Men o'z portfelimni Laravel 7 yordamida yaratishga qaror qildim. Shunday qilib, asosiy sahifa ochilish sahifasi bo'lib, undagi barcha ma'lumotlar admin paneli yordamida o'zgartirilishi mumkin. Gap emas. Joylashtirish uchun keldi. Men buni qanday qilish bo'yicha bir nechta yaxshi qo'llanmalarni topdim, barcha muammolar bilan to'laqonli serverda. Men tarqatishda unchalik kuchli emasman; Men to'liq stekdan ko'ra ko'proq oldindaman. Va agar men hali ham PHP-da yozish va sinab ko'rishim mumkin bo'lsa, serverni boshqarishdan oldin va hokazo. Men hali katta bo'lmaganman. Lekin men buni tushunishim kerak edi.
Endi biz SSH orqali ishga tushirishdan boshlab va ishchi saytgacha bo'lgan barcha bosqichlarni ko'rib chiqamiz. Biz barcha tuzoqlardan qochishga harakat qilamiz.
Siz shunga o'xshash ko'rsatmalarni Internetda topishingiz mumkin. Axir, men uni nihoyat topdim. To'g'ri, bir joyda emas, StackOverflow yordamisiz emas va rus tilida deyarli. azob chekdim. Shuning uchun men sizning hayotingizni soddalashtirishga qaror qildim.
Biz DigitalOcean-da hamma narsani bir tomchi bilan qilamiz. Bu, albatta, kerak emas, istalgan hostingni tanlang. Ubuntu'da ishlaydigan serverga kirganingizda, qaytib keling. Hali ham buni DigitalOcean-da qilishga qaror qilganlar uchun domenni sozlash bo'yicha ko'proq maslahatlar bo'ladi. Shuningdek
DigitalOcean-ga xos barcha qadamlar shunga o'xshash izohlarda beriladi.
Boshlaymiz.
TL;DR (faqat asosiy buyruqlar)
Foydalanuvchi yarating
ssh root@[IP-Π°Π΄ΡΠ΅Ρ Π²Π°ΡΠ΅Π³ΠΎ Π΄ΡΠΎΠΏΠ»Π΅ΡΠ°]
adduser laravel
usermod -aG sudo laravel
su laravel
Unga SSH qo'shing
mkdir ~/.ssh
chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys
- Umumiy kalitni kiriting
chmod 600 ~/.ssh/authorized_keys
Xavfsizlik devori
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status
nginx
sudo apt update
sudo apt install -y nginx
sudo ufw allow 'Nginx HTTP'
sudo ufw status
MySQL
sudo apt install -y mysql-server
sudo mysql_secure_installation
,NYNNY
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ Π΄Π»Ρ MySQL>';
SELECT user,authentication_string,plugin,host FROM mysql.user;
FLUSH PRIVILEGES;
exit
PHP
-
sudo apt update
-
sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
-
sudo apt-add-repository ppa:ondrej/php
-
sudo apt update
-
7.3:
sudo apt install -y php7.3-fpm php7.3-mysql
-
7.4:
sudo apt install -y php7.4-fpm php7.4-mysql
-
sudo vim /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
Asosiy sozlash:
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ =404;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
Laravel uchun faqat HTTP sozlamalari:
server {
listen 80;
listen [::]:80;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
Laravel uchun HTTPS sozlamalari:
server {
listen 80;
listen [::]:80;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
ssl_certificate /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
sudo ln -s /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> /etc/nginx/sites-enabled/
sudo unlink /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx
Laravel
-
7.3:
sudo apt install -y php7.3-mbstring php7.3-xml composer unzip
-
7.4:
sudo apt install -y php7.4-mbstring php7.4-xml composer unzip
-
mysql -u root -p
-
CREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
-
GRANT ALL ON laravel.* TO 'root'@'localhost' IDENTIFIED BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>';
-
FLUSH PRIVILEGES;
