Ma kēia ʻatikala, e ʻimi mākou i ke kumu o ka hoʻonui ʻia ʻana o ka ukana server a kūkākūkā i nā ʻano like ʻole e koho ai i nā kaʻina hana kiʻekiʻe. E hāʻawi ʻia ka manaʻo kūikawā i ka code optimization ma Apache / Nginx a me MySQL, e kamaʻilio mākou e pili ana i ka caching ma ke ʻano he mea kōkua, a noʻonoʻo pū kekahi i nā mea hoʻoweliweli o waho, e like me ka hoʻouka ʻana o DDOS, a me nā ala e pale ai iā lākou.
No ke aha i hoʻouka ʻia ai ke kikowaena
Ma mua o ka hoʻomaka ʻana i ka server optimization, pono e hana i ka nānā pono ʻana i ka ukana o kēia manawa i nā kumuwaiwai. Hoʻopili kēia i ke ana ʻana i ka ukana CPU, ka hoʻohana ʻana i ka RAM, ka hana pūnaewele, a me nā ʻāpana koʻikoʻi ʻē aʻe. ʻO ka hoʻomaopopo ʻana i ka dinamika a me nā haʻahaʻa kiʻekiʻe e hiki ai ke ʻike i nā bottlenecks a me ka hoʻokaʻawale ʻana i nā kumuwaiwai, no laila e hoʻonui ai i ka paʻa a me ka hana o ka ʻōnaehana kikowaena.
No ka hoʻoponopono mua ʻana i ka hoʻouka kikowaena kiʻekiʻe, paipai mākou e hana i kahi nā diagnostics kikowaena kikowaena. Inā lawa ʻole kēia, ʻoi aku ka kikoʻī kālailai waiwai pono. Ma ke ʻano he mea kōkua, e ʻimi ana i ka nā lāʻau o ka Linux Hiki i ke kikowaena ke kōkua, no ka mea, ma laila ke kumu o ka pilikia i ka hapanui o nā hihia.
Hoʻonui i ka Apache / Nginx Server
Hoʻonui ʻia ka ukana kikowaena ma muli o ke kuhikuhi ʻana
Hiki ke hoʻonui ʻia ka ukana ma muli o ka helu ʻana i ka kikowaena, no ka laʻana, ke nānā ʻia nā ʻenekini huli i kahi helu nui o nā ʻaoʻao ma kāu pūnaewele. Hiki i kēia ke alakaʻi i ka hoʻohana nui ʻana i nā kumuwaiwai kikowaena a, no laila, hoʻolohi i ka hana o ka pūnaewele. He mea maʻalahi ka ʻike ʻana i ke kumu; pono ʻoe e wehe i ka faila aia ma:
/var/www/httpd-logs/sitename.access.logKe kuhikuhi ʻia e nā ʻenekini huli, e ʻike ka mea hoʻohana i nā mea hoʻokomo o kēia ʻano:
11.22.33.44 - - [Date and Time] "GET /your-page-path HTTP/1.1" 200 1234 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"Ma ke ʻano he hopena mua e hōʻemi ai i ka ukana, hiki iā ʻoe ke hoʻohana i ka hoʻonohonoho ʻana o nā meta tag "noindex" a "nofollow" ma nā ʻaoʻao ʻaʻole pono e kuhikuhi ʻia. ʻO ka lua o ka hoʻonā ka .htaccess file, kahi e hoʻohui ʻia ai nā mea e pili ana i nā ʻenekini hulina, no ka laʻana, e hūnā mai Yandex a me Google:
SetEnvIfNoCase User-Agent "^Yandex" search_bot
SetEnvIfNoCase User-Agent "^Googlebot" search_bot
Order Allow,Deny
Allow from all
Deny from env=search_botPēlā nō, pono e hoʻoponopono ʻia no nā ʻenekini huli ʻē aʻe. Pono e hoʻomaopopo ʻia ʻaʻole i kaupalena ʻia nā mana o .htaccess i ka pale wale ʻana i ka indexing. Paipai mākou e kamaʻāina hou i kāna mau hiʻohiʻona nui i ka Haawina.
