Nginqume ukwenza iphothifoliyo yami ngisebenzisa i-Laravel 7. Ukuze ikhasi eliyinhloko libe yikhasi lokufika, futhi lonke ulwazi olukulo lungashintshwa kusetshenziswa iphaneli yokulawula. Hhayi iphuzu. Kwafika ekusetshenzisweni. Ngithole izifundo ezimbalwa ezinhle zokuthi ungakwenza kanjani lokhu kuseva egcwele ngokugcwele nazo zonke izinkinga. Anginamandla kakhulu ekusetshenzisweni; ngokuvamile ngingaphambili kakhulu kunesitaki esigcwele. Futhi, uma ngisengakwazi ukubhala nokuhlola ku-PHP, ngaphambi kokuphatha iseva, njll. Angikakakhuli. Kodwa kwadingeka ngikuqonde.
Manje sizodlula kuzo zonke izinyathelo, siqale ngokuqalisa nge-SSH futhi sigcine ngesayithi lokusebenza. Sizozama ukugwema zonke izingibe.
Ungase ukwazi ukuthola imiyalo efanayo ku-inthanethi. Phela ngagcina ngiyitholile. Yiqiniso, hhayi endaweni eyodwa, ngaphandle kosizo lwe-StackOverflow, futhi neze ngesiRashiya. Ngahlupheka. Yingakho nginqume ukwenza impilo yakho ibe lula.
Sizokwenza konke nge-droplet ku-DigitalOcean. Lokhu, vele, akudingekile; khetha noma yikuphi ukusingathwa. Uma ufika kuseva esebenzayo ku-Ubuntu, buya. Kulabo abasanquma ukukwenza ku-DigitalOcean, kuzoba namathiphu amaningi okusetha isizinda. Futhi
Zonke izinyathelo eziqondene ne-DigitalOcean zizonikezwa kumibhalo yaphansi efana nalawa.
Ake siqale.
TL;DR (imiyalo eyisisekelo kuphela)
Dala umsebenzisi
ssh root@[IP-Π°Π΄ΡΠ΅Ρ Π²Π°ΡΠ΅Π³ΠΎ Π΄ΡΠΎΠΏΠ»Π΅ΡΠ°]
adduser laravel
usermod -aG sudo laravel
su laravel
Engeza i-SSH kuyo
mkdir ~/.ssh
chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys
- Faka ukhiye osesidlangalaleni
chmod 600 ~/.ssh/authorized_keys
I-Firewall
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status
Nginx
sudo apt update
sudo apt install -y nginx
sudo ufw allow 'Nginx HTTP'
sudo ufw status
MySQL
sudo apt install -y mysql-server
sudo mysql_secure_installation
,NYNNY
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ Π΄Π»Ρ MySQL>';
SELECT user,authentication_string,plugin,host FROM mysql.user;
FLUSH PRIVILEGES;
exit
PHP
-
sudo apt update
-
sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
-
sudo apt-add-repository ppa:ondrej/php
-
sudo apt update
-
7.3:
sudo apt install -y php7.3-fpm php7.3-mysql
-
7.4:
sudo apt install -y php7.4-fpm php7.4-mysql
-
sudo vim /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
Ukusethwa okuyisisekelo:
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ =404;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
Ukusethwa kwe-HTTP kuphela kwe-Laravel:
server {
listen 80;
listen [::]:80;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
Ukulungiselelwa kwe-HTTPS kwe-Laravel:
server {
listen 80;
listen [::]:80;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
ssl_certificate /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
sudo ln -s /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> /etc/nginx/sites-enabled/
sudo unlink /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx
I-Laravel
-
7.3:
sudo apt install -y php7.3-mbstring php7.3-xml composer unzip
-
7.4:
sudo apt install -y php7.4-mbstring php7.4-xml composer unzip
-
mysql -u root -p
-
CREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
-
GRANT ALL ON laravel.* TO 'root'@'localhost' IDENTIFIED BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>';
-
