ProHoster > Blog > Tsamaiso > Cloud for Charities: Tataiso ea Phalliso

Cloud for Charities: Tataiso ea Phalliso

Cloud for Charities: Tataiso ea Phalliso

Haufinyane tjena, Mail.Ru Cloud Solutions (MCS) le tšebeletso ea Dobro Mail.Ru li ile tsa qala morero ona "Leru bakeng sa liphallelo”, ka lebaka leo mekhatlo e sa etseng phaello e ka fumanang lisebelisoa tsa sethala sa maru sa MCS mahala. Charitable Foundation "Arithmetic ea molemo» o nkile karolo morerong ona mme a atleha ho tsamaisa karolo ea meaho ea motheo e ipapisitseng le MCS.

Kamora ho feta netefatso, NPO e ka fumana bokhoni ba sebele ho tsoa ho MCS, empa tlhophiso e eketsehileng e hloka mangolo a itseng. Sehloohong sena, re batla ho arolelana litaelo tse tobileng tsa ho theha seva se thehiloeng ho Ubuntu Linux ho tsamaisa sebaka sa marang-rang sa mantlha le li-subdomain tse 'maloa tse sebelisang litifikeiti tsa mahala tsa SSL. Bakeng sa ba bangata, ena e tla ba tataiso e bonolo, empa re tšepa hore phihlelo ea rona e tla ba molemo ho mekhatlo e meng e sa etseng phaello, eseng feela.

FYI: U ka fumana eng ho MCS? 4 CPUs, 32 GB RAM, 1 TB HDD, Ubuntu Linux OS, 500 GB polokelo ea ntho.

Mohato oa 1: qala seva ea sebele

Ha re bueng ka ho toba 'me re thehe seva sa rona sa sebele ("setšoantšo") akhaonteng ea hau ea botho ea MCS. Ka lebenkeleng la lisebelisoa, o hloka ho khetha le ho kenya stack ea LAMP e lokiselitsoeng, e leng sete sa software ea seva (LAMP = Linux, Apache, MySQL, PHP) e hlokahalang ho tsamaisa liwebsaete tse ngata.

Cloud for Charities: Tataiso ea Phalliso
Cloud for Charities: Tataiso ea Phalliso
Cloud for Charities: Tataiso ea Phalliso
Khetha sebopeho se nepahetseng sa seva 'me u thehe senotlolo se secha sa SSH. Ka mor'a ho tobetsa konopo ea "kenya", ho kenngoa ha seva le stack ea LAMP ho tla qala, sena se tla nka nako. Sistimi e tla fana ka ho khoasolla senotlolo sa poraefete komporong ea hau ho tsamaisa mochini o sebetsang ka khomphutha, o e boloke.

Kamora ho kenya ts'ebeliso, ha re theheng firewall hang-hang, sena se etsoa le akhaonteng ea hau ea botho: e-ea karolong ea "Cloud computing -> Virtual Machine" ebe u khetha "Setting firewall":

Cloud for Charities: Tataiso ea Phalliso
U hloka ho kenya tumello bakeng sa sephethephethe se kenang ka port 80 le 9997. Sena sea hlokahala nakong e tlang ho kenya litifikeiti tsa SSL le ho sebetsa le phpMyAdmin. Ka lebaka leo, sete ea melao e lokela ho shebahala tjena:

Cloud for Charities: Tataiso ea Phalliso
Joale o ka hokela ho seva sa hau ka mohala oa taelo o sebelisa protocol ea SSH. Ho etsa sena, thaepa taelo e latelang, u supa konopo ea SSH khomphuteng ea hau le aterese ea IP e kantle ea seva ea hau (o ka e fumana karolong ea "Virtual Machine"):

$ ssh -i /путь/к/ключу/key.pem ubuntu@<ip_сервера>

Ha o hokela ho seva ka lekhetlo la pele, ho kgothaletswa ho kenya lisebelisoa tsohle tsa morao-rao ho eona le ho e qala hape. Ho etsa sena, tsamaisa litaelo tse latelang:

$ sudo apt-get update

Sistimi e tla fumana lethathamo la liapdeite, li kenye u sebelisa taelo ena 'me u latele litaelo:

$ sudo apt-get upgrade

Kamora ho kenya liapdeite, qala seva bocha:

$ sudo reboot

Mohato oa 2: Hlophisa li-hosts tsa sebele

Batho ba bangata ba sa etseng phaello ba hloka ho boloka libaka tse 'maloa kapa li-subdomain ka nako e le' ngoe (mohlala, sebaka sa marang-rang sa mantlha le maqephe a mangata a ho lulisa bakeng sa matšolo a papatso, jj.). Sena sohle se ka beoa ho seva se le seng ka ho theha mabotho a 'maloa a fumanehang.

