Na-ebelata ibu nkesa

N'isiokwu a, anyị ga-enyocha ihe mere na-abawanye ibu nkesa na-atụle ụzọ dị iche iche iji kwalite usoro ibu ibu. A ga-enye nlebara anya pụrụ iche maka njikarịcha koodu na Apache/Nginx na MySQL, anyị ga-ekwu maka caching dị ka ngwá ọrụ inyeaka, ma tụlee ihe egwu dị na mpụga, dị ka ọgụ DDOS, na ụzọ isi gbochie ha.

Ihe kpatara ibu nkesa na-eji eme

Tupu ịga n'ihu na njikarịcha nkesa, ọ dị mkpa iji mee nyocha nke ọma banyere ibu dị ugbu a na akụrụngwa. Nke a na-agụnye ịlele ibu CPU, ojiji RAM, ọrụ netwọk, na isi igodo ndị ọzọ. Ịghọta ihe ndị na-eme mgbanwe na ọnụ ọgụgụ kasị elu na-enye ohere ịchọpụta nkwụsịtụ na ịmepụta ihe onwunwe, si otú ahụ na-abawanye nkwụsi ike na arụmọrụ nke akụrụngwa ihe nkesa.

Maka nchọpụta mbụ nke ibu ihe nkesa dị elu, anyị na-akwado iduzi a nchọpụta ihe nkesa izugbe. Ọ bụrụ na nke a ezughi oke, nkọwa zuru oke nyocha nke akụrụngwa dị mkpa. Dị ka ngwá ọrụ inyeaka, na-enyocha ihe ndekọ nke Linux ihe nkesa nwere ike inye aka, n'ihi na nke a bụ ebe a na-achọta isi iyi nke nsogbu n'ọtụtụ ọnọdụ.

Na-ebuli sava Apache/Nginx

Ọbara nkesa n'ihi ntinye aha

Ịba ụba ibu n'ihi ntinye aka na ihe nkesa nwere ike ime, dịka ọmụmaatụ, mgbe engines ọchụchọ na-enyocha ọnụ ọgụgụ dị ukwuu nke ibe na saịtị gị. Nke a nwere ike bute ịba ụba nke akụrụngwa ihe nkesa yana, ya mere, wedata arụmọrụ saịtị ahụ. Ịmata ihe kpatara ya dịtụ mfe; ịkwesịrị imepe faịlụ dị na:

/var/www/httpd-logs/sitename.access.log

Mgbe igwe nchọta depụtara ya, onye ọrụ ga-ahụ ndenye nke ụdị ndị a:

11.22.33.44 - - [Date and Time] "GET /your-page-path HTTP/1.1" 200 1234 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

Dị ka ihe ngwọta mbụ iji belata ibu, ị nwere ike iji ntọala nke mkpado meta "noindex" na "nofollow" na ibe ndị na-adịghị mkpa ka indexed. Ihe ngwọta nke abụọ bụ .htaccess faịlụ, ebe a ga-agbakwunye ndenye dabara na ngwa nchọta akọwapụtara, dịka ọmụmaatụ, zoo na Yandex na Google:

SetEnvIfNoCase User-Agent "^Yandex" search_bot
SetEnvIfNoCase User-Agent "^Googlebot" search_bot
Order Allow,Deny
Allow from all
Deny from env=search_bot

N'otu aka ahụ, ọ dị mkpa ka emezigharị maka ngwa nchọta ndị ọzọ. Ekwesiri ighota na ike nke .htaccess ejedebeghị na naanị igbochi indexing. Anyị na-akwado ịmatakwu atụmatụ ya na mpaghara isiokwu.

Iji caching Settings

Ntọala caching na-ezighi ezi na sava ahụ nwekwara ike ibute ibu dị elu. Iji kwalite oke a, ọ dị mkpa ka eme mgbanwe ndị kwekọrọ na faịlụ nhazi ma ọ bụ .htaccess. N'ihe banyere Apache, nhọrọ ikpeazụ dị mma, maka Nginx - nke mbụ.