FLUSH PRIVILEGES;
-
exit
-
cd /var/www/html
-
sudo mkdir -p <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
sudo chown laravel:laravel <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
cd ./<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
git clone <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
/git clone -b <ΠΈΠΌΡ Π²Π΅ΡΠΊΠΈ> --single-branch <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
-
composer install
-
vim .env
APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>
-
php artisan migrate
-
php artisan key:generate
-
sudo chown -R $USER:www-data storage
-
sudo chown -R $USER:www-data bootstrap/cache
-
chmod -R 775 storage
-
chmod -R 775 bootstrap/cache
I-HTTPS
-
sudo add-apt-repository ppa:certbot/certbot
-
sudo apt install -y python-certbot-nginx
-
sudo certbot certonly --webroot --webroot-path=/var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public -d <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> -d www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
-
sudo nginx -t
-
sudo ufw allow 'Nginx HTTPS'
-
sudo ufw status
-
sudo systemctl reload nginx
Dala i-droplet ku-DigitalOcean bese ubhalisa ukhiye omusha we-SSH
Ngikholelwa ngempela ukuthi uzokwazi ukuthi ungabhalisa kanjani ne-DigitalOcean ngokwakho. Akulula, ngokuqinisekiswa okuningi nezinye izinto. Uma uhlala uthola iphutha lenethiwekhi lapho uqinisekisa usebenzisa amadokhumenti, zama ukwenza yonke into nge-VPN, kufanele kusize.
Kumenyu engaphezulu, chofoza Dala->Amaconsi. Khetha Ubuntu.
Uma nje ubhalisa, uzothola u-$100 ku-akhawunti yakho. Kodwa ungakhohliswa. Unezinsuku ezingu-60 kuphela zokuyisebenzisa. Futhi lokhu kuncane kakhulu. Ungase, njengami, ufune ukusebenzisa uhlelo olubiza kakhulu, ukuze kamuva, lapho imali yangempela iqala ukugeleza, ungashintshela eshibhile. Ngizokutshela ngokushesha ukuthi ngeke kusebenze. Ungayandisa, kodwa awukwazi ukuyinciphisa. Ngakho kuhamba. ngiyakhetha Standard->$5.
Ngikhetha isifunda esiseduzane nathi Frankfurt. Inethiwekhi ye-VPC->okuzenzakalelayo-fra1
Sizokwenza ukuqinisekiswa ngokushesha nge-SSH. Chofoza Ukhiye omusha we-SSH. Uma ungenayo i-SSH, kunemiyalo elula kakhulu kwesokudla. Vula itheminali ye-bash bese unamathisela
ssh-keygen
. Bese siya efayeleni ngokhiye womphakathi/Users/<ΠΠ°ΡΠ΅ ΠΈΠΌΡ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Ρ>/.ssh/id_rsa.pub
(noma umanecat ~/.ssh/id_rsa.pub
), kopisha okuqukethwe bese ukunamathisele efasiteleni kwesokunxele. Noma yiliphi igama.Seza negama lomethuleli we-droplet.
Phusha Dala i-Droplet
Dala umsebenzisi omusha
ssh root@[IP-Π°Π΄ΡΠ΅Ρ Π²Π°ΡΠ΅Π³ΠΎ Π΄ΡΠΎΠΏΠ»Π΅ΡΠ°]
- Uqinisekile ukuthi ufuna ukuqhubeka nokuxhuma (yebo/cha/[izigxivizo zeminwe])?
yes
- Faka iphasiwedi yakho ye-SSH
- Dala umsebenzisi laravel:
adduser laravel
- Faka iphasiwedi yakho nolunye ulwazi (Ngifaka kuphela Igama Eligcwele)
- Engeza umsebenzisi eqenjini le-sudo:
usermod -aG sudo laravel
I-SSH yomsebenzisi omusha
- Shintshela kumsebenzisi omusha:
su laravel
Senza zonke izenzo ngokuqhubekayo, kuze kube sekupheleni kwesihloko, egameni lomsebenzisi we-laravel. Ngakho-ke, uma uphazamiseka kungazelelwe, ngena kabusha bese ungena su laravel
mkdir ~/.ssh
chmod 700 ~/.ssh
vim ~/.ssh/authorized_keys
Savula ifayela ku-Vim. Uma ungayazi nhlobo, ungasebenza ku-Nano, ilungelo lakho.
