Osati kale kwambiri, Mail.Ru Cloud Solutions (MCS) ndi ntchito ya Dobro Mail.Ru inayambitsa ntchitoyi "β, chifukwa chomwe mabungwe osachita phindu atha kupeza zothandizira papulatifomu yamtambo ya MCS kwaulere. Charitable Foundation "Β» adatenga nawo gawo pantchitoyi ndikuyika bwino gawo lina lazokhazikitsidwa ndi MCS.
Pambuyo potsimikizira, NPO ikhoza kulandira mphamvu zenizeni kuchokera ku MCS, koma kukonzanso kwina kumafuna ziyeneretso zina. M'nkhaniyi, tikufuna kugawana malangizo enieni okhazikitsa seva ya Ubuntu Linux kuti tiyendetse tsamba lalikulu la maziko ndi ma subdomain angapo pogwiritsa ntchito satifiketi zaulere za SSL. Kwa ambiri, izi zidzakhala chitsogozo chophweka, koma tikuyembekeza kuti zomwe takumana nazo zidzakhala zothandiza kwa mabungwe ena osapindula, osati kokha.
FYI: Mungapeze chiyani kuchokera ku MCS? 4 CPUs, 32 GB RAM, 1 TB HDD, Ubuntu Linux OS, 500 GB yosungirako zinthu.
Khwerero 1: yambitsani seva yeniyeni
Tiyeni tifike pomwepa ndikupanga seva yathu yeniyeni (yotchedwa "chitsanzo") mu akaunti yanu ya MCS. Mu sitolo yamapulogalamu, muyenera kusankha ndikuyika stack ya LAMP yokonzeka, yomwe ndi seti ya mapulogalamu a seva (LAMP = Linux, Apache, MySQL, PHP) yofunikira kuyendetsa mawebusayiti ambiri.
Sankhani kasinthidwe koyenera ka seva ndikupanga kiyi yatsopano ya SSH. Pambuyo podina batani la "Install", kukhazikitsa kwa seva ndi stack LAMP kudzayamba, izi zidzatenga nthawi. Dongosololi liperekanso kutsitsa kiyi yachinsinsi pakompyuta yanu kuti muzitha kuyendetsa makinawo kudzera pa console, sungani.
Pambuyo kukhazikitsa pulogalamuyi, tiyeni tikhazikitse chowotcha moto nthawi yomweyo, izi zimachitikanso muakaunti yanu: pitani kugawo la "Cloud computing -> Virtual Machine" ndikusankha "Kukhazikitsa chowotcha":
Muyenera kuwonjezera chilolezo cha magalimoto omwe akubwera kudzera padoko 80 ndi 9997. Izi ndizofunikira mtsogolomo kukhazikitsa ziphaso za SSL ndikugwira ntchito ndi phpMyAdmin. Chifukwa chake, ndondomekoyi iyenera kuwoneka motere:
Tsopano mutha kulumikizana ndi seva yanu kudzera pamzere wolamula pogwiritsa ntchito protocol ya SSH. Kuti muchite izi, lembani lamulo ili, ndikulozera pa kiyi ya SSH pakompyuta yanu ndi adilesi yakunja ya IP ya seva yanu (mutha kuipeza mu gawo la "Virtual Machine"):
$ ssh -i /ΠΏΡΡΡ/ΠΊ/ΠΊΠ»ΡΡΡ/key.pem ubuntu@<ip_ΡΠ΅ΡΠ²Π΅ΡΠ°>Mukalumikiza ku seva kwa nthawi yoyamba, tikulimbikitsidwa kuti muyike zosintha zonse zaposachedwa ndikuyambiranso. Kuti muchite izi, yendetsani malamulo awa:
$ sudo apt-get updateDongosolo lidzalandira mndandanda wazosintha, kuziyika pogwiritsa ntchito lamulo ili ndikutsatira malangizo:
$ sudo apt-get upgradeMukakhazikitsa zosintha, yambitsaninso seva:
$ sudo rebootGawo 2: Khazikitsani makamu enieni
Ambiri omwe sali opindula amafunika kusunga madera angapo kapena ma subdomain nthawi imodzi (mwachitsanzo, tsamba lalikulu ndi masamba angapo ofikira otsatsa, ndi zina). Zonsezi zitha kuyikidwa mosavuta pa seva imodzi popanga makamu angapo.
Choyamba tifunika kupanga chikwatu cha malo omwe adzawonetsedwe kwa alendo. Tiyeni tipange ndandanda:
$ sudo mkdir -p /var/www/a-dobra.ru/public_html$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_htmlNdipo tchulani mwiniwake wa wogwiritsa ntchito:
$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html
Zosiyanasiyana $USER lili ndi dzina lolowera lomwe mwalowamo (mwachisawawa uyu ndiye wogwiritsa ntchito ubuntu). Tsopano wogwiritsa ntchito pano ndiye eni ake public_html akalozera komwe tidzasunga zomwe zili.
