E leʻi leva atu, Mail.Ru Cloud Solutions (MCS) ma le Dobro Mail.Ru auaunaga na faʻalauiloa le poloketi "”, fa'afetai i fa'alāpotopotoga e leai ni tupe mama e mafai ona maua ai alagaoa o le MCS cloud platform e aunoa ma se totogi. Faavae alofa"» sa auai i le poloketi ma fa'atino lelei se vaega o ana atina'e fa'avae ile MCS.
A maeʻa ona pasia le faʻamaoniga, e mafai e le NPO ona maua le malosi faʻapitoa mai le MCS, ae o le isi faʻatulagaga e manaʻomia ai ni agavaa faapitoa. I totonu o lenei mea, matou te mananaʻo e faʻasoa faʻatonuga faʻapitoa mo le faʻatulagaina o se Ubuntu Linux-based server e faʻatautaia ai le upega tafaʻilagi autu autu ma le tele o subdomains e faʻaaoga ai tusi faamaonia SSL saoloto. Mo le toʻatele, o le a avea lenei ma taʻiala faigofie, ae matou te faʻamoemoe o le a aoga lo matou poto masani mo isi faʻalapotopotoga e le o ni tupe mama, ma e le gata.
FYI: O le a se mea e te maua mai le MCS? 4 PPU, 32 GB RAM, 1 TB HDD, Ubuntu Linux OS, 500 GB mea e teu ai mea.
Laasaga 1: fa'alauiloa le server virtual
Se'i o tatou oo sa'o i le tulaga ma fai la tatou server virtual (fa'aigoa "fa'ata'ita'iga") i lau tala patino a le MCS. I totonu o le faleoloa app, e tatau ona e filifilia ma faʻapipiʻi se faʻapipiʻi LAMP ua saunia, o se seti o polokalama faʻapipiʻi (LAMP = Linux, Apache, MySQL, PHP) e manaʻomia e faʻatautaia ai le tele o upega tafaʻilagi.
Filifili le faʻatulagaina o le server talafeagai ma fatuina se ki SSH fou. A uma ona kiliki i luga o le "Install" button, o le a amata le faʻapipiʻiina o le server ma le LAMP stack, o le a umi se taimi. O le a ofoina atu foi e le faiga e sii maia se ki patino i lau komepiuta e pulea ai le masini komepiuta e ala i le faamafanafanaga, sefe.
A maeʻa ona faʻapipiʻi le talosaga, ia vave faʻapipiʻi le firewall, e faia foi i lau lava tala: alu i le "Cloud computing -> Virtual machines" vaega ma filifili "Setting the firewall":
E te mana'omia le fa'aopoopoina o le fa'atagaga mo femalagaiga o lo'o o'o mai ile taulaga 80 ma le 9997. E manaʻomia lenei mea i le lumanaʻi e faʻapipiʻi ai tusi faamaonia SSL ma galue ma phpMyAdmin. O se taunuuga, o le seti o tulafono e tatau ona foliga faapenei:
O lea e mafai ona e faʻafesoʻotaʻi i lau 'auʻaunaga e ala i le laina faʻatonu e faʻaaoga ai le SSH protocol. Ina ia faia lenei mea, lolomi le poloaiga lenei, tusi i le SSH ki i luga o lau komepiuta ma le tuatusi IP fafo o lau 'auʻaunaga (e mafai ona e mauaina i le vaega "Virtual machines"):
$ ssh -i /путь/к/ключу/key.pem ubuntu@<ip_сервера>Pe a faʻafesoʻotaʻi i le server mo le taimi muamua, e fautuaina e faʻapipiʻi uma faʻafouga o loʻo iai nei ma toe faʻafou. Ina ia faia lenei mea, fa'atonu tulafono nei:
$ sudo apt-get updateO le a maua e le polokalama se lisi o faʻafouga, faʻapipiʻi i latou e faʻaaoga ai lenei poloaiga ma mulimuli i faatonuga:
$ sudo apt-get upgradeA maeʻa ona faʻapipiʻi faʻafouga, toe amata le server:
$ sudo rebootLaasaga 2: Faʻatulaga 'au faʻapitoa
E mana'omia e le tele o nonprofits le tausia o ni vaega po'o ni subdomains i le taimi e tasi (mo se fa'ata'ita'iga, o se upega tafa'ilagi autu ma nisi o itulau e tula'i mai mo fa'asalalauga fa'alauiloa, ma isi). O nei mea uma e mafai ona tuʻuina lelei i luga o le tasi 'auʻaunaga e ala i le fatuina o ni 'au faʻapitoa.