Imiyalo eyisisekelo ye-Vim
Ukuze usebenzise umhleli we-Vim kuso sonke isihloko, udinga nje ukwazi okulandelayo.
- I-Vim inezinhlobo ezahlukene: Imodi evamile, lapho ufaka khona imiyalo bese ukhetha amamodi nokunye.
- Ukuphuma kunoma iyiphi imodi bese ubuyela kumodi evamile, vele ucindezele
Esc
- Hamba uzungeze: ungasebenzisa imicibisholo nje
- Phuma ngaphandle kokulondoloza
<Normal mode>
::q!
- Phuma bese ugcine
<Normal mode>
::wq
- Shintshela kwimodi yokufaka umbhalo
<Normal mode>
:i
(kusuka esiNgisini. ukufaka)
- Sifaka ukhiye wethu osesidlangalaleni (esikwenze ngenhla)
- Sivikela ezinguqukweni:
chmod 600 ~/.ssh/authorized_keys
Ifaka i-firewall
- Ake sibheke zonke izilungiselelo ezitholakalayo:
sudo ufw app list
- Vumela i-OpenSSH (uma kungenjalo izosikhiya):
sudo ufw allow OpenSSH
- Masiqalise i-firewall:
sudo ufw enable
,y
- Sihlola:
sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Konke kuhamba kahle.
Ifaka i-Nginx
Ngesikhathi sokufakwa kwesinye isikhathi uzobuzwa ukuthi "Uqinisekile?" Phendula y
(kahle, kuphela uma uqinisekile).
sudo apt update
sudo apt install nginx
Ukwengeza i-Nginx kuzilungiselelo ze-firewall
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
Iya ku-IP yakho. Uma konke kuhamba kahle, kufanele ubone okulandelayo.
Ifaka i-MySQL
sudo apt install mysql-server
- Kwethulwa umbhalo wokuvikela ozenzakalelayo
sudo mysql_secure_installation
Phendula imibuzo ebuziwe. Uma ungazi ukuthi uphendule ini, nazi ezinye izinketho eziphakanyisiwe:
-
Qinisekisa i-plugin yephasiwedi -
N
-
Susa abasebenzisi abangaziwa? -
Y
-
Ungavumeli ukungena ngemvume kwezimpande ukude? -
N
-
Susa isizindalwazi sokuhlola futhi ufinyelele kuso? -
N
-
Layisha kabusha amathebula elungelo manje? -
Y
-
Ake siye ku-MySQL:
sudo mysql
-
Ake sibheke izindlela zokufinyelela:
SELECT user,authentication_string,plugin,host FROM mysql.user;
-
Setha iphasiwedi yempande:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ Π΄Π»Ρ MySQL>';
-
Ake sibheke izindlela zokufinyelela futhi:
SELECT user,authentication_string,plugin,host FROM mysql.user;
-
Faka izinguquko bese uphuma ku-MySQL:
FLUSH PRIVILEGES;
ΠΈexit
-
Manje, ukuze ungene ku-MySQL udinga ukuyisebenzisa
mysql -u root -p
bese ufaka iphasiwedi
Ifaka i-PHP
Masisebenzise inqolobane yomuntu wesithathu kusuka
sudo apt update
sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
sudo apt-add-repository ppa:ondrej/php
sudo apt update
Manje ake sikhethe. Nge-Laravel 7, ungakhetha i-PHP 7.3 noma i-7.4. Umehluko uzokuba sezinombolo 3 kanye no-4.
- 7.3:
sudo apt install -y php7.3-fpm php7.3-mysql
- 7.4:
sudo apt install -y php7.4-fpm php7.4-mysql
I-PHP FastCGI Process Manager (fpm) isebenza ngezicelo ze-PHP. mysql, vele, ngokusebenza ne-MySQL.
Kusukela manje kuqhubeke ngizokwenza konke ngo-7.4.
