Rage nauyin uwar garken

A cikin wannan labarin, za mu shiga cikin dalilin da yasa karuwar nauyin uwar garken ke faruwa kuma mu tattauna hanyoyi daban-daban don inganta matakan ɗaukar nauyi. Za a ba da hankali na musamman ga haɓaka lambar a cikin Apache / Nginx da MySQL, za mu yi magana game da caching azaman kayan aiki na taimako, kuma muyi la'akari da yiwuwar barazanar waje, kamar hare-haren DDOS, da hanyoyin hana su.

Me yasa Load ɗin Sabar ke faruwa

Kafin a ci gaba da inganta uwar garken, ya zama dole don gudanar da cikakken bincike na nauyin halin yanzu akan albarkatun. Wannan ya haɗa da auna nauyin CPU, amfani da RAM, ayyukan cibiyar sadarwa, da sauran mahimman sigogi. Fahimtar abubuwan da ke faruwa da kuma mafi girman nauyi yana ba da damar gano ƙullun ƙulla da haɓaka rabon albarkatu, don haka ƙara kwanciyar hankali da aikin kayan aikin uwar garken.

Don magance matsalar farko na babban nauyin uwar garken, muna ba da shawarar gudanar da a bincike na uwar garken gabaɗaya. Idan wannan bai isa ba, ƙarin daki-daki nazarin albarkatun wajibi ne. A matsayin kayan aiki na taimako, bincika abubuwan logs na Linux uwar garken na iya taimakawa, domin anan ne ake samun tushen matsalar a mafi yawan lokuta.

Inganta Apache/Nginx Server

Ƙara Load ɗin Sabar Sabo da Fihirisa

Ƙarar kaya saboda ƙididdigewa a kan uwar garke na iya faruwa, misali, lokacin da injunan bincike suka duba adadi mai yawa akan rukunin yanar gizon ku. Wannan na iya haifar da ƙarin amfani da albarkatun uwar garken kuma, saboda haka, rage ayyukan rukunin yanar gizon. Gano dalilin abu ne mai sauƙi; kuna buƙatar buɗe fayil ɗin da ke:

/var/www/httpd-logs/sitename.access.log

Lokacin da injunan bincike suka yi maƙasudi, mai amfani zai ga shigarwar yanayi mai zuwa:

11.22.33.44 - - [Date and Time] "GET /your-page-path HTTP/1.1" 200 1234 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

A matsayin mafita na farko don rage nauyi, zaku iya amfani da saitin alamun meta "noindex" da kuma "nofollow" a kan shafukan da ba sa bukatar a yi lissafinsu. Magani na biyu shine .htaccess fayil, inda shigarwar da suka dace da takamaiman injunan bincike suna buƙatar ƙara, misali, don ɓoye daga Yandex da Google:

SetEnvIfNoCase User-Agent "^Yandex" search_bot
SetEnvIfNoCase User-Agent "^Googlebot" search_bot
Order Allow,Deny
Allow from all
Deny from env=search_bot

Hakazalika, ana buƙatar yin gyara don wasu injunan bincike. Ya kamata a lura cewa iyawar .htaccess ba'a iyakance ga kawai toshe indexing ba. Muna ba da shawarar samun ƙarin masaniya tare da manyan abubuwan sa a cikin Labari.

Amfani da Saitunan Caching

Saitunan caching mara daidai akan uwar garken na iya haifar da babban nauyi. Don inganta wannan siga, ana buƙatar yin canje-canje masu dacewa a cikin fayilolin sanyi ko .htaccess. A cikin yanayin Apache, zaɓi na ƙarshe ya fi dacewa, don Nginx - tsohon.

A kan Apache uwar garken, kuna buƙatar buɗewa .htacess fayil kuma saka code mai zuwa:

<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf|doc|docx)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>

Sa'an nan, kunna da Yana ƙare module ta amfani da umarnin:

sudo a2enmod expires

Bayan haka, sake kunna sabar gidan yanar gizon:

sudo service apache2 restart

Kuma kunna module ta ƙayyade:

ExpiresActive On

a Nginx uwar garken, ya isa a ƙara lambar mai zuwa zuwa fayil ɗin daidaitawa:

location ~* .(jpg|jpeg|gif|png|ico|css|swf|flv|doc|docx)$ {
root /var/www/yoursite.com;
}

Kuma yi sake lodin sabis:

sudo service nginx restart

Lura cewa tare da waɗannan saitunan, da Bada da kuma Karyata za a ƙetare umarnin.