-
exit
-
cd /var/www/html
-
sudo mkdir -p <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
sudo chown laravel:laravel <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
cd ./<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
git clone <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
/git clone -b <ΠΈΠΌΡ Π²Π΅ΡΠΊΠΈ> --single-branch <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
-
composer install
-
vim .env
APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>
-
php artisan migrate
-
php artisan key:generate
-
sudo chown -R $USER:www-data storage
-
sudo chown -R $USER:www-data bootstrap/cache
-
chmod -R 775 storage
-
chmod -R 775 bootstrap/cache
HTTPS
-
sudo add-apt-repository ppa:certbot/certbot
-
sudo apt install -y python-certbot-nginx
-
sudo certbot certonly --webroot --webroot-path=/var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public -d <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> -d www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
-
sudo nginx -t
-
sudo ufw allow 'Nginx HTTPS'
-
sudo ufw status
-
sudo systemctl reload nginx
DigitalOcean-da tomchi yarating va yangi SSH kalitini ro'yxatdan o'tkazing
Siz DigitalOcean-da qanday ro'yxatdan o'tishni o'zingiz aniqlab olishingizga chin dildan ishonaman. Bu juda ko'p tekshiruvlar va boshqa narsalar bilan oson emas. Hujjatlardan foydalanishni tekshirishda siz doimo tarmoq xatosiga duch kelsangiz, hamma narsani VPN orqali bajarishga harakat qiling, bu yordam berishi kerak.
Yuqoridagi menyuda bosing yaratish->Tomchilar. Tanlang Ubuntu.
Ro'yxatdan o'tganingizdan so'ng siz hisobingizga $100 olasiz. Lekin aldanmang. Uni sarflash uchun atigi 60 kuningiz bor. Va bu juda oz. Siz, men kabi, qimmatroq rejadan foydalanishni xohlashingiz mumkin, shunda keyinroq, haqiqiy pul oqib chiqa boshlaganda, siz arzonroqqa o'tishingiz mumkin. Men sizga darhol aytaman, bu ishlamaydi. Siz uni oshirishingiz mumkin, lekin kamaytira olmaysiz. Shunday qilib ketadi. Men tanlayman Standard->$5.
Bizga eng yaqin hududni tanlayman Frankfurt. VPC tarmog'i->default-fra1
Biz darhol SSH orqali autentifikatsiyani amalga oshiramiz. bosing Yangi SSH kaliti. Agar sizda SSH bo'lmasa, o'ng tomonda juda oddiy ko'rsatmalar mavjud. Bash terminalini oching va joylashtiring
ssh-keygen
. Keyin ochiq kalit bilan faylga o'tamiz/Users/<ΠΠ°ΡΠ΅ ΠΈΠΌΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ>/.ssh/id_rsa.pub
(yoki oddiyginacat ~/.ssh/id_rsa.pub
), tarkibni nusxalash va chapdagi oynaga joylashtirish. Har qanday ism.Biz tomchi uchun xost nomini topamiz.
Bu yerni bosing Droplet yarating
Yangi foydalanuvchi yarating
ssh root@[IP-Π°Π΄ΡΠ΅Ρ Π²Π°ΡΠ΅Π³ΠΎ Π΄ΡΠΎΠΏΠ»Π΅ΡΠ°]
- Ulanishni davom ettirmoqchimisiz (ha/yo'q/[barmoq izi])?
yes
- SSH parolingizni kiriting
- Foydalanuvchi yarating laravel:
adduser laravel
- Parol va boshqa ma'lumotlarni kiriting (faqat to'liq ismni kiritaman)
- Foydalanuvchini sudo guruhiga qo'shing:
usermod -aG sudo laravel
Yangi foydalanuvchi uchun SSH
- Yangi foydalanuvchiga o'tish:
su laravel
Biz barcha harakatlarni maqolaning oxirigacha laravel foydalanuvchisi nomidan amalga oshiramiz. Shuning uchun, agar siz to'satdan uzilib qolsangiz, qayta kiring va kiring su laravel
mkdir ~/.ssh
chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys
Biz faylni Vim-da ochdik. Agar u bilan umuman tanish bo'lmasangiz, Nano'da ishlashingiz mumkin, sizning huquqingiz.