Pele re hloka ho theha sebopeho sa li-directory bakeng sa libaka tse tla bontšoa ho baeti. Ha re theheng li-directory tse ling:

$ sudo mkdir -p /var/www/a-dobra.ru/public_html

$ sudo mkdir -p /var/www/promo.a-dobra.ru/public_html

'Me u hlalose mong'a mosebelisi oa hajoale:

$ sudo chown -R $USER:$USER /var/www/a-dobra.ru/public_html

$ sudo chown -R $USER:$USER /var/www/promo.a-dobra.ru/public_html

E fapaneng $USER e na le lebitso la mosebelisi leo u keneng ka tlas'a lona hajoale (ka ho sa feleng enoa ke mosebelisi ubuntu). Hona joale mosebelisi oa hajoale o na le li-directory tsa public_html moo re tla boloka litaba teng.

Re boetse re hloka ho hlophisa litumello hanyane ho etsa bonnete ba hore phihlello ea ho bala e lumelletsoe bukeng ea webo e arolelanoang le lifaele le lifoldara tsohle tseo e nang le tsona. Sena sea hlokahala hore maqephe a sebaka sa marang-rang a hlahe hantle:

$ sudo chmod -R 755 /var/www

Seva ea hau ea marang-rang e tlameha ho ba le litumello tseo e li hlokang ho hlahisa litaba. Ho feta moo, mosebelisi oa hau joale o na le bokhoni ba ho theha litaba ho li-directory tse hlokahalang.

Ho se ho ntse ho e-na le faele ea index.php bukeng ea /var/www/html, a re e kopitsitseng ho li-directory tsa rona tse ncha - tsena e tla ba litaba tsa rona hajoale:

$ cp /var/www/html/index.php /var/www/a-dobra.ru/public_html/index.php

$ cp /var/www/html/index.php /var/www/promo.a-dobra.ru/public_html/index.php

Hona joale o hloka ho etsa bonnete ba hore mosebelisi a ka kena sebakeng sa hau sa marang-rang. Ho etsa sena, re tla qala ho lokisa lifaele tsa moamoheli, tse khethollang hore na seva sa marang-rang sa Apache se tla arabela joang likopo tsa libaka tse fapaneng.

Ka linako tsohle, Apache e na le faele ea moamoheli ea 000-default.conf eo re ka e sebelisang e le qalo. Re tla kopitsa sena ho theha lifaele tsa moamoheli bakeng sa sebaka se seng le se seng sa rona. Re tla qala ka domain name e le 'ngoe, re e hlophise, re e kopille sebakeng se seng, ebe re etsa liphetoho tse hlokahalang hape.

Tokiso ea kamehla ea Ubuntu e hloka hore faele e 'ngoe le e 'ngoe ea moamoheli e be le * .conf katoloso.

Ha re qale ka ho kopitsa faele bakeng sa sebaka sa pele:

$ sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/a-dobra.ru.conf

Bula faele e ncha ho mohlophisi o nang le litokelo tsa motso:

$ sudo nano /etc/apache2/sites-available/a-dobra.ru.conf

Fetola lintlha ka tsela e latelang, u totobatsa boema-kepe ba 80, data ea hau bakeng sa ServerAdmin, ServerName, ServerAlias, hammoho le tsela e eang mohloling oa motso oa sebaka sa hau sa marang-rang, boloka faele (Ctrl + X, ebe Y):

<VirtualHost *:80>
 
    ServerAdmin [email protected]
    ServerName a-dobra.ru
    ServerAlias www.a-dobra.ru
 
    DocumentRoot /var/www/a-dobra.ru/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
 
    <Directory /var/www/a-dobra.ru/public_html>
        Options -Indexes +FollowSymLinks +MultiViews
        AllowOverride All
        Require all granted
    </Directory>
 
    <FilesMatch .php$>
        SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/"
    </FilesMatch>
 
</VirtualHost>

ServerName e beha sebaka sa mantlha, se tlamehang ho ts'oana le lebitso la moamoheli. Ena e tlameha ho ba lebitso la hau la domain. Ea bobeli, ServerAlias, e hlalosa mabitso a mang a lokelang ho hlalosoa joalokaha eka ke sebaka se ka sehloohong. Sena se loketse ho sebelisa mabitso a mang a marang-rang, mohlala ho sebelisa www.