Ke hoʻohana nei i nā ʻōkuhi Caching
Hiki ke alakaʻi i nā hoʻonohonoho caching hewa ma ke kikowaena i ka haʻahaʻa kiʻekiʻe. No ka hoʻonui ʻana i kēia ʻāpana, pono e hoʻololi ʻia i nā faila hoʻonohonoho a i ʻole .htaccess. I ka hihia o Apache, ʻoi aku ka maikaʻi o ka koho hope, no Nginx - ka mea mua.
Ma ka lā Apache server, pono ʻoe e wehe i ka .htacess faila a hoʻokomo i kēia code:
<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf|doc|docx)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>A laila, hiki i ka Hopi module me ke kauoha:
sudo a2enmod expiresMa hope o kēlā, e hoʻomaka hou i ka pūnaewele pūnaewele:
sudo service apache2 restartA ho'ā i ka module ma ke kuhikuhi ʻana:
ExpiresActive Oni ka Nginx server, ua lawa ia e hoʻohui i kēia code i ka faila hoʻonohonoho:
location ~* .(jpg|jpeg|gif|png|ico|css|swf|flv|doc|docx)$ {
root /var/www/yoursite.com;
}A e hana i kahi hoʻouka lawelawe:
sudo service nginx restartE hoʻomaopopo me kēia mau hoʻonohonoho, ʻo ka ae aku a ʻO Deny e kāpae ʻia nā kuhikuhi.
Ke hoʻohana nei i ka ʻikepili Compression
E ho'ā ana i ka hoʻopili ʻikepili me ka hoʻohana ʻana ʻO Gzip ma Apache a me Nginx nā kikowaena pūnaewele e kōkua i ka hōʻemi ʻana i ka nui o ka ʻikepili i hoʻouna ʻia ma waena o ke kikowaena a me ka mea kūʻai aku, e hoʻomaikaʻi ana i ka hana a hōʻemi i ka manawa hoʻouka ʻaoʻao pūnaewele.
E hiki ai ʻO Gzip on Apache, pono e ho'ā i ka mod_deflate module:
sudo a2enmod deflateA laila, e hoʻomaka hou i ka pūnaewele pūnaewele:
sudo service apache2 restartA ʻo ka hope, hoʻohui i kēia poloka i ka faila hoʻonohonoho a i ʻole .htaccess:
<IfModule mod_deflate.c>
# Configure compression for specified file types
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json
# If the browser matches the specified pattern, apply compression only to text/html files
BrowserMatch ^Mozilla/4 gzip-only-text/html
# If the browser matches the specified version patterns of Mozilla 4.0.6, 4.0.7, 4.0.8, disable compression
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# If the browser is MSIE (Internet Explorer), disable compression for all files except text/html
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# If the request contains the specified pattern (extensions of image files), disable compression
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip
</IfModule>Hiki i kēia hoʻonohonoho ke kaomi ʻana i kekahi mau faila a hoʻopau iā ia no nā kiʻi.