Na otu Apache ihe nkesa, ịkwesịrị imepe ya .htacess faịlụ ma tinye koodu a:

<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf|doc|docx)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>

Mgbe ahụ, gbanye ya Anwụ modul na-eji iwu:

sudo a2enmod expires

Mgbe nke ahụ gasịrị, malitegharịa sava weebụ:

sudo service apache2 restart

Ma rụọ ọrụ modul ahụ site na ịkọwapụta:

ExpiresActive On

on a Nginx ihe nkesa, o zuru ezu ịgbakwunye koodu a na faịlụ nhazi:

location ~* .(jpg|jpeg|gif|png|ico|css|swf|flv|doc|docx)$ {
root /var/www/yoursite.com;
}

Ma rụkwaa ibugharị ọrụ:

sudo service nginx restart

Mara na site na ntọala ndị a, a ekwe ka na Na-ajụ a ga-agabiga ntuziaka.

Iji Data mkpakọ

Na-eme mkpakọ data site na iji Gzip na Apache na sava weebụ Nginx na-enyere aka belata ọnụọgụ data na-ebufe n'etiti ihe nkesa na onye ahịa, nke na-eme ka arụmọrụ dịkwuo mma ma belata oge ntinye ibe weebụ.

Iji mee ka Gzip on Apache, ịkwesịrị ịgbalite ya mod_deflate modul:

sudo a2enmod deflate

Mgbe ahụ, malitegharịa sava weebụ:

sudo service apache2 restart

N'ikpeazụ, gbakwunye ngọngọ na-esonụ na faịlụ nhazi ma ọ bụ .htaccess:

<IfModule mod_deflate.c>
# Configure compression for specified file types
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json

# If the browser matches the specified pattern, apply compression only to text/html files
BrowserMatch ^Mozilla/4 gzip-only-text/html

# If the browser matches the specified version patterns of Mozilla 4.0.6, 4.0.7, 4.0.8, disable compression
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# If the browser is MSIE (Internet Explorer), disable compression for all files except text/html
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# If the request contains the specified pattern (extensions of image files), disable compression
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip
</IfModule>

Nhazi a na-enyere mkpakọ maka ụfọdụ ụdị faịlụ ma gbanyụọ ya maka onyonyo.

N'okwu nke Nginx, Nhazi na-eme na http ngọngọ nke faịlụ nhazi. Ekwesịrị ịgbakwunye koodu ndị a:

gzip on;
gzip_disable "msie6";

# Adds the Vary header, indicating that the response may change depending on the Accept-Encoding header value
gzip_vary on;

# Enables compression for any proxy servers
gzip_proxied any;

# Sets the compression level. A value of 6 provides a good balance between compression efficiency and resource use
gzip_comp_level 6;

# Sets the size of the buffer for compressed data (16 buffers of 8 kilobytes each)
gzip_buffers 16 8k;

# Specifies that data compression should be used only for HTTP version 1.1 and higher
gzip_http_version 1.1;

# Sets the file types that can be compressed
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

yiri Apache, ebe a ka edobere paramita mkpakọ maka ụfọdụ ụdị faịlụ. Mgbe emechara mgbanwe na sava weebụ ọ bụla, a ga-achọ ibugharị ọrụ:

sudo service apache2 restart

Or

sudo service nginx restart

Mwakpo DDOS na nkesa

Ibu ihe nkesa dị elu nwere ike ime n'ihi mwakpo DDoS. Ịmata ọnụnọ nke ọgụ DDoS nwere ike ime site na nyochaa mmụba mberede na okporo ụzọ, arịrịọ na-adịghị mma, na arụmọrụ nkesa na-agbada. Nyochaa ndekọ maka arịrịọ ugboro ugboro site na otu adreesị IP ma ọ bụ nyocha ọdụ ụgbọ mmiri nwekwara ike igosi ọgụ DDoS ga-ekwe omume. Enwere ọtụtụ usoro nchebe, mana anyị ga-atụle naanị ihe ndị bụ isi.

Iji CDN ( Netwọk Nnyefe Ọdịnaya). CDN nwere ike ije ozi dị ka onye na-emekọrịta ihe n'etiti sava weebụ gị na ndị ọrụ, na-ekesa okporo ụzọ na ọdịnaya caching iji belata mmetụta nke mwakpo DDoS. CDN nwekwara ike ịnwe usoro nchekwa DDoS arụnyere, gụnyere nkesa ibu na nzacha okporo ụzọ.

Na-ahazi firewalls na sistemụ nchọpụta intrusion (IDS/IPS). Enwere ike ịhazi firewalls iji nyochaa okporo ụzọ dabere na njirisi dị iche iche, dị ka