Amfani da Data Compression

Ƙaddamar da matsawar bayanai ta amfani da Gzip a kan Apache da sabar yanar gizo na Nginx suna taimakawa wajen rage yawan adadin bayanan da aka watsa tsakanin uwar garken da abokin ciniki, wanda ke inganta aikin kuma yana rage lokacin loda shafin yanar gizon.

Don kunna Gzip on Apache, kuna buƙatar kunna mod_deflate module:

sudo a2enmod deflate

Sannan, sake kunna sabar gidan yanar gizo:

sudo service apache2 restart

Kuma a ƙarshe, ƙara toshe mai zuwa zuwa fayil ɗin sanyi ko .htaccess:

<IfModule mod_deflate.c>
# Configure compression for specified file types
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json

# If the browser matches the specified pattern, apply compression only to text/html files
BrowserMatch ^Mozilla/4 gzip-only-text/html

# If the browser matches the specified version patterns of Mozilla 4.0.6, 4.0.7, 4.0.8, disable compression
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# If the browser is MSIE (Internet Explorer), disable compression for all files except text/html
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# If the request contains the specified pattern (extensions of image files), disable compression
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip
</IfModule>

Wannan tsarin yana ba da damar matsawa don wasu nau'ikan fayiloli kuma yana kashe shi don hotuna.

A cikin hali na Nginx, sanyi yana faruwa a cikin http toshe fayil ɗin sanyi. Ana buƙatar ƙara lambar mai zuwa:

gzip on;
gzip_disable "msie6";

# Adds the Vary header, indicating that the response may change depending on the Accept-Encoding header value
gzip_vary on;

# Enables compression for any proxy servers
gzip_proxied any;

# Sets the compression level. A value of 6 provides a good balance between compression efficiency and resource use
gzip_comp_level 6;

# Sets the size of the buffer for compressed data (16 buffers of 8 kilobytes each)
gzip_buffers 16 8k;

# Specifies that data compression should be used only for HTTP version 1.1 and higher
gzip_http_version 1.1;

# Sets the file types that can be compressed
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

Haka ma Apache, Anan an saita sigogin matsawa na wasu nau'ikan fayiloli. Bayan yin canje-canje ga kowane sabar gidan yanar gizon, ana buƙatar sake shigar da sabis:

sudo service apache2 restart

Or

sudo service nginx restart

DDOS Attack akan Sabar

Babban nauyin uwar garken na iya faruwa a sakamakon harin DDoS. Gano gaban harin DDoS za a iya yi ta hanyar sa ido kan karuwar zirga-zirga kwatsam, buƙatun da ba na al'ada ba, da faɗuwar aikin uwar garken. Yin bitar rajistan ayyukan don buƙatun maimaitawa daga adireshin IP ɗaya ko bincika tashar jiragen ruwa na iya nuna yiwuwar harin DDoS. Akwai matakan kariya da yawa, amma za mu tattauna kawai abubuwan da suka dace.

Amfani da CDN (Cibiyar Isar da Abun ciki). CDN na iya zama mai shiga tsakani tsakanin sabar gidan yanar gizon ku da masu amfani, rarraba zirga-zirga da adana abun ciki don rage tasirin harin DDoS. CDNs kuma na iya samun ginanniyar hanyoyin kariya ta DDoS, gami da rarraba kaya da tace zirga-zirga.

Saita Firewalls da tsarin gano kutse (IDS/IPS). Za a iya saita Firewalls don tace zirga-zirga bisa la'akari daban-daban, kamar adiresoshin IP da tashoshin jiragen ruwa. IDS/IPS na iya gano halayen zirga-zirgar ababen hawa da kuma toshe hanyoyin da ake tuhuma. Waɗannan kayan aikin na iya yin tasiri a cikin sa ido da toshe hanyoyin zirga-zirga masu haɗari.