Eng asosiy Vim buyruqlari
Maqola davomida Vim muharriridan foydalanish uchun siz faqat quyidagilarni bilishingiz kerak.
- Vim turli rejimlarga ega: Oddiy rejim, unda siz buyruqlar kiritasiz va rejimlarni va boshqalarni tanlaysiz.
- Har qanday rejimdan chiqish va normal rejimga qaytish uchun tugmani bosish kifoya
Esc
- Harakat qiling: siz shunchaki o'qlardan foydalanishingiz mumkin
- Saqlamasdan chiqing
<Normal mode>
::q!
- Chiqish va saqlash
<Normal mode>
::wq
- Matn kiritish rejimiga o'tish
<Normal mode>
:i
(ingliz tilidan. qo'shing)
- Biz ochiq kalitni kiritamiz (yuqorida qilganmiz)
- Biz o'zgarishlardan himoya qilamiz:
chmod 600 ~/.ssh/authorized_keys
Xavfsizlik devorini o'rnatish
- Keling, barcha mavjud sozlamalarni ko'rib chiqaylik:
sudo ufw app list
- OpenSSHga ruxsat bering (aks holda u bizni bloklaydi):
sudo ufw allow OpenSSH
- Keling, xavfsizlik devorini ishga tushiramiz:
sudo ufw enable
,y
- Biz tekshiramiz:
sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Hammasi joyida.
Nginx o'rnatilmoqda
O'rnatish vaqtida sizdan ba'zan "Ishonchingiz komilmi?" Javob y
(yaxshi, faqat ishonchingiz komil bo'lsa).
sudo apt update
sudo apt install nginx
Xavfsizlik devori sozlamalariga Nginx qo'shilmoqda
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
IP-ga o'ting. Agar hamma narsa yaxshi bo'lsa, siz quyidagilarni ko'rishingiz kerak.
MySQL o'rnatilmoqda
sudo apt install mysql-server
- Avtomatik himoya skriptini ishga tushirish
sudo mysql_secure_installation
Berilgan savollarga javob bering. Agar nima deb javob berishni bilmasangiz, quyidagi variantlar taklif etiladi:
-
Parol plaginini tasdiqlash -
N
-
Anonim foydalanuvchilar olib tashlansinmi? β
Y
-
Masofadan kirishga ruxsat berilsinmi? β
N
-
Sinov ma'lumotlar bazasini olib tashlash va unga kirish kerakmi? β
N
-
Imtiyozli jadvallar hozir qayta yuklansinmi? β
Y
-
Keling, MySQL-ga o'tamiz:
sudo mysql
-
Keling, kirish usullarini ko'rib chiqaylik:
SELECT user,authentication_string,plugin,host FROM mysql.user;
-
Root uchun parol o'rnating:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ Π΄Π»Ρ MySQL>';
-
Keling, kirish usullarini yana ko'rib chiqaylik:
SELECT user,authentication_string,plugin,host FROM mysql.user;
-
O'zgarishlarni qo'llang va MySQL-dan chiqing:
FLUSH PRIVILEGES;
ΠΈexit
-
Endi MySQL-ga kirish uchun siz foydalanishingiz kerak
mysql -u root -p
va parolni kiriting
PHP o'rnatilmoqda
Keling, uchinchi tomon omboridan foydalanaylik
sudo apt update
sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
sudo apt-add-repository ppa:ondrej/php
sudo apt update
Endi tanlaylik. Laravel 7 uchun siz PHP 7.3 yoki 7.4 ni tanlashingiz mumkin. Faqatgina farq 3 va 4 raqamlarida bo'ladi.