Muamua tatou te manaʻomia le fatuina o se faʻasologa o faʻamaumauga mo nofoaga o le a faʻaalia i tagata asiasi. Se'i o tatou faia ni fa'atonuga:
$ sudo mkdir -p /var/www/a-dobra.ru/public_html$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_htmlMa faʻamaonia le tagata e ona le tagata faʻaoga o loʻo iai nei:
$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html
Fesuiaiga $USER o lo'o i ai le igoa ole igoa o lo'o e saini ai i totonu (e ala i le fa'aogaina o le tagata fa'aoga ubuntu). O le taimi nei o le tagata fa'aoga o lo'o iai nei le public_html directories lea o le a matou teuina ai mea.
Matou te manaʻomia foʻi le faʻasaʻoina o faʻatagaga ina ia mautinoa o loʻo faʻatagaina le avanoa faitau i le lisi o upega tafaʻilagi ma faila uma ma faila o loʻo i ai. E mana'omia lea mo le fa'aali sa'o o itulau o le saite:
$ sudo chmod -R 755 /var/wwwO lau 'upega tafaʻilagi e tatau ona iai nei faʻatagaga e manaʻomia e faʻaalia ai mea. E le gata i lea, o loʻo i ai nei i lau tagata faʻaoga le tomai e fatuina ai mea i totonu o lisi manaʻomia.
O lo'o i ai se faila index.php i le /var/www/html directory, se'i o tatou kopi i la tatou lisi fou - o le a avea lea ma a tatou mea mo le taimi nei:
$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.phpOle taimi nei e tatau ona e faʻamautinoa e mafai e le tagata faʻaoga ona maua lau 'upega tafaʻilagi. Ina ia faia lenei mea, o le a matou faʻapipiʻi muamua faila faila talimalo, lea e fuafua ai pe faʻafefea ona tali atu le upega tafaʻilagi a Apache i talosaga i vaega eseese.
Ona o le faaletonu, o Apache o loʻo i ai se faila host virtual 000-default.conf e mafai ona tatou faʻaogaina e fai ma amataga. O le a matou kopiina lenei mea e fai ai faila talimalo mo'i mo a matou vaega ta'itasi. O le a tatou amata i le tasi vaega, fetuutuunai, kopi i se isi vaega, ona toe fai lea o suiga talafeagai.
O le fa'aogaina o le Ubuntu e mana'omia ai le fa'aopoopoina o *.conf faila ta'itasi.
Tatou amata i le kopiina o le faila mo le vaega muamua:
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.confTatala se faila fou i se faatonu ma aia tatau:
$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf
Fa'asa'o fa'amaumauga e pei ona ta'ua i lalo, fa'amaonia le taulaga 80, au fa'amatalaga mo ServerAdmin, ServerName, ServerAlias, faʻapea foʻi ma le ala i le root directory o lau 'upega tafaʻilagi, sefe le faila (Ctrl+X, ona Y):
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName a-dobra.ru
ServerAlias www.a-dobra.ru
DocumentRoot /var/www/a-dobra.ru/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/a-dobra.ru/public_html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch .php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
</VirtualHost>
ServerName seti le vaega autu, lea e tatau ona fetaui ma le igoa talimalo virtual. E tatau ona avea lou igoa ole igoa. Tulaga lua, ServerAlias, fa'amatalaina isi igoa e tatau ona fa'amatalaina e pei o le vaega muamua. E faigofie lenei mea mo le fa'aogaina o igoa fa'aopoopo, mo se fa'ata'ita'iga fa'aoga www.