Ma ka hihia o Nginx, hiki ke hoʻonohonoho i ka http poloka o ka waihona hoʻonohonoho. Pono e hoʻohui i kēia code:
gzip on;
gzip_disable "msie6";
# Adds the Vary header, indicating that the response may change depending on the Accept-Encoding header value
gzip_vary on;
# Enables compression for any proxy servers
gzip_proxied any;
# Sets the compression level. A value of 6 provides a good balance between compression efficiency and resource use
gzip_comp_level 6;
# Sets the size of the buffer for compressed data (16 buffers of 8 kilobytes each)
gzip_buffers 16 8k;
# Specifies that data compression should be used only for HTTP version 1.1 and higher
gzip_http_version 1.1;
# Sets the file types that can be compressed
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;E like me Apache, ma ʻaneʻi ua hoʻonohonoho ʻia nā ʻāpana kaomi no kekahi mau ʻano faila. Ma hope o ka hoʻololi ʻana i kekahi o nā kikowaena pūnaewele, pono e hoʻouka hou i ka lawelawe:
sudo service apache2 restartOr
sudo service nginx restartHoʻouka DDOS ma ke kikowaena
Hiki ke loaʻa ka ukana kikowaena kiʻekiʻe ma muli o kahi hoʻouka kaua DDoS. ʻO ka ʻike ʻana i ka hiki ʻana mai o kahi hoʻouka kaua DDoS hiki ke hana ʻia ma o ka nānā ʻana i ka piʻi koke ʻana o ke kaʻa, nā noi maʻamau, a me ka hāʻule ʻana o ka hana server. ʻO ka nānā ʻana i nā lāʻau no nā noi pinepine mai hoʻokahi IP address a i ʻole ka nānā ʻana i ke awa hiki ke hōʻike i kahi hoʻouka kaua DDoS. Nui nā hana palekana, akā e kūkākūkā wale mākou i nā kumu.
Ke hoʻohana nei i kahi CDN (Content Delivery Network). Hiki i kahi CDN ke lawelawe ma ke ʻano he kikowaena ma waena o kāu kikowaena pūnaewele a me nā mea hoʻohana, e puʻunaue ana i nā kaʻa a me ka hoʻopaʻa ʻana i nā ʻike e hoʻēmi i ka hopena o kahi hoʻouka kaua DDoS. Hiki i nā CDN ke loaʻa i nā mīkini pale DDoS i kūkulu ʻia, me ka hāʻawi ʻana i ka ukana a me ke kānana kaʻa.
Ka hoʻonohonoho ʻana i nā pā ahi a me nā ʻōnaehana ʻike intrusion (IDS/IPS). Hiki ke hoʻonohonoho ʻia nā pā ahi no ka kānana ʻana i nā kaʻa ma muli o nā koina like ʻole, e like me nā helu IP a me nā awa. Hiki i ka IDS/IPS ke ʻike i ke ʻano o ke kaʻa kaʻa like ʻole a hoʻopaʻa i nā pilina kānalua. Hiki i kēia mau mea hana ke hoʻokō pono i ka nānā ʻana a me ka pale ʻana i nā kaʻa hana ʻino.
Ke hoʻonohonoho nei i nā kikowaena pūnaewele Apache a me Nginx e hoʻohaʻahaʻa i ka hopena o nā hōʻeha DDoS.
Ma ke ʻano he hopena no Apache, hiki iā mākou ke hana i ka mod_evasive module. No ka hana ʻana i kēia, wehe ʻole a hoʻohui i kēia laina ma ka httpd.conf or apache2.conf hoʻonohonoho hoʻonohonoho:
LoadModule evasive20_module modules/mod_evasive.soMa ka waihona like, pono ʻoe e hoʻohui i kahi poloka hoʻonohonoho:
<IfModule mod_evasive20.c>
# Hash table size for storing request information
DOSHashTableSize 3097
# Number of requests to one page before activating protection
DOSPageCount 2
DOSPageInterval 1
# Number of requests to all pages before activating protection
DOSSiteCount 50
DOSSiteInterval 1
# Blocking period in seconds for IP addresses
DOSBlockingPeriod 10
</IfModule>Pēlā nō, hoʻoikaika mākou i ka mod_ratelimit module:
LoadModule ratelimit_module modules/mod_ratelimit.soA hoʻohui i ka hoʻonohonoho:
<IfModule mod_ratelimit.c>
# Setting the output filter for rate limiting (Rate Limit)
SetOutputFilter RATE_LIMIT
# Beginning of the settings block for the location "/login"
<Location "/login">
# Setting the environment variable rate-limit with a value of 1
SetEnv rate-limit 1
# Ending of the settings block for the location "/login"
</Location>
</IfModule>ʻO ka hoʻonohonoho no Nginx like like Apache. I ka nginx.conf configuration file, pono e hoʻohana i kēia mau kuhikuhi:
http {
...
