ProHoster > Блог > Whakahaerenga > Cloud for Charities: He Aratohu Heke

Cloud for Charities: He Aratohu Heke

Cloud for Charities: He Aratohu Heke

Kaore i roa i mua, ka whakarewahia e Mail.Ru Cloud Solutions (MCS) me te ratonga Dobro Mail.Ru te kaupapa "Kapua mo nga mahi atawhai”, he mihi ka taea e nga whakahaere kore-painga te tiki i nga rauemi o te papaaho kapua MCS mo te kore utu. Kaupapa Atawhai "Te tatau o te pai» i whai waahi ki te kaupapa me te tuku angitu i tetahi waahanga o ana hanganga i runga i te MCS.

Whai muri i te whakamanatanga, ka taea e te NPO te whiwhi kaha mariko mai i te MCS, engari me whai tohu ano etahi atu whirihoranga. I roto i tenei rauemi, e hiahia ana matou ki te tiri i nga tohutohu motuhake mo te whakatuu i tetahi tūmau-a-Linux Ubuntu hei whakahaere i te paetukutuku turanga matua me te maha o nga subdomains ma te whakamahi i nga tiwhikete SSL koreutu. Mo te nuinga, he aratohu ngawari tenei, engari ko te tumanako ka whai hua to maatau wheako mo etahi atu whakahaere kore-moni, ehara i te mea anake.

FYI: He aha nga mea ka taea e koe mai i te MCS? 4 PTM, 32 GB RAM, 1 TB HDD, Ubuntu Linux OS, 500 GB rokiroki ahanoa.

Hipanga 1: whakarewahia te tūmau mariko

Me haere tika ki te kaupapa me te hanga i ta maatau tūmau mariko (aka "tauira") i roto i to putea whaiaro MCS. I roto i te toa taupānga, me whiriwhiri koe me te whakauru i tetahi puranga LAMP kua rite, he huinga raupaparorohiko tūmau (LAMP = Linux, Apache, MySQL, PHP) e tika ana hei whakahaere i te nuinga o nga paetukutuku.

Cloud for Charities: He Aratohu Heke
Cloud for Charities: He Aratohu Heke
Cloud for Charities: He Aratohu Heke
Tīpakohia te whirihoranga tūmau e tika ana ka waihangahia he kī SSH hōu. I muri i te panui i te paatene "Tāuta", ka timata te whakaurunga o te tūmau me te tāpae LAMP, ka roa te wa. Ka tukuna ano e te punaha ki te tango i tetahi taviri motuhake ki to rorohiko hei whakahaere i te miihini mariko ma te papatohu, tiakina.

Whai muri i te whakaurunga o te tono, me whakarite tonu i te papangaahi, ka mahia ano i roto i to putea whaiaro: haere ki te waahanga "Cloud computing -> Miihini mariko" ka kowhiri i te "Tautuhi i te papangaahi":

Cloud for Charities: He Aratohu Heke
Me taapiri koe i te whakaaetanga mo nga waka taumai ma te tauranga 80 me te 9997. He mea tika tenei mo te wa kei te heke mai ki te whakauru i nga tiwhikete SSL me te mahi tahi me phpMyAdmin. Ko te mutunga, me penei te ahua o te huinga ture:

Cloud for Charities: He Aratohu Heke
Inaianei ka taea e koe te hono atu ki to kaimau ma te raina whakahau ma te whakamahi i te kawa SSH. Ki te mahi i tenei, patohia te whakahau e whai ake nei, tohu ki te taviri SSH i runga i to rorohiko me te wahitau IP o waho o to tūmau (ka kitea e koe i te waahanga "Miihini Mariko"):

$ ssh -i /путь/к/ключу/key.pem ubuntu@<ip_сервера>

Ina hono ana ki te tūmau mo te wa tuatahi, ka tūtohu kia whakauruhia nga whakahoutanga o naianei katoa ki runga ka whakaara ano. Hei mahi i tenei, whakahaere i nga whakahau e whai ake nei:

$ sudo apt-get update

Ka whiwhi te punaha i te rarangi o nga whakahou, whakauruhia ma te whakamahi i tenei whakahau ka whai i nga tohutohu:

$ sudo apt-get upgrade

I muri i te tāutanga o ngā whakahōutanga, tīmata anō te tūmau:

$ sudo reboot

Hipanga 2: Whakaritehia nga kaihautu mariko

He maha nga umanga kore hua me pupuri i etahi rohe, rohe-roto ranei i te wa kotahi (hei tauira, he paetukutuku matua me etahi wharangi taunga mo nga kaupapa whakatairanga, me etahi atu). Ko enei mea katoa ka taea te whakanoho ki runga i te tūmau kotahi ma te hanga i etahi kaihautu mariko.

Tuatahi me hanga he hanganga whaiaronga mo nga waahi ka whakaatuhia ki nga manuhiri. Me hanga etahi whaiaronga:

$ sudo mkdir -p /var/www/a-dobra.ru/public_html

$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_html

Me whakapūtā te rangatira o te kaiwhakamahi o nāianei:

$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html

$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html

Taurangi $USER kei roto te ingoa kaiwhakamahi e takiuru ana koe (ma te taunoa ko te kaiwhakamahi tenei ubuntu). Inaianei kei te kaiwhakamahi o naianei nga raarangi public_html hei penapena i nga ihirangi.

Me whakatika iti nga whakaaetanga kia mohio ai ka whakaaetia te urunga panui ki te raarangi paetukutuku tiritahi me nga konae me nga kōpaki katoa kei roto. Me tika tenei kia whakaatu tika nga wharangi pae:

$ sudo chmod -R 755 /var/www

Me whai mana to tūmau tukutuku ināianei hei whakaatu i te ihirangi. I tua atu, kei to kaiwhakamahi inaianei te kaha ki te hanga ihirangi i roto i nga raarangi e hiahiatia ana.

He konae index.php kei roto i te whaiaronga /var/www/html, me kape ki o maatau raarangi hou - koinei ta tatou korero mo tenei wa:

$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php

$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.php

Inaianei me mohio koe ka uru te kaiwhakamahi ki to pae. Ki te mahi i tenei, ka whirihora tuatahi matou i nga konae kaihautu mariko, e whakatau ana me pehea te whakautu a te tūmau tukutuku Apache ki nga tono ki nga rohe rereke.

Ma te taunoa, kei a Apache he konae kaihautu mariko 000-default.conf ka taea te whakamahi hei timatanga. Ka kape tatou i tenei ki te hanga i nga konae manaaki mariko mo ia rohe. Ka timata tatou ki tetahi rohe, ka whirihora, ka kape ki tetahi atu rohe, katahi ka whakatika ano.

Ko te whirihoranga taunoa a Ubuntu me whai *.conf toronga ia konae kaihautu mariko.

Me timata ma te kape i te konae mo te rohe tuatahi:

$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.conf

Whakatuwheratia he konae hou i roto i te ētita whai motika pakiaka:

$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf

Whakatikahia nga raraunga e whai ake nei, me te whakaatu i te tauranga 80, to raraunga mo ServerAdmin, ServerName, ServerAlias, me te ara ki te whaiaronga pakiaka o to pae, tiakina te konae (Ctrl+X, katahi Y):

<VirtualHost *:80>
 
    ServerAdmin [email protected]
    ServerName a-dobra.ru
    ServerAlias www.a-dobra.ru
 
    DocumentRoot /var/www/a-dobra.ru/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
 
    <Directory /var/www/a-dobra.ru/public_html>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
    </Directory>
 
    <FilesMatch .php$>
        SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
    </FilesMatch>
 
</VirtualHost>

ServerName ka tautuhi i te rohe tuatahi, me taurite ki te ingoa kaihautu mariko. Ko to ingoa rohe tenei. Tuarua, ServerAlias, ka tautuhi i etahi atu ingoa me whakamaori me te mea ko te rohe tuatahi. He watea tenei mo te whakamahi ingoa rohe taapiri, hei tauira ma te whakamahi www.

Me kape tenei whirihora mo tetahi atu kaihautu me te whakatika ano i te huarahi ano: 

$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.conf

Ka taea e koe te hanga i nga raarangi maha me nga kaihautu mariko mo o paetukutuku e pai ana koe! Inaianei kua hanga e matou a maatau konae kaihautu mariko, me whakaahei. Ka taea e matou te whakamahi i te whaipainga a2ensite kia taea ai ia o a maatau pae penei:

$ sudo a2ensite a-dobra.ru.conf

$ sudo a2ensite promo.a-dobra.ru.conf

Ma te taunoa, kua katia te tauranga 80 i te LAMP, a ka hiahia matou ki te whakauru i tetahi tiwhikete SSL. Na, me whakatika tonu te konae ports.conf ka whakaara ano i a Apache:

$ sudo nano /etc/apache2/ports.conf

Tāpirihia he raina hou ka tiakina te konae kia penei te ahua: 

Listen 80
Listen 443
Listen 9997

I muri i te whakaoti i nga tautuhinga, me whakaara ano koe i a Apache kia whai mana nga huringa katoa:

$ sudo systemctl reload apache2

Hipanga 3: Whakaritehia nga ingoa rohe

I muri mai, me taapiri koe i nga rekoata DNS ka tohu ki to kaimau hou. Hei whakahaere i nga rohe, ka whakamahia e to maatau Arithmetic of Good Foundation te ratonga dns-master.ru, ka whakaatuhia e matou me tetahi tauira.

Ko te whakatu i tetahi rekoata A mo te rohe matua ka tohuhia penei (tohu @):

Cloud for Charities: He Aratohu Heke
Ko te rekoata A mo nga subdomains ka tohua penei:

Cloud for Charities: He Aratohu Heke
Ko te wāhitau IP te wāhitau o te tūmau Linux i hangaia e mātou. Ka taea e koe te tohu TTL = 3600.

I muri i etahi wa, ka taea te toro atu ki to pae, engari mo tenei wa anake http://. I te taahiraa e whai ake nei ka taapirihia e matou te tautoko https://.

Hipanga 4: Whakaritehia nga tiwhikete SSL kore utu

Ka taea e koe te whiwhi tohu Tiwhikete SSL Whakamuna kore utu mo to pae matua me nga roheroto katoa. Ka taea hoki e koe te whirihora i to raatau whakahou aunoa, he tino watea. Ki te whiwhi tiwhikete SSL, whakauruhia a Certbot ki to tūmau:

$ sudo add-apt-repository ppa:certbot/certbot

Tāutahia te mōkihi Certbot mo Apache mā te whakamahi apt:

$ sudo apt install python-certbot-apache

Inaianei kua rite a Certbot ki te whakamahi, whakahaere i te whakahau:

$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru

Ka whakahaerehia e tenei whakahau certbot, ki -d tautuhia nga ingoa o nga rohe hei tuku i te tiwhikete.

Mena koinei te wa tuatahi ka whakarewahia e koe te certbot, ka tonohia koe ki te whakauru i to wahitau imeera me te whakaae ki nga tikanga whakamahi o te ratonga. Ka whakapā atu a certbot ki te tūmau Let's Encrypt ka manatokona kei te whakahaere tonu koe i te rohe i tono ai koe i te tiwhikete.

Mena i pai nga mea katoa, ka patai a certbot me pehea e hiahia ana koe ki te whirihora i te whirihoranga HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Ka tūtohu mātou kia kōwhiria te kōwhiringa 2 ka pēhi i te ENTER. Ka whakahouhia te whirihoranga, ka timata ano a Apache ki te whakamahi i nga huringa.

Kua tikiakehia o tiwhikete, kua whakauruhia, kua mahi. Me ngana ki te uta ano i to pae ki te https:// ka kite koe i te tohu haumarutanga i to kaitirotiro. Mena ka whakamatau koe i to kaimau Whakamātautau Tūmau SSL Labs, ka whiwhi ia i te tohu A.

Ka whakamanahia nga tiwhikete Whakamuna mo nga ra 90 anake, engari ko te kete certbot i whakauruhia e matou ka whakahou aunoa i nga tiwhikete. Hei whakamatautau i te tukanga whakahou, ka taea e taatau te mahi maroke o certbot:

$ sudo certbot renew --dry-run

Mena kaore koe e kite i nga hapa na te whakahaere i tenei whakahau, kei te mahi nga mea katoa!

Hipanga 5: Uru ki MySQL me phpMyAdmin

He maha nga paetukutuku e whakamahi ana i nga papaunga raraunga. Ko te taputapu phpMyAdmin mo te whakahaerenga raraunga kua oti te whakauru ki runga i ta maatau tūmau. Hei uru atu, haere ki to kaitirotiro ma te whakamahi hononga penei:

https://<ip-адрес сервера>:9997

Ko te kupuhipa mo te uru pakiaka ka taea te tiki i to putea whaiaro MCS (https://mcs.mail.ru/app/services/marketplace/apps/). Kaua e wareware ki te huri i to kupuhipa pakiaka i te wa tuatahi ka uru koe!

Hipanga 6: Whakaritehia te tukuake kōnae ma te SFTP

Ka kitea e nga Kaihanga he pai ki te tuku ake i nga konae mo to paetukutuku ma te SFTP. Ki te mahi i tenei, ka hanga e matou he kaiwhakamahi hou, ka karanga ia ia te kaiwhakahaere tukutuku:

$ sudo adduser webmaster

Ka tono te punaha ki a koe ki te whakatakoto kupuhipa me te whakauru i etahi atu raraunga.

Te huri i te rangatira o te whaiaronga me to paetukutuku: 

$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_html

Inaianei me huri tatou i te whirihora SSH kia uru noa te kaiwhakamahi hou ki te SFTP, kaua ki te tauranga SSH: 

$ sudo nano /etc/ssh/sshd_config

Panuku ki te pito rawa o te konae whirihora me te taapiri i te paraka e whai ake nei:

Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Tiakina te konae ka whakaara ano i te ratonga:

$ sudo systemctl restart sshd

Inaianei ka taea e koe te hono atu ki te tūmau ma tetahi kaihoko SFTP, hei tauira, ma te FileZilla.

Ko te hua

  1. Inaianei kua mohio koe me pehea te hanga raarangi hou me te whirihora i nga kaihautu mariko mo o paetukutuku i roto i te kaimau kotahi.
  2. Ka taea e koe te hanga i nga tiwhikete SSL e tika ana - he kore utu, ka whakahoutia aunoatia.
  3. Ka taea e koe te mahi tahi me te paataka raraunga MySQL ma te phpMyAdmin mohio.
  4. Ko te hanga i nga kaute SFTP hou me te whakarite motika uru kaore e nui te whakapau kaha. Ko enei kaute ka taea te whakawhiti ki nga kaihanga paetukutuku tuatoru me nga kaiwhakahaere pae.
  5. Kaua e wareware ki te whakahou i te punaha i ia wa, a ka tūtohu ano matou ki te hanga taapiri - i roto i te MCS ka taea e koe te tango "whakaahua" o te punaha katoa me te paato kotahi, katahi, ki te tika, whakarewahia nga whakaahua katoa.

Kua whakamahia nga rauemi ka whai hua pea:

https://www.digitalocean.com/community/tutorials/apache-ubuntu-14-04-lts-ru
https://www.digitalocean.com/community/tutorials/apache-let-s-encrypt-ubuntu-18-04-ru
https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-18-04

I te ara, konei Ka taea e koe te panui i runga i te VC me pehea ta to maatau turanga i whakatakoto he papa mo te maatauranga ipurangi mo nga pani i runga i te kapua MCS.

Source: will.com

Tāpiri i te kōrero