Sei o tatou kopiina lenei faʻaoga mo se isi talimalo ma faʻasaʻo i le auala lava e tasi:
$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.confE mafai ona e fatuina le tele o faʻatonuga ma 'au faʻapitoa mo au upega tafaʻilagi e te manaʻo ai! I le taimi nei ua matou fatuina a matou faila talimalo virtual, matou te manaʻomia le faʻatagaina. E mafai ona matou faʻaogaina le aoga a2ensite e mafai ai a matou nofoaga taʻitasi e pei o lenei:
$ sudo a2ensite a-dobra.ru.conf$ sudo a2ensite promo.a-dobra.ru.conf Ona o le faaletonu, ua tapunia le port 80 i LAMP, ma o le a matou manaʻomia mulimuli ane e faʻapipiʻi ai se tusi faamaonia SSL. O lea seʻi o tatou faʻasaʻo vave le faila ports.conf ona toe amata ai lea o Apache:
$ sudo nano /etc/apache2/ports.confFa'aopoopo se laina fou ma sefe le faila e pei o lenei:
Listen 80
Listen 443
Listen 9997A maeʻa le faʻatulagaina, e tatau ona e toe amata Apache mo suiga uma e faʻaaogaina:
$ sudo systemctl reload apache2Laasaga 3: Seti igoa ole igoa
Le isi, e manaʻomia lou faʻaopoopoina o faʻamaumauga DNS o le a faasino i lau 'auʻaunaga fou. Mo le puleaina o vaega, o loʻo faʻaaogaina e le matou Arithmetic of Good Foundation le dns-master.ru auaunaga, matou te faʻaalia i se faʻataʻitaʻiga.
O le faʻatulagaina o se faʻamaumauga A mo le vaega autu e masani ona faʻaalia e pei ona taua i lalo (sign @):
O le faamaumauga A mo subdomains e masani ona faʻamaonia e pei o lenei:
O le tuatusi IP o le tuatusi o le Linux server lea faatoa matou fatuina. E mafai ona e faʻamaonia TTL = 3600.
A maeʻa sina taimi, o le a mafai ona asiasi i lau 'upega tafaʻilagi, ae mo le taimi nei naʻo http://. I le isi laasaga o le a matou faʻaopoopoina le lagolago https://.
Laasaga 4: Seti tusi faamaonia SSL saoloto
E mafai ona e maua fua tusi Let's Encrypt SSL mo lau 'upega tafaʻilagi autu ma subdomains uma. E mafai foʻi ona e faʻatulagaina a latou faʻafouga otometi, lea e faigofie tele. Ina ia maua tusi faamaonia SSL, faʻapipiʻi Certbot i lau 'auʻaunaga:
$ sudo add-apt-repository ppa:certbot/certbot
Faʻapipiʻi le pusa Certbot mo Apache faʻaoga apt:
$ sudo apt install python-certbot-apache O lea ua sauni Certbot e faʻaaoga, faʻatonu le poloaiga:
$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru
O lenei poloaiga e faʻatautaia certbot, ki -d fa'amatala igoa ole tuatusi e tatau ona tu'uina atu ai le tusi pasi.
Afai o le taimi muamua lea e te faʻalauiloa ai le certbot, o le a talosagaina oe e ulufale i lau tuatusi imeli ma malilie i aiaiga o le faʻaogaina o le auaunaga. certbot o le a faʻafesoʻotaʻi le Let's Encrypt server ona faʻamaonia lea e te pulea moni le vaega na e talosagaina ai le tusi faamaonia.
Afai e lelei mea uma, o le a fesili certbot pe faʻapefea ona e manaʻo e faʻapipiʻi le faʻatulagaga HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):Matou te fautuaina le filifilia o le filifiliga 2 ma oomi le ENTER. O le a faʻafouina le faʻatulagaina ma o le a toe amataina Apache e faʻaoga suiga.