Isetha i-Nginx
sudo vim /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
Esikhundleni sokuthi "<Isizinda sakho>" faka isizinda (isibonelo, mysite.ru
) ofuna ukukusebenzisa esikhathini esizayo. Uma ungakabi nayo, bhala noma yisiphi, bese uphinda izinyathelo ezikulesi sahluko sesizinda sakho uma usikhetha.
Faka okulandelayo:
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ =404;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
Uma ukhethe inguqulo 7.3 esikhundleni salokho php7.4-fpm.sock
ngena php7.4-fpm.sock
.
Lalela i-port 80 server_name
lapho sifika esicelweni sempande /var/www/html
thatha ifayela lenkomba. Uma ngemva server_name
Kukhona okuthile, sifuna ifayela elinjalo. Uma singayitholi, silahla 404. Uma iphetha nge .php
, gijima fpm
... Uma ekhona .ht
, vimbela (403).
- Ukwenza isixhumanisi kusuka
sites-available
Π²sites-enabled
:sudo ln -s /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> /etc/nginx/sites-enabled/
- Isusa isixhumanisi esiya ku
default
:sudo unlink /etc/nginx/sites-enabled/default
- Ihlola amaphutha:
sudo nginx -t
- Qalisa kabusha:
sudo systemctl reload nginx
Ukuhlola umsebenzi:
sudo vim /var/www/html/info.php
- Siyabhala:
<?php phpinfo();
- Asambe siye
<ΠΠ°Ρ IP>/info.php
Kufanele ubone okufana nalokhu:
Manje leli fayela lingasuswa: sudo rm /var/www/html/info.php
Faka i-Laravel
-
7.3:
sudo apt install php7.3-mbstring php7.3-xml composer unzip
-
7.4:
sudo apt install php7.4-mbstring php7.4-xml composer unzip
-
Ake siye ku-MySQL:
mysql -u root -p
-
Dala inqolobane enegama laravel:
CREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
-
Sinikeza ukufinyelela kwezimpande ku laravel:
GRANT ALL ON laravel.* TO 'root'@'localhost' IDENTIFIED BY '<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>';
-
FLUSH PRIVILEGES;
-
exit
-
cd /var/www/html
-
Dala ifolda yephrojekthi:
sudo mkdir -p <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
-
Sinikeza umsebenzisi laravel amalungelo kuphrojekthi:
sudo chown laravel:laravel <ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
Okulandelayo udinga ukudlulisa iphrojekthi. Isibonelo, ukwenza i-cloning kusuka ku-Github.
cd ./<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>
git clone <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
Kuyafaneleka ukucabangela ukuthi uma ungagcinanga amafayela amile (isibonelo, kusuka /public
) ku-Github, khona-ke ngokwemvelo ngeke ube nazo. Isibonelo, ngidale intambo ehlukile ukuxazulula lokhu deploy
, esengivele ngenza khona: git clone -b <ΠΈΠΌΡ Π²Π΅ΡΠΊΠΈ> --single-branch <ΡΡΡΠ»ΠΊΠ° Π½Π° ΠΏΡΠΎΠ΅ΠΊΡ> .
.
- Ukufaka okuncikile:
composer install
- Dala i-.env:
vim .env
Inguqulo yayo eyisisekelo ibonakala kanje:
APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=<ΠΠ°Ρ ΠΏΠ°ΡΠΎΠ»Ρ ΠΎΡ MySQL>
Uma ukopisha i-.env yakho, buyisela i-APP_ENV ngokukhiqiza, i-APP_DEBUG ngokuthi amanga bese ufaka izilungiselelo ezilungile ze-MySQL.
- Ukuthutha isizindalwazi:
php artisan migrate
- Ikhiqiza ikhodi:
php artisan key:generate
Ukushintsha izimvume:
sudo chown -R $USER:www-data storage
sudo chown -R $USER:www-data bootstrap/cache
chmod -R 775 storage
chmod -R 775 bootstrap/cache
Into yokugcina esele ukulungisa kabusha i-Nginx yeLaravel:
sudo vim /etc/nginx/sites-available/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
server {
listen 80;
listen [::]:80;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½ ΠΈΠ»ΠΈ IP>;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
}
Njengokugcina, uma ukhetha inguqulo 7.3 esikhundleni salokho php7.4-fpm.sock
ngena php7.4-fpm.sock
.