Ha re kopise tlhophiso ena bakeng sa moamoheli e mong hape re e hlophise ka tsela e tšoanang: 

$ sudo cp /etc/apache2/sites-available/a-dobra.ru.conf /etc/apache2/sites-available/promo.a-dobra.ru.conf

U ka theha li-directory le li-host tse ngata bakeng sa liwebsaete tsa hau kamoo u ratang! Kaha joale re thehile lifaele tsa rona tsa moamoheli, re hloka ho li nolofalletsa. Re ka sebelisa sesebelisoa sa a2ensite ho nolofalletsa sebaka se seng le se seng sa rona joalo ka:

$ sudo a2ensite a-dobra.ru.conf

$ sudo a2ensite promo.a-dobra.ru.conf

Ka ho sa feleng, port 80 e koetsoe ka LAMP, 'me re tla e hloka hamorao ho kenya setifikeiti sa SSL. Kahoo ha re fetoleng hanghang faele ea ports.conf ebe re qala Apache bocha:

$ sudo nano /etc/apache2/ports.conf

Kenya mola o mocha 'me u boloke faele hore e shebahale tjena: 

Listen 80
Listen 443
Listen 9997

Kamora ho qeta litlhophiso, o hloka ho qala Apache bocha hore liphetoho tsohle li sebetse:

$ sudo systemctl reload apache2

Mohato oa 3: Beha mabitso a domain

Ka mor'a moo, o hloka ho eketsa lirekoto tsa DNS tse tla supa ho seva sa hau se secha. Ho laola libaka, Arithmetic of Good Foundation ea rona e sebelisa tšebeletso ea dns-master.ru, re tla e bontša ka mohlala.

Ho theha rekoto ea A bakeng sa domain name hangata ho bonts'oa ka tsela e latelang (sign @):

Cloud for Charities: Tataiso ea Phalliso
Rekoto ea A bakeng sa li-subdomain hangata e hlalosoa tjena:

Cloud for Charities: Tataiso ea Phalliso
Aterese ea IP ke aterese ea seva ea Linux eo re sa tsoa e theha. O ka hlakisa TTL = 3600.

Kamora nako e itseng, ho tla khonahala ho etela sebaka sa hau sa marang-rang, empa hajoale feela ka http://. Mohato o latelang re tla eketsa tšehetso https://.

Mohato oa 4: Theha litifikeiti tsa mahala tsa SSL

U ka fumana litifikeiti tsa mahala tsa Let's Encrypt SSL bakeng sa sebaka sa hau sa marang-rang sa mantlha le li-subdomain tsohle. U ka boela ua hlophisa nchafatso ea bona ea othomathiki, e leng bonolo haholo. Ho fumana litifikeiti tsa SSL, kenya Certbot ho seva sa hau:

$ sudo add-apt-repository ppa:certbot/certbot

Kenya sephutheloana sa Certbot bakeng sa ho sebelisa Apache apt:

$ sudo apt install python-certbot-apache

Joale Certbot e se e loketse ho sebelisoa, tsamaisa taelo:

$ sudo certbot --apache -d a-dobra.ru -d www.a-dobra.ru -d promo.a-dobra.ru

Taelo ena e tsamaisa certbot, linotlolo -d hlalosa mabitso a libaka tseo setifikeiti se lokelang ho fanoa ka tsona.

Haeba e le lekhetlo la pele u hlahisa certbot, u tla kopuoa ho kenya aterese ea hau ea lengolo-tsoibila 'me u lumellane le lipehelo tsa ts'ebeliso ea ts'ebeletso. certbot e tla ikopanya le seva ea Let's Encrypt ebe e netefatsa hore ehlile u laola sebaka seo u se kopileng setifikeiti sa sona.

Haeba tsohle li tsamaile hantle, certbot e tla botsa hore na u batla ho hlophisa tlhophiso ea HTTPS joang:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Re khothaletsa ho khetha khetho ea 2 ebe o tobetsa ENTER. Tlhophiso e tla ntlafatsoa 'me Apache e tla tsosolosoa ho sebelisa liphetoho.