Ua la'u mai nei au tusipasi, fa'apipi'i ma galue. Taumafai e toe uta lau 'upega tafaʻilagi i https:// ma o le a e vaʻaia le faʻailoga saogalemu i lau suʻega. Afai e te su'eina lau 'au'aunaga , o le a ia maua se togi A.
Let's Encrypt certificates e na'o le 90 aso e aoga, ae o le certbot package na matou fa'apipi'iina e otometi lava ona fa'afouina tusipasi. Ina ia faʻataʻitaʻiina le faʻagasologa o le faʻafouga, e mafai ona matou faia se faʻamago o le certbot:
$ sudo certbot renew --dry-run Afai e te le vaʻai i ni mea sese ona o le faʻatinoina o lenei poloaiga, o loʻo galue mea uma!
Laasaga 5: Avanoa MySQL ma phpMyAdmin
Le tele o upega tafaʻilagi e faʻaogaina faʻamaumauga. O le meafaigaluega phpMyAdmin mo le puleaina o faʻamaumauga ua uma ona faʻapipiʻiina i luga o la matou 'auʻaunaga. Ina ia maua, alu i lau su'esu'ega e fa'aoga ai se so'oga e pei o:
https://<ip-адрес сервера>:9997E mafai ona maua le upu faataga mo a'a i lau tala patino MCS (). Aua ne'i galo e sui lau upu fa'aa'a i le taimi muamua e te ulufale ai!
Laasaga 6: Seti faila faila e ala i le SFTP
O le a maua e le au atinaʻe le faigofie e tuʻuina atu faila mo lau 'upega tafaʻilagi e ala i le SFTP. Ina ia faia lenei mea, matou te fatuina se tagata fou, valaau ia te ia webmaster:
$ sudo adduser webmasterO le a fai atu le faiga ia te oe e seti se upu faataga ma ulufale i nisi faamatalaga.
Suia le tagata e ona le lisi i lau 'upega tafaʻilagi:
$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_htmlSei o tatou sui le SSH config ina ia mafai e le tagata fou ona maua le avanoa i le SFTP ae le o le SSH terminal:
$ sudo nano /etc/ssh/sshd_configFa'asolo i le pito tonu o le faila fa'aopoopo ma fa'aopoopo le poloka lea:
Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding noFaasaoina le faila ma toe amata le auaunaga:
$ sudo systemctl restart sshdO lea e mafai ona e faʻafesoʻotaʻi i le 'auʻaunaga e ala i soʻo se SFTP client, mo se faʻataʻitaʻiga, e ala i le FileZilla.
Le iʻuga
- O lea ua e iloa le auala e fai ai lisi fou ma faʻapipiʻi 'au faʻapitoa mo au 'upega tafaʻilagi i totonu o le server tutusa.
- E faigofie ona e fatuina tusi faamaonia SSL e manaʻomia - e leai se totogi, ma e otometi lava ona faʻafouina.
- E mafai ona e galue faʻatasi ma le MySQL database e ala i le masani phpMyAdmin.
- O le fatuina o tala fou SFTP ma le setiina o aia tatau e le manaʻomia ai se taumafaiga tele. O ia tala e mafai ona tu'uina atu i le au atina'e upega tafa'ilagi lona tolu ma pule o nofoaga.
- Aua neʻi galo e faʻafouina le polokalama i lea taimi ma lea taimi, ma matou fautuaina foi le faia o faʻamaumauga - i le MCS e mafai ona e puʻeina "snapshots" o le polokalama atoa i le kiliki e tasi, ona, pe a manaʻomia, faʻalauiloa ata atoa.
Punaoa fa'aoga e ono aoga:
I le ala, E mafai ona e faitau i luga ole VC pe faʻapefea ona faʻaogaina e le matou faʻavae se faʻavae mo aʻoaʻoga i luga ole laiga mo tamaiti matuaoti e faʻavae i luga ole MCS cloud.
puna: www.habr.com