- 7.3:
sudo apt install -y php7.3-fpm php7.3-mysql
- 7.4:
sudo apt install -y php7.4-fpm php7.4-mysql
PHP FastCGI Process Manager (fpm) PHP so'rovlari bilan ishlaydi. mysql, albatta, MySQL bilan ishlash uchun.
Bundan buyon men hamma narsani 7.4 da qilaman.
Nginx o'rnatilmoqda
sudo vim /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
β<Domeningiz>β oΚ»rniga domenni kiriting (masalan, mysite.ru
) kelajakda foydalanmoqchi bo'lgan. Agar sizda hali yo'q bo'lsa, uni yozing, so'ngra uni tanlaganingizda domeningiz uchun ushbu bobdagi amallarni takrorlang.
Quyidagilarni kiriting:
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ =404;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
Buning o'rniga 7.3 versiyasini tanlagan bo'lsangiz php7.4-fpm.sock
yozing php7.4-fpm.sock
.
80-portni tinglang server_name
ildiz so'roviga kelganimizda /var/www/html
indeks faylini oling. Agar keyin server_name
Biror narsa bor, biz bunday faylni qidirmoqdamiz. Agar topmasak, 404 ni tashlaymiz. Agar u bilan tugasa .php
, orqali o'tish fpm
... Agar bo'lsa .ht
, taqiqlash (403).
- dan havola qilish
sites-available
Π²sites-enabled
:sudo ln -s /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> /etc/nginx/sites-enabled/
- Havolani olib tashlash
default
:sudo unlink /etc/nginx/sites-enabled/default
- Xatolarni tekshirish:
sudo nginx -t
- Qayta ishga tushirish:
sudo systemctl reload nginx
Ishni tekshirish:
sudo vim /var/www/html/info.php
- Biz yozamiz:
<?php phpinfo();
- Keling, boraylik
<ΠΠ°Ρ IP>/info.php
Siz shunga o'xshash narsani ko'rishingiz kerak:
Endi ushbu fayl o'chirilishi mumkin: sudo rm /var/www/html/info.php
Laravel-ni o'rnating
-
7.3:
sudo apt install php7.3-mbstring php7.3-xml composer unzip
-
7.4:
sudo apt install php7.4-mbstring php7.4-xml composer unzip
-
Keling, MySQL-ga o'tamiz:
mysql -u root -p
-
Nomi bilan ma'lumotlar bazasini yarating laravel:
CREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
-
Biz ildizga kirishni ta'minlaymiz laravel:
GRANT ALL ON laravel.* TO 'root'@'localhost' IDENTIFIED BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>';
-
FLUSH PRIVILEGES;
-
exit
-
cd /var/www/html
-
Loyiha uchun papka yarating:
sudo mkdir -p <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
Biz foydalanuvchini taqdim etamiz laravel loyihaga bo'lgan huquqlar:
sudo chown laravel:laravel <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
Keyinchalik siz loyihani o'tkazishingiz kerak. Masalan, Github'dan klonlash.
cd ./<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
git clone <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
Shuni hisobga olish kerakki, agar siz statik fayllarni saqlamagan bo'lsangiz (masalan, dan /public
) Github-da, keyin tabiiy ravishda sizda ular bo'lmaydi. Masalan, men buni hal qilish uchun alohida mavzu yaratdim deploy
, men allaqachon klonlaganman: git clone -b <ΠΈΠΌΡ Π²Π΅ΡΠΊΠΈ> --single-branch <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
.
- Bog'liqlarni o'rnatish:
composer install
- .env yarating:
vim .env
Uning asosiy versiyasi quyidagicha ko'rinadi:
APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>
Agar siz .env dan nusxa koβchirsangiz, APP_ENV ni ishlab chiqarish bilan, APP_DEBUG ni yolgβon bilan almashtiring va MySQL uchun toβgβri sozlamalarni kiriting.
