ £ãã phpMyAdmin ã䜿çšããŠãMySQL ããŒã¿ããŒã¹ãç°¡åã«æäœã§ããŸãã
- æ°ãã SFTP ã¢ã«ãŠã³ãã®äœæãšã¢ã¯ã»ã¹æš©ã®èšå®ã«ã¯ãããã»ã©æéã¯ããããŸããã ãã®ãããªã¢ã«ãŠã³ãã¯ããµãŒãããŒãã£ã® Web éçºè ããµã€ã管çè ã«è»¢éã§ããŸãã
- ã·ã¹ãã ãå®æçã«æŽæ°ããããšãå¿ããªãã§ãã ããããŸããããã¯ã¢ãããäœæããããšããå§ãããŸããMCS ã§ã¯ãã¯ã³ã¯ãªãã¯ã§ã·ã¹ãã å šäœã®ãã¹ãããã·ã§ããããååŸããå¿ èŠã«å¿ããŠã€ã¡ãŒãžå šäœãèµ·åã§ããŸãã
圹ç«ã€ãšæããã䜿çšæžã¿ãªãœãŒã¹:
ãšããã§ã
åºæïŒ habr.com