Ukusetha isizinda ku-DigitalOcean
Konke empeleni kulula kakhulu. Uthenga isizinda (noma yikuphi), shintshela ku-DigitalOcean kokuthi Dala->Izizinda/DNS... Ensimini Engeza isizinda ufaka lesi sizinda bese uchofoza engeza. Bese uya kuzilungiselelo zesizinda kanye nasenkambu IGAMA LOMPHATHI ngena @. Khetha iphrojekthi bese uchofoza Dala irekhodi.
Manje hamba kusayithi lapho uthenge khona isizinda, thola "Amaseva e-DNS" lapho (noma okunye okufanayo) bese ufaka amaseva we-DigitalOcean (okungukuthi.ns1.digitalocean.com
,ns2.digitalocean.com
,ns3.digitalocean.com
). Manje udinga ukulinda kancane (noma kakhulu) kuze kube yilapho lezi zilungiselelo zamukelwe. Ilungile!
Inkinga kuphela ukuthi isayithi lakho lizovuleka kuphela njenge-HTTP. Ukuze ube ne-HTTPS, dlulela engxenyeni elandelayo.
Isetha i-HTTPS
Faka i-certbot bese uyidlulisela igama lesizinda (format mysite.ru
) kanye negama lesizinda elithi www (www.mysite.ru
).
sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx
sudo certbot certonly --webroot --webroot-path=/var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public -d <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> -d www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>
Manje udinga ukulungisa kabusha i-Nginx (ungakhohlwa ukufaka amanani akho):
server {
listen 80;
listen [::]:80;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½> www.<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>;
root /var/www/html/<ΠΠΌΡ ΠΏΡΠΎΠ΅ΠΊΡΠ°>/public;
ssl_certificate /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<ΠΠ°Ρ Π΄ΠΎΠΌΠ΅Π½>/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
Ngicabanga ukuthi usuyaqonda ukuthi yini okufanele ishintshwe ku-PHP 7.3.
Lapha, eqinisweni, yonke into ilula. Simane siqondise kabusha zonke izicelo ezisuka ku-HTTP (port 80) ziye ku-HTTPS (port 443). Futhi lapho senza konke ngendlela efanayo nangaphambili, kodwa ngokubhala ngemfihlo.
Okusele ukusetha izimvume ku-firewall:
sudo nginx -t
sudo ufw app list
sudo ufw allow 'Nginx HTTPS'
sudo ufw status
sudo systemctl reload nginx
Manje konke kufanele kusebenze njengoba kufanele.
[Okuthuthukisiwe] Ifaka i-Node.js
Uma ngokuzumayo udinga ukusebenzisa imiyalo ye-npm ngqo kuseva, udinga ukufaka i-Node.js.
sudo apt update
sudo apt install -y nodejs npm
nodejs -v
Yilokho-ke, ngema kulesi sigaba. Empeleni, ngigculisekile ngomphumela. Mhlawumbe ngizosuka ku-DigitalOcean ndawana thize eduze kwaseRussia futhi ngishibhile. Kodwa njengoba ngase ngivele ngidlule kuyo yonke imizuliswano yokuqinisekisa esizeni futhi ngenza konke lapho, ngababonisa ngesibonelo. Ngaphezu kwalokho, ukuqala kwabo u-$100 kuyibhodi elihle kakhulu lokuqeqeshwa.
PS Sibonga ngokukhethekile umbhali
I-PPS Uma kungenzeka ukuthi ungunjiniyela ophezulu ocabanga ngemiyalo ye-bash, sicela ungahluleli kanzima. Ungase uthole lesi sihloko sisezingeni eliphansi, kodwa bengingakujabulela ukusithola lapho ngisidinga. Uma kukhona iziphakamiso zokuthuthukisa, ngikulungele.
Source: www.habr.com