- Ma'lumotlar bazasini ko'chirish:
php artisan migrate
- Kodni yaratish:
php artisan key:generate
Ruxsatlarni o'zgartirish:
sudo chown -R $USER:www-data storage
sudo chown -R $USER:www-data bootstrap/cache
chmod -R 775 storage
chmod -R 775 bootstrap/cache
Qolgan oxirgi narsa - Nginx-ni Laravel uchun qayta sozlash:
sudo vim /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
server {
listen 80;
listen [::]:80;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
O'tgan safargidek, uning o'rniga 7.3 versiyasini tanlagan bo'lsangiz php7.4-fpm.sock
yozing php7.4-fpm.sock
.
DigitalOcean-da domenni sozlash
Hammasi aslida juda oddiy. Siz domen sotib olasiz (istalgan joyda), DigitalOcean-ga o'ting yaratish->Domenlar/DNS. V to'liq Domen qo'shing siz ushbu domenga kirasiz va qo'shish tugmasini bosing. Keyin domen sozlamalariga va maydonga o'ting HOST NAME kiriting @. Loyihani tanlang va ustiga bosing Yozuv yaratish.
Endi domenni sotib olgan saytga o'ting, u erda "DNS serverlar" ni (yoki shunga o'xshash narsani) toping va DigitalOcean serverlarini kiriting (ya'ni.ns1.digitalocean.com
,ns2.digitalocean.com
,ns3.digitalocean.com
). Endi siz ushbu sozlamalar qabul qilinmaguncha biroz (yoki ko'p) kutishingiz kerak. Tayyor!
Yagona muammo shundaki, sizning saytingiz faqat HTTP sifatida ochiladi. HTTPS-ga ega bo'lish uchun keyingi qismga o'ting.
HTTPS sozlanmoqda
Certbot-ni o'rnating va unga domen nomini bering (format mysite.ru
) va domen nomi www (www.mysite.ru
).
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx
sudo certbot certonly --webroot --webroot-path=/var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public -d <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> -d www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
Endi siz Nginx-ni qayta sozlashingiz kerak (qiymatlaringizni almashtirishni unutmang):
server {
listen 80;
listen [::]:80;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
ssl_certificate /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
O'ylaymanki, siz PHP 7.3 uchun nimani o'zgartirish kerakligini allaqachon tushungansiz.
Bu erda, aslida, hamma narsa oddiy. Biz barcha so'rovlarni HTTP (80-port) dan HTTPS-ga (443-port) yo'naltiramiz. Va u erda biz hamma narsani avvalgidek qilamiz, lekin shifrlash bilan.
Faqat xavfsizlik devorida ruxsatlarni o'rnatish qoladi:
sudo nginx -t
sudo ufw app list
sudo ufw allow 'Nginx HTTPS'
sudo ufw status
sudo systemctl reload nginx
Endi hamma narsa kerakli tarzda ishlashi kerak.
[Kengaytirilgan] Node.js oΚ»rnatilmoqda
Agar siz to'satdan npm buyruqlarini to'g'ridan-to'g'ri serverda ishga tushirishingiz kerak bo'lsa, Node.js ni o'rnatishingiz kerak.
sudo apt update
sudo apt install -y nodejs npm
nodejs -v
Mana, men bu bosqichda to'xtadim. Umuman olganda, men natijadan mamnunman. Ehtimol, DigitalOcean'dan Rossiyaga yaqinroq va arzonroq joyga o'taman. Ammo men saytdagi barcha tekshirish bosqichlaridan o'tganim va u erda hamma narsani qilganim uchun men ularni misol qilib ko'rsatdim. Bundan tashqari, ularning boshlang'ich 100 dollari mashg'ulotlar uchun ajoyib tramplindir.
PS Muallifga alohida rahmat
PPS Agar siz bash buyruqlarida o'ylaydigan eng yaxshi muhandis bo'lsangiz, iltimos, qattiq hukm qilmang. Siz ushbu maqolani past darajada deb bilishingiz mumkin, lekin men kerak bo'lganda uni topishdan xursand bo'lardim. Agar yaxshilash bo'yicha takliflar bo'lsa, men bunga tayyorman.
Manba: www.habr.com