Lisetifikeiti tsa hau li se li jarollotsoe, li kentsoe ebile lia sebetsa. Leka ho kenya sebaka sa hau sa marang-rang hape ka https:// 'me u tla bona letšoao la ts'ireletso ho sebatli sa hau. Haeba u leka seva ea hau Teko ea Seva ea SSL Labs, o tla fumana A grade.

Setifikeiti sa Let's Encrypt se sebetsa matsatsi a 90 feela, empa sephutheloana sa certbot seo re sa tsoa se kenya se tla nchafatsa litifikeiti ka bohona. Ho leka ts'ebetso ea ntlafatso, re ka etsa ts'ebetso e omileng ea certbot:

$ sudo certbot renew --dry-run

Haeba u sa bone liphoso ka lebaka la ho tsamaisa taelo ena, joale tsohle lia sebetsa!

Hata 5: Fumana MySQL le phpMyAdmin

Liwebsaete tse ngata li sebelisa li-database. Sesebelisoa sa phpMyAdmin sa taolo ea database se se se kentsoe ho seva sa rona. Ho e fumana, ea ho sebatli sa hau u sebelisa sehokelo se kang:

https://<ip-адрес сервера>:9997

Lekunutu la phihlello ea metso le ka fumanoa akhaonteng ea hau ea MCS (https://mcs.mail.ru/app/services/marketplace/apps/). Se ke oa lebala ho fetola phasewete ea hau ea motso ha u qala ho kena!

Mohato oa 6: Beha ho kenya faele ka SFTP

Bahlahisi ba tla fumana ho le bonolo ho kenya lifaele sebakeng sa hau sa marang-rang ka SFTP. Ho etsa sena, re tla theha mosebelisi e mocha, re mo bitse webmaster:

$ sudo adduser webmaster

Sistimi e tla u kopa hore u behe phasewete ebe u kenya lintlha tse ling.

Ho fetola mong'a bukana ka sebaka sa hau sa Marang-rang: 

$ sudo chown -R webmaster:webmaster /var/www/a-dobra.ru/public_html

Joale ha re fetoleng tlhophiso ea SSH e le hore mosebelisi e mocha a be le phihlello ea SFTP eseng terminal ea SSH: 

$ sudo nano /etc/ssh/sshd_config

Tsamaisetsa qetellong ea faele ea tlhophiso 'me u kenye block e latelang:

Match User webmaster
ForceCommand internal-sftp
PasswordAuthentication yes
ChrootDirectory /var/www/a-dobra.ru
PermitTunnel no
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no

Boloka faele 'me u qale tšebeletso hape:

$ sudo systemctl restart sshd

Hona joale o ka hokahanya le seva ka mofani ofe kapa ofe oa SFTP, mohlala, ka FileZilla.

Phello

  1. Hona joale o tseba ho etsa li-directory tse ncha le ho lokisa li-host host tsa liwebsaete tsa hau ka har'a seva e le 'ngoe.
  2. U ka etsa litifikeiti tse hlokahalang tsa SSL habonolo - ke mahala, 'me li tla nchafatsoa ka bohona.
  3. U ka sebetsa habonolo le database ea MySQL ka phpMyAdmin e tloaelehileng.
  4. Ho theha liakhaonto tse ncha tsa SFTP le ho theha litokelo tsa phihlello ha ho hloke boiteko bo boholo. Liakhaonto tse joalo li ka fetisetsoa ho baetsi ba marang-rang le batsamaisi ba sebaka sa marang-rang.
  5. U se ke ua lebala ho ntlafatsa nako le nako, 'me re boetse re khothalletsa ho etsa li-backups - ho MCS u ka nka "li-snapshots" tsa tsamaiso eohle ka ho tobetsa hanngoe, ebe, ha ho hlokahala, qala litšoantšo tsohle.

Lisebelisoa tse ka sebelisoang tse ka thusang:

https://www.digitalocean.com/community/tutorials/apache-ubuntu-14-04-lts-ru
https://www.digitalocean.com/community/tutorials/apache-let-s-encrypt-ubuntu-18-04-ru
https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-18-04

Tseleng, mona U ka bala ho VC kamoo motheo oa rona o sebelisitseng sethala sa thuto ea inthaneteng bakeng sa likhutsana ho latela leru la MCS.

Source: www.habr.com

Eketsa ka tlhaloso