# Defining a zone for connection limits
limit_conn_zone $binary_remote_addr zone=addr:10m;
# Defining a zone for request limits
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
server {
...
# Configuring connection limits
limit_conn addr 10;
# Configuring request limits
limit_req zone=req_zone burst=5;
...
}
}Ma hope o ka hoʻololi ʻana i kēlā me kēia lawelawe, pono lākou e hoʻouka hou:
sudo systemctl restart apache2A i'ole:
sudo systemctl restart nginxHāʻawi kēia mau hiʻohiʻona i kahi hoʻonohonoho kumu, hiki ke hoʻololi hou ʻia ma muli o nā koi kikoʻī a me ke ʻano o nā hoʻouka.
Hoʻonui i nā nīnau nīnau MySQL
Hiki ke hoʻokō ʻia nā nīnau ʻikepili MySQL ma kahi kikowaena pūnaewele ma nā ʻano like ʻole, a ʻo kekahi o lākou ka hoʻonohonoho kūpono o ka faila hoʻonohonoho. ʻO ka maʻamau, kapa ʻia kēia faila my.cnf or my.ini a aia ma ka / a pela aku / or /etc/mysql/ papa kuhikuhi. Pono ʻoe e wehe a hana i kēia mau hoʻololi:
[mysqld]
# Location of the file for recording slow queries. Be sure to replace it with your path
log-slow-queries = /var/log/mariadb/slow_queries.log
# Threshold time for considering slow queries (in seconds)
long_query_time = 5
# Enabling recording of queries that do not use indexes
log-queries-not-using-indexes = 1
# Disabling query caching
query_cache_size = 0
query_cache_type = 0
query_cache_limit = 1M
# Size of temporary tables
tmp_table_size = 16M
max_heap_table_size = 16M
# Size of the thread cache
thread_cache_size = 16
# Disabling name resolving
skip-name-resolve = 1
# Size of the InnoDB buffer pool. Set to 50-70% of available RAM
innodb_buffer_pool_size = 800M
# Size of the InnoDB log file
innodb_log_file_size = 200ME noʻonoʻo pū kākou i nā manaʻo hou aʻe e hiki ke hoʻomaʻamaʻa i ka pilina me ka waihona kikowaena:
- E hoʻohana i ka KAHAIOLA kauoha ma mua o kahi nīnau SQL e nānā i kāna hoʻokō. Hāʻawi kēia iā ʻoe e kiʻi i kahi hoʻolālā hoʻokō no ka nīnau a hoʻoholo i nā ʻōlelo kuhikuhi i hoʻohana ʻia, nā papa i nānā ʻia, etc.
- Hiki i nā papa kuhikuhi i ka huli ʻikepili ke hoʻoikaika maikaʻi loa i ka hana hulina. E nānā i nā kolamu i hoʻohana pinepine ʻia i loko kahi or hui nā kūlana.
- Hōʻalo ka hoʻohana ʻana KOHO *. E koho i kēlā mau kolamu i pono maoli no kāu nīnau, ma kahi o ke koho ʻana i nā kolamu a pau i ka papaʻaina.
- Hōʻalo i ka hoʻohana ʻana i nā hana ma kahi kūlana. Ke hoʻohana nei i nā hana (e like me LOWA, LUNA, HEMA, AKAUi kahi Hiki i nā kūlana ke hana i nā kuhikuhi i mea ʻole. E ho'āʻo e pale i kā lākou hoʻohana pololei i nā kūlana.
- hoʻohana INNER JOIN inā hiki, no ka mea, ʻoi aku ka maikaʻi. Eia kekahi, e hōʻoia i nā kolamu kūpono no ka hui ʻana he mau kuhikuhi.
- hoʻohana kali e kaupalena i ka helu o nā lālani i hoʻihoʻi ʻia inā pono ʻoe e loaʻa i kahi helu o nā hopena.
- E noʻonoʻo i ka hoʻopaʻa ʻana i nā hopena hulina, ʻoi aku ka nui o ka loli ʻana, e hōʻemi i ka ukana kikowaena.
