Munguva pfupi yapfuura, Mail.Ru Cloud Solutions (MCS) uye sevhisi yeDobro Mail.Ru yakatanga chirongwa ichi "β, nekuda kwekuti masangano asingabatsiri anogona kuwana zviwanikwa zveMCS Cloud platform mahara. Charitable Foundation "Β»akatora chikamu muchirongwa uye akabudirira kuendesa chikamu chezvivakwa zvaro zvichibva paMCS.
Mushure mekupasa kusimbiswa, NPO inogona kugamuchira chaiwo simba kubva kuMCS, asi imwe gadziriso inoda humwe hunhu. Mune ino chinyorwa, isu tinoda kugovera yakananga mirairo yekumisikidza Ubuntu Linux-based server yekumhanyisa iyo main hwaro webhusaiti uye akati wandei ma subdomain achishandisa emahara SSL zvitupa. Kune vakawanda, iyi ichava nhungamiro iri nyore, asi isu tinotarisira kuti ruzivo rwedu ruchabatsira kune mamwe masangano asingabatsiri, uye kwete chete.
FYI: Chii chaungawane kubva kuMCS? 4 CPUs, 32 GB RAM, 1 TB HDD, Ubuntu Linux OS, 500 GB chinhu chekuchengetedza.
Nhanho 1: vhura iyo virtual server
Ngatitorei takananga padanho uye tigadzire yedu chaiyo sevha (aka "muenzaniso") mune yako MCS account account. Muchitoro cheapp, iwe unofanirwa kusarudza nekuisa yakagadzirira-yakagadzirwa LAMP stack, iri seti ye server software (LAMP = Linux, Apache, MySQL, PHP) inodiwa kumhanya mazhinji mawebhusaiti.
Sarudza iyo yakakodzera server kumisikidzwa uye gadzira nyowani SSH kiyi. Mushure mekudzvanya bhatani re "Isa", kuiswa kweseva uye LAMP stack kuchatanga, izvi zvinotora nguva. Iyo sisitimu inozopawo kurodha yakavanzika kiyi komputa yako kubata iyo chaiyo muchina kuburikidza nekoni, chengetedza.
Mushure mekuisa iyo application, ngatitangei nekumisikidza firewall, izvi zvinoitwa zvakare muakaundi yako yega: enda kuchikamu che "Cloud computing -> Virtual machines" uye sarudza "Kuisa firewall":
Iwe unofanirwa kuwedzera mvumo yeinouya traffic kuburikidza nechiteshi 80 uye 9997. Izvi zvinodikanwa mune ramangwana kuisa SSL zvitupa uye kushanda ne phpMyAdmin. Nekuda kweizvozvo, iyo seti yemitemo inofanirwa kutaridzika seizvi:
Iye zvino unogona kubatana kune server yako kuburikidza nemutsara wekuraira uchishandisa SSH protocol. Kuti uite izvi, nyora murairo unotevera, uchinongedza kiyi yeSSH pakombuta yako uye kero yekunze yeIP yeserver yako (unogona kuiwana muchikamu che "Virtual machines"):
$ ssh -i /ΠΏΡΡΡ/ΠΊ/ΠΊΠ»ΡΡΡ/key.pem ubuntu@<ip_ΡΠ΅ΡΠ²Π΅ΡΠ°>Kana uchibatanidza kune sevha kekutanga, zvinokurudzirwa kuisa zvese zvazvino zvigadziriso pairi uye woitangazve. Kuti uite izvi, shandisa mirairo inotevera:
$ sudo apt-get updateIyo sisitimu inogashira runyorwa rwezvigadziriso, isa ivo uchishandisa uyu murairo uye tevera mirairo:
$ sudo apt-get upgradeMushure mekuisa zvigadziriso, tangazve sevha:
$ sudo rebootDanho rechipiri: Seta ma virtual host
Mazhinji asiri purofiti anofanirwa kuchengetedza akati wandei kana subdomain panguva imwe chete (semuenzaniso, webhusaiti huru uye akati wandei mapeji ekumhara ekushambadzira mishandirapamwe, nezvimwewo). Zvese izvi zvinogona kuiswa zviri nyore pane imwe sevha nekugadzira akati wandei madhijitari.
Kutanga isu tinofanirwa kugadzira dhairekitori dhizaini yemasaiti ayo acharatidzwa kune vashanyi. Ngatigadzire mamwe madhairekitori:
$ sudo mkdir -p /var/www/a-dobra.ru/public_html$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_htmlUye tsanangura muridzi weazvino mushandisi:
$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html
Variable $USER ine zita rekushandisa iro rawakapinda pasi paro (nekudaro uyu ndiye mushandisi ubuntu) Ikozvino mushandisi ari muridzi wepublic_html madhairekitori kwatinozochengeta zvirimo.