Yana daidaita sabar yanar gizo Apache da Nginx don rage tasirin hare-haren DDoS.

A matsayin mafita ga Apache, muna kunna mod_evasive module. Don yin wannan, uncomment ko ƙara da wadannan line a cikin httpd.conf or apache2.conf fayil din tsari:

LoadModule evasive20_module modules/mod_evasive.so

A cikin fayil iri ɗaya, kuna buƙatar ƙara toshe saituna:

<IfModule mod_evasive20.c>
# Hash table size for storing request information
DOSHashTableSize 3097

# Number of requests to one page before activating protection
DOSPageCount 2
DOSPageInterval 1

# Number of requests to all pages before activating protection
DOSSiteCount 50
DOSSiteInterval 1

# Blocking period in seconds for IP addresses
DOSBlockingPeriod 10
</IfModule>

Hakazalika, muna kunna mod_ratelimit module:

LoadModule ratelimit_module modules/mod_ratelimit.so

Kuma ƙara tsarin:

<IfModule mod_ratelimit.c>
# Setting the output filter for rate limiting (Rate Limit)
SetOutputFilter RATE_LIMIT

# Beginning of the settings block for the location "/login"
<Location "/login">

# Setting the environment variable rate-limit with a value of 1
SetEnv rate-limit 1

# Ending of the settings block for the location "/login"
</Location>
</IfModule>

Tsarin don Nginx yana kama da Apache. A cikin nginx.conf fayil ɗin sanyi, ana buƙatar amfani da umarni masu zuwa:

http {
...
# Defining a zone for connection limits
limit_conn_zone $binary_remote_addr zone=addr:10m;

# Defining a zone for request limits
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;

server {
        ...
        # Configuring connection limits
        limit_conn addr 10;

        # Configuring request limits
        limit_req zone=req_zone burst=5;

        ...
    }
}

Bayan yin canje-canje ga kowane sabis ɗin, suna buƙatar sake loda su:

sudo systemctl restart apache2

Ko:

sudo systemctl restart nginx

Waɗannan misalan suna ba da ƙayyadaddun ƙayyadaddun tsari kawai, wanda za'a iya ƙara daidaita shi dangane da takamaiman buƙatu da yanayin hare-hare.

Yana inganta MySQL Queries

Haɓaka tambayoyin bayanai na MySQL akan sabar gidan yanar gizo ana iya samun su ta hanyoyi daban-daban, kuma ɗayansu shine daidaitawar fayil ɗin daidaitawa. Yawanci, ana kiran wannan fayil ɗin ku.cnf or mu.ini kuma yana cikin / sauransu / or / sauransu/mysql/ directory. Kuna buƙatar buɗe shi kuma kuyi canje-canje masu zuwa:

[mysqld]
# Location of the file for recording slow queries. Be sure to replace it with your path
log-slow-queries = /var/log/mariadb/slow_queries.log

# Threshold time for considering slow queries (in seconds)
long_query_time = 5

# Enabling recording of queries that do not use indexes
log-queries-not-using-indexes = 1

# Disabling query caching
query_cache_size = 0
query_cache_type = 0
query_cache_limit = 1M

# Size of temporary tables
tmp_table_size = 16M
max_heap_table_size = 16M

# Size of the thread cache
thread_cache_size = 16

# Disabling name resolving
skip-name-resolve = 1

# Size of the InnoDB buffer pool. Set to 50-70% of available RAM
innodb_buffer_pool_size = 800M

# Size of the InnoDB log file
innodb_log_file_size = 200M

Bari mu kuma yi la'akari da ƙarin shawarwari waɗanda za su iya sauƙaƙe hulɗa tare da bayanan uwar garken:

1. Yi amfani da BAYYANA umarni a gaban tambayar SQL don nazarin aiwatar da shi. Wannan yana ba ku damar samun tsarin aiwatarwa don tambayar kuma ku tantance waɗanne fihirisa ake amfani da su, waɗanne teburan da aka bincika, da sauransu.
2. Fihirisa suna hanzarta binciken bayanai, don haka fihirisar da aka tsara yadda ya kamata na iya inganta aikin tambaya sosai. Kula da ginshiƙan da ake yawan amfani da su a ciki INA or JIIN yanayi.
3. Guji amfani Zaba *. Ƙayyade waɗancan ginshiƙan waɗanda ke da matukar mahimmanci don tambayar ku, maimakon zaɓar duk ginshiƙai a cikin tebur.
4. Ka guji amfani da ayyuka a ciki INA yanayi. Amfani da ayyuka (kamar KARANTA, SAURARA, hagu, RIGHT) a cikin INA yanayi na iya sa fihirisa rashin amfani. Yi ƙoƙarin guje wa amfani da su kai tsaye a cikin yanayi.
5. amfani ciki JOIN inda zai yiwu, kamar yadda yawanci ya fi dacewa. Hakanan, tabbatar da cewa ginshiƙan da suka dace don haɗawa suna da fihirisa.
6. amfani Iyakan don taƙaita adadin layuka da aka dawo dasu idan kuna buƙatar samun takamaiman adadin sakamako kawai.
7. Yi la'akari da sakamakon caching, musamman idan ba safai ake canzawa ba, don rage nauyin uwar garken.

Sabar Saƙon Yana Ƙirƙirar Babban lodi akan Sabar

A cikin wannan sashe, za mu bincika yadda za a tantance cewa uwar garken wasikun tana fuskantar babban nauyi da kuma matakan da za a iya ɗauka don inganta aikinta, gami da duba layin saƙo da daidaita sigogin uwar garken. Fara da duba layin saƙo. The mailq mai amfani zai iya taimakawa tare da wannan, don kunna shi, shigar da umarnin da ya dace a cikin tashar:

mailq

Wannan zai nuna jerin saƙonni a cikin jerin gwano, idan akwai. Kowane saƙo za a nuna shi tare da keɓantaccen mahimmin sa da bayanin halin aikawa. Ana iya samun irin wannan sakamako ta hanyar duba rajistan ayyukan abokin ciniki na wasiku.

A mafi yawan lokuta, babban nauyi yana faruwa a cikin taron sulhuntawar uwar garken lokacin da ya fara aika spam. Koyaya, idan bayan bincika mai gudanarwa yana da kwarin gwiwa cewa ba a kai wa uwar garken hari daga waje ba kuma masu amfani ba sa yin watsi da spam, lokaci yayi da za a ci gaba don inganta sabar saƙon. Anan ga matakan da zasu taimaka:

1. Tabbatar cewa an daidaita rikodin DNS na yankinku daidai, gami da SPF, DKIim, Da kuma DMARC rubuce-rubuce don inganta isar da saƙo da kuma kariya daga spam. Ana iya samun daidaitattun sigogin sigogi a cikin labarin akan mail uwar garken bincike.
2. Bincika saitunan cibiyar sadarwa, gami da daidaitawar Tacewar zaɓi da dokokin tuƙi, don guje wa toshewa da saurin isar da saƙo.
3. Sanya sigogin layin saƙo bisa ga nauyin uwar garken. Wannan na iya haɗawa da saita matsakaicin girman jerin gwano da ƙarewar lokaci.
4. Ka yi la’akari da mafita da muka tattauna a wannan talifin da farko. Lokaci-lokaci inganta bayanan sabar sabar don inganta aiki, yi amfani da hanyoyin caching don hanzarta bincike da sarrafa bayanai, kamar tambayoyin DNS.
5. Idan har yanzu uwar garken wasikun tana ci karo da babban kaya akai-akai, yi la'akari da zaɓuɓɓukan ƙima, kamar amfani da gungun sabar saƙon ko mafita ga girgije.

Kammalawa

Ƙara yawan nauyin uwar garken kai tsaye yana rinjayar saurin lodin gidan yanar gizon, yana tasiri tasirin mai amfani da kuma suna a cikin injunan bincike. Don haka, sarrafa wannan nauyin yadda ya kamata yana taka muhimmiyar rawa wajen tabbatar da ci gaba da aiki na albarkatun da kuma ƙara samun dama ga baƙi.