Hoʻokumu ka Luna Leka i ka haʻahaʻa kiʻekiʻe ma ke kikowaena
Ma kēia ʻāpana, e ʻimi mākou pehea e hoʻoholo ai i ka loaʻa ʻana o ke kikowaena leka uila i ka haʻahaʻa kiʻekiʻe a me nā ʻanuʻu e hiki ke hana e hoʻokō i kāna hana, me ka nānā ʻana i ka queue me ka hoʻonohonoho ʻana i nā ʻāpana kikowaena. E hoʻomaka me ka nānā ʻana i ka pila memo. ʻO ka mailq hiki ke kōkua i ka pono me kēia, e hoʻāla iā ia, e hoʻokomo i ke kauoha pili i ka terminal:
mailqE hōʻike kēia i kahi papa inoa o nā memo ma ka pila, inā he. E hōʻike ʻia kēlā me kēia memo me kāna ʻike kūikawā a me ka ʻike e pili ana i ke kūlana hoʻouna. Hiki ke loaʻa ka hopena like ma ka nānā ʻana i nā moʻolelo o ka mea kūʻai leka uila.
I ka hapanui o nā hihia, loaʻa ka haʻahaʻa kiʻekiʻe i ka wā i hoʻopaʻa ʻia ka server i ka wā e hoʻomaka ai ka hoʻouna ʻana i ka spam. Eia naʻe, inā ma hope o ka nānā ʻana ua hilinaʻi ka luna hoʻomalu ʻaʻole i hoʻouka ʻia ke kikowaena mai waho a ʻaʻole haʻalele nā mea hoʻohana i ka spam, ʻo ia ka manawa e neʻe ai i ka optimizing ka leka uila. Eia nā ʻanuʻu e kōkua ai:
- E hōʻoia i ka hoʻonohonoho pono ʻana o nā moʻolelo DNS o kāu kikowaena, me SPF, Dokim, a DMARC nā moʻolelo e hoʻomaikaʻi i ka lawe ʻana i ka leka uila a pale aku i ka spam. Hiki ke loaʻa ka hoʻonohonoho kūpono o nā ʻāpana ma ka ʻatikala ma hōʻike diagnostics server mail.
- E nānā i nā hoʻonohonoho pūnaewele, me ka hoʻonohonoho ʻana i ka pā ahi a me nā lula hoʻokele, e pale i nā poloka a me ka wikiwiki o ka lawe ʻana i ka leka uila.
- E hoʻopaʻa i nā ʻāpana pila e like me ka ukana kikowaena. Hiki i kēia ke hoʻonohonoho i ka nui o ka pila a me nā manawa pau.
- E noʻonoʻo i nā hoʻonā a mākou i kūkākūkā ai ma kēia ʻatikala ma mua. E hoʻopololei i kēlā me kēia manawa i ka waihona kikowaena leka uila no ka hoʻomaikaʻi ʻana i ka hana, e hoʻohana i nā mīkini caching e wikiwiki i ka ʻimi ʻikepili a me ka hana ʻana, e like me nā nīnau DNS.
- Inā loaʻa mau ke kikowaena leka uila i ka haʻahaʻa kiʻekiʻe, e noʻonoʻo i nā koho scaling, e like me ka hoʻohana ʻana i kahi pūʻulu o nā kikowaena leka uila a i ʻole nā hoʻonā ao.
Panina
ʻO ka hoʻonui ʻia ʻana o ka ukana e pili pono ana i ka wikiwiki o ka hoʻouka ʻana i ka pūnaewele, i ka hopena i ka ʻike mea hoʻohana a me ka kaulana i nā ʻenekini huli. No laila, ʻo ka hoʻokele maikaʻi ʻana i kēia ukana he kuleana koʻikoʻi ia i ka hōʻoia ʻana i ka hana mau o ka waiwai a me ka hoʻonui ʻana i kona hiki i nā malihini.