Isu tinodawo kugadzirisa mvumo zvishoma kuti tive nechokwadi chekuti kuverenga kunobvumirwa kune yakagovaniswa dhairekitori rewebhu uye ese mafaera nemaforodha arimo. Izvi zvinodikanwa kuti mapeji esaiti aratidze nenzira kwayo:
$ sudo chmod -R 755 /var/wwwYako webhu server inofanirwa kuve nemvumo yainoda kuratidza zvirimo. Pamusoro pezvo, mushandisi wako iye zvino ane kugona kugadzira zvirimo mumadhairekitori anodiwa.
Patova neindex.php faira mu /var/www/html dhairekitori, ngatiikopei kune edu matsva madhairekitori - izvi zvichange zviri zvedu izvozvi:
$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.phpIye zvino iwe unofanirwa kuve nechokwadi chekuti mushandisi anogona kuwana yako saiti. Kuti tiite izvi, isu tichatanga gadzirisa iyo chaiyo yekugamuchira mafaera, ayo anoona kuti iyo Apache web server ichapindura sei kune zvikumbiro kune akasiyana madomasi.
Nekuda kwekusagadzika, Apache ine chaiyo host file 000-default.conf yatinogona kushandisa sepokutangira. Tichakopa izvi kuti tigadzire mafaera ega ega ega ega edu. Tichatanga nedomeine imwe, toigadzirisa, toikopa kune imwe dura, tobva tagadzirisa zvinodiwa zvakare.
Kugadzirisa kweUbuntu kunoda kuti faira yega yega yega ine *.conf extension.
Ngatitange nekukopa faira rekutanga domain:
$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.confVhura faira idzva mupepeti ine midzi kodzero:
$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf
Rongedza iyo data sezvinotevera, uchitsanangura port 80, data rako re ServerAdmin, ServerName, ServerAlias, pamwe chete nenzira inoenda kumudzi wedhairekitori resaiti yako, chengetedza iyo faira (Ctrl + X, ipapo Y):
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName a-dobra.ru
ServerAlias www.a-dobra.ru
DocumentRoot /var/www/a-dobra.ru/public_html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory /var/www/a-dobra.ru/public_html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
<FilesMatch .php$>
SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
</FilesMatch>
</VirtualHost>
ServerName inoseta iyo yekutanga domain, iyo inofanirwa kuenderana neiyo chaiyo host zita. Iri rinofanira kunge riri zita rako rezita. Chepiri, ServerAlias, rinotsanangura mamwe mazita anofanira kududzirwa sokunge kuti ndiwo muzinda mukuru. Izvi zvakanakira kushandisa mamwe mazita emazita, semuenzaniso kushandisa www.
Ngatikope iyi config kune imwe host uye zvakare kuigadzirisa nenzira imwecheteyo:
$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.confIwe unogona kugadzira akawanda madhairekitori uye chaiwo mauto emawebhusaiti ako sezvaunoda! Iye zvino zvatakagadzira yedu chaiyo yekugamuchira mafaera, isu tinofanirwa kuvagonesa. Isu tinogona kushandisa iyo a2ensite utility kugonesa imwe neimwe yemasaiti edu seizvi:
$ sudo a2ensite a-dobra.ru.conf$ sudo a2ensite promo.a-dobra.ru.conf Nekusagadzikana, port 80 yakavharwa muLAMP, uye isu tichaida gare gare kuti tiise SSL chitupa. Saka ngatigadzirise iyo ports.conf faira uye tozotangazve Apache:
$ sudo nano /etc/apache2/ports.confWedzera mutsara mutsva uye chengetedza faira kuti riite seizvi:
Listen 80
Listen 443
Listen 9997Mushure mekupedza zvigadziriso, unofanirwa kutangazve Apache kuti shanduko dzese dziite:
$ sudo systemctl reload apache2Danho rechitatu: Seta mazita emazita
Tevere, iwe unofanirwa kuwedzera DNS marekodhi anonongedzera kune yako nyowani server. Kugadzirisa madomasi, yedu Arithmetic yeGood Foundation inoshandisa iyo dns-master.ru sevhisi, isu tichairatidza nemuenzaniso.
Kumisikidza A-rekodhi yenzvimbo huru inowanzo ratidzwa sezvinotevera (sign @):
Iyo A rekodhi ye subdomain inowanzotsanangurwa seizvi:
Iyo IP kero ndiyo kero yeLinux server yatichangogadzira. Unogona kutsanangura TTL = 3600.
Mushure menguva yakati, zvinokwanisika kushanyira saiti yako, asi ikozvino chete kuburikidza http://. Mudanho rinotevera tichawedzera rutsigiro https://.