Tiyeneranso kusintha zilolezo pang'ono kuti tiwonetsetse kuti kuwerengera kumaloledwa ku chikwatu chogawana nawo masamba ndi mafayilo onse ndi zikwatu zomwe zili. Izi ndizofunikira kuti masamba atsamba awoneke bwino:
$ sudo chmod -R 755 /var/wwwSeva yanu yapaintaneti iyenera kukhala ndi zilolezo zomwe ikufunika kuti iwonetse zomwe zili. Kuphatikiza apo, wogwiritsa ntchito tsopano ali ndi kuthekera kopanga zomwe zili m'makalata ofunikira.
Pali kale fayilo ya index.php mu /var/www/html chikwatu, tiyeni tiyikopere ku zolemba zathu zatsopano - izi zikhala zathu pakadali pano:
$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.phpTsopano muyenera kuonetsetsa kuti wosuta akhoza kupeza malo anu. Kuti tichite izi, tidzakhala tikukonzekera kaye mafayilo omwe ali nawo, omwe amatsimikizira momwe seva ya Apache idzayankhira zopempha kumadera osiyanasiyana.
Mwachikhazikitso, Apache ali ndi fayilo yolandira 000-default.conf yomwe tingagwiritse ntchito ngati poyambira. Tikopera izi kuti tipange mafayilo amtundu wamtundu uliwonse. Tiyamba ndi domeni imodzi, kuyikonza, kukopera ku domeni ina, kenako ndikusinthanso kofunikira.
Kusasinthika kwa Ubuntu kumafunikira kuti fayilo iliyonse yolandira alendo ikhale ndi *.conf yowonjezera.
Tiyeni tiyambe kukopera fayilo ya domain yoyamba:
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.confTsegulani fayilo yatsopano mu mkonzi wokhala ndi ufulu wa mizu:
$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf
Sinthani deta motere, kutchula doko 80, deta yanu ServerAdmin, ServerName, ServerAlias, komanso njira yopita kumizu yatsamba lanu, sungani fayilo (Ctrl + X, ndiye Y):
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName a-dobra.ru
ServerAlias www.a-dobra.ru
DocumentRoot /var/www/a-dobra.ru/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/a-dobra.ru/public_html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch .php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
</VirtualHost>
ServerName imakhazikitsa dera loyambira, lomwe liyenera kufanana ndi dzina la wolandira. Ili liyenera kukhala dzina lanu la domain. Chachiwiri, ServerAlias, imatanthawuza mayina ena omwe ayenera kutanthauziridwa ngati kuti ndi malo oyambirira. Izi ndizosavuta kugwiritsa ntchito mayina owonjezera, mwachitsanzo kugwiritsa ntchito www.
Tiyeni tikopere izi kwa wolandila wina ndikusinthanso chimodzimodzi:
$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.confMutha kupanga maupangiri ochulukirapo komanso osunga mawebusayiti anu momwe mukufunira! Tsopano popeza tapanga mafayilo athu enieni, tiyenera kuwapangitsa. Titha kugwiritsa ntchito a2ensite kuti tithandizire tsamba lathu lililonse monga chonchi:
$ sudo a2ensite a-dobra.ru.conf$ sudo a2ensite promo.a-dobra.ru.conf Mwachikhazikitso, port 80 imatsekedwa mu LAMP, ndipo tidzayifuna pambuyo pake kuti tiyike satifiketi ya SSL. Chifukwa chake tiyeni tisinthe nthawi yomweyo fayilo ya ports.conf ndikuyambitsanso Apache:
$ sudo nano /etc/apache2/ports.confOnjezani mzere watsopano ndikusunga fayilo kuti iwoneke motere:
Listen 80
Listen 443
Listen 9997Mukamaliza zoikamo, muyenera kuyambitsanso Apache kuti zosintha zonse zichitike:
$ sudo systemctl reload apache2Khwerero 3: Konzani mayina amtundu
Kenako, muyenera kuwonjezera zolemba za DNS zomwe zidzaloze ku seva yanu yatsopano. Kuwongolera madambwe, Arithmetic of Good Foundation yathu imagwiritsa ntchito ntchito ya dns-master.ru, tiwonetsa ndi chitsanzo.
Kukhazikitsa mbiri ya A pagawo lalikulu nthawi zambiri kumawonetsedwa motere (sign @):
Mbiri ya A yama subdomains nthawi zambiri imatchulidwa motere:
Adilesi ya IP ndi adilesi ya seva ya Linux yomwe tangopanga kumene. Mutha kutchula TTL = 3600.
Patapita nthawi, zidzatheka kukaona malo anu, koma pano kokha kupyolera http://. Mu sitepe yotsatira tidzawonjezera chithandizo https://.
Khwerero 4: Khazikitsani ziphaso zaulere za SSL
Mutha kupeza satifiketi za Let's Encrypt SSL zaulere patsamba lanu lalikulu ndi ma subdomain onse. Mukhozanso kukonza zosintha zawo zokha, zomwe ndi zabwino kwambiri. Kuti mupeze ziphaso za SSL, yikani Certbot pa seva yanu:
$ sudo add-apt-repository ppa:certbot/certbot
Ikani phukusi la Certbot la Apache pogwiritsa ntchito apt:
$ sudo apt install python-certbot-apache Tsopano Certbot yakonzeka kugwiritsa ntchito, yendetsani lamulo:
$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru
Lamuloli limayendetsa certbot, makiyi -d fotokozani mayina a madera omwe satifiketi iyenera kuperekedwa.
Ngati aka ndi koyamba kukhazikitsa certbot, mudzafunsidwa kuti mulowetse imelo yanu ndikuvomereza zomwe mungagwiritse ntchito. certbot idzalumikizana ndi Let's Encrypt seva ndikutsimikizira kuti mukuwongolera dera lomwe mudapempha satifiketi.
Zonse zikayenda bwino, certbot ikufunsani momwe mungakhazikitsire kasinthidwe ka HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):Tikukulimbikitsani kusankha njira 2 ndikudina ENTER. Kukonzekera kudzasinthidwa ndipo Apache adzayambiranso kugwiritsa ntchito zosinthazo.
Satifiketi zanu zatsitsidwa, zakhazikitsidwa ndikugwira ntchito. Yesani kutsegulanso tsamba lanu ndi https:// ndipo muwona chizindikiro chachitetezo mumsakatuli wanu. Ngati muyesa seva yanu , adzalandira giredi A.
Ma satifiketi a Let Encrypt ndi ovomerezeka kwa masiku 90 okha, koma phukusi la certbot lomwe tangokhazikitsa lizipanganso ziphaso zokha. Kuti tiyese ndondomeko yosinthira, titha kuchita certbot:
$ sudo certbot renew --dry-run Ngati simukuwona zolakwika zilizonse chifukwa chotsatira lamuloli, ndiye kuti zonse zikuyenda!
Khwerero 5: Pezani MySQL ndi phpMyAdmin
Mawebusayiti ambiri amagwiritsa ntchito database. Chida cha phpMyAdmin cha kasamalidwe ka database chakhazikitsidwa kale pa seva yathu. Kuti mupeze, pitani pa msakatuli wanu pogwiritsa ntchito ulalo ngati:
https://<ip-Π°Π΄ΡΠ΅Ρ ΡΠ΅ΡΠ²Π΅ΡΠ°>:9997Mawu achinsinsi ofikira mizu atha kupezeka mu akaunti yanu ya MCS (). Musaiwale kusintha chinsinsi chanu muzu koyamba mukalowa!
Khwerero 6: Khazikitsani kukweza mafayilo kudzera pa SFTP
Madivelopa adzapeza kuti ndizosavuta kukweza mafayilo patsamba lanu kudzera pa SFTP. Kuti tichite izi, tipanga wosuta watsopano, kumutcha webmaster:
$ sudo adduser webmasterDongosolo lidzakufunsani kuti muyike mawu achinsinsi ndikulowetsa zina.
Kusintha eni ake chikwatu ndi tsamba lanu:
$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_htmlTsopano tiyeni tisinthe masinthidwe a SSH kuti wogwiritsa ntchito watsopano azitha kupeza SFTP osati SSH terminal:
$ sudo nano /etc/ssh/sshd_configPitani kumapeto kwenikweni kwa fayilo yosinthira ndikuwonjezera chipika chotsatira:
Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding noSungani fayilo ndikuyambitsanso ntchito:
$ sudo systemctl restart sshdTsopano mutha kulumikizana ndi seva kudzera pa kasitomala aliyense wa SFTP, mwachitsanzo, kudzera mu FileZilla.
Zotsatira
- Tsopano mukudziwa momwe mungapangire zolemba zatsopano ndikusintha makamu enieni amasamba anu mkati mwa seva yomweyo.
- Mutha kupanga ziphaso zofunikira za SSL - ndi zaulere, ndipo zidzasinthidwa zokha.
- Mutha kugwira ntchito mosavuta ndi database ya MySQL kudzera pa phpMyAdmin yodziwika bwino.
- Kupanga maakaunti atsopano a SFTP ndikukhazikitsa ufulu wofikira sikufuna khama. Maakaunti oterowo amatha kusamutsidwa kwa opanga mawebusayiti a chipani chachitatu ndi oyang'anira webusayiti.
- Musaiwale kusinthira nthawi ndi nthawi, ndipo timalimbikitsanso kupanga zosunga zobwezeretsera - mu MCS mutha kutenga "zithunzi" zadongosolo lonse ndikudina kamodzi, ndiyeno, ngati kuli kofunikira, yambitsani zithunzi zonse.
Zida zogwiritsidwa ntchito zomwe zingakhale zothandiza:
Mwa njira, Mutha kuwerenga pa VC momwe maziko athu adaperekera nsanja yophunzirira pa intaneti kwa ana amasiye potengera mtambo wa MCS.
Source: www.habr.com