Nhanho 4: Gadzira emahara SSL zvitupa
Unogona kuwana mahara Ngatisimbisei SSL zvitupa zvesaiti yako huru uye ese ma subdomain. Iwe unogona zvakare kugadzirisa yavo otomatiki yekuvandudza, iri nyore kwazvo. Kuti uwane zvitupa zveSSL, isa Certbot pane yako server:
$ sudo add-apt-repository ppa:certbot/certbot
Isa iyo Certbot package yeApache uchishandisa apt:
$ sudo apt install python-certbot-apache Iye zvino Certbot yagadzirira kushandisa, mhanyisa iwo murairo:
$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru
Uyu murairo unomhanya certbot, makiyi -d tsanangura mazita emadomasi anofanirwa kupihwa chitupa.
Kana aka kari kekutanga kuvhura certbot, iwe unozokumbirwa kuisa yako email kero uye kubvumirana nemitemo yekushandisa sevhisi. certbot inozobata iyo Let's Encrypt server uye wobva waona kuti iwe unonyatso kudzora iyo domain yawakakumbira chitupa.
Kana zvese zvikafamba zvakanaka, certbot inobvunza kuti unoda kugadzirisa sei HTTPS kumisikidzwa:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):Tinokurudzira kusarudza sarudzo 2 nekudzvanya ENTER. Iyo gadziriso ichagadziridzwa uye Apache ichatangwazve kushandisa shanduko.
Zvitupa zvako zvave kudhaunirodwa, kuiswa uye kushanda. Edza kurodhazve saiti yako ne https:// uye uchaona chiratidzo chekuchengetedza mubrowser yako. Kana ukaedza server yako , achawana giredhi reA.
Let's Encrypt zvitupa zvinongoshanda kwemazuva makumi mapfumbamwe chete, asi certbot package yatichangoisa ichavandudza zvitupa otomatiki. Kuti uedze maitiro ekuvandudza, isu tinogona kuita yakaoma kumhanya kwecertbot:
$ sudo certbot renew --dry-run Kana iwe usingaone chero zvikanganiso semhedzisiro yekumhanyisa uyu murairo, saka zvese zviri kushanda!
Step 5: Svika MySQL uye phpMyAdmin
Mawebhusaiti mazhinji anoshandisa dhatabhesi. Iyo phpMyAdmin chishandiso chekuchengetedza database yakatoiswa pane yedu server. Kuti uwane iyo, enda kubrowser yako uchishandisa chinongedzo senge:
https://<ip-Π°Π΄ΡΠ΅Ρ ΡΠ΅ΡΠ²Π΅ΡΠ°>:9997Iyo password yekuwana mudzi inogona kuwanikwa muMCS yako account account () Usakanganwa kushandura midzi password yako kekutanga paunopinda!
Nhanho 6: Seta faira kurodha kuburikidza neSFTP
Vagadziri vanozoona zviri nyore kurodha mafaera ewebhusaiti yako kuburikidza neSFTP. Kuti tiite izvi, isu tichagadzira mushandisi mutsva, kumudaidza kuti webmaster:
$ sudo adduser webmasterIyo sisitimu inokukumbira kuti uise password uye uise imwe data.
Kuchinja muridzi wedhairekitori newebhusaiti yako:
$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_htmlZvino ngatichinje SSH config kuitira kuti mushandisi mutsva awane mukana weSFTP uye kwete SSH terminal:
$ sudo nano /etc/ssh/sshd_configSkroka kusvika kumagumo efaira rekugadzirisa uye wedzera chivharo chinotevera:
Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding noSevha iyo faira uye wotangazve sevhisi:
$ sudo systemctl restart sshdIye zvino unogona kubatana kune sevha kuburikidza nechero SFTP mutengi, semuenzaniso, kuburikidza neFileZilla.
Mugumisiro
- Iye zvino iwe unoziva kugadzira madhairekitori matsva uye kugadzirisa chaiwo mauto emawebhusaiti ako mukati meiyo server.
- Iwe unogona kugadzira zviri nyore zvitupa zveSSL zvinodikanwa - ndezvemahara, uye ivo vanozogadziridzwa otomatiki.
- Unogona kushanda zviri nyore neMySQL dhatabhesi kuburikidza neyakajairika phpMyAdmin.
- Kugadzira maakaundi matsva eSFTP uye kumisikidza kodzero dzekuwana hazvidi kushanda nesimba. Maakaunti akadaro anogona kuendeswa kune wechitatu-bato webhu vanogadzira uye saiti maneja.
- Usakanganwa kupota uchigadzirisa sisitimu, uye isu tinokurudzirawo kugadzira mabhapu - muMCS unogona kutora "snapshots" yehurongwa hwese nekudzvanya kamwe, uyezve, kana zvichidikanwa, vhura mifananidzo yese.
Zvishandiso zvinoshandiswa zvinogona kubatsira:
Nenzira, Unogona kuverenga paVC kuti hwaro hwedu hwakaisa sei chikuva chedzidzo yepamhepo yenherera zvichibva pagore reMCS.
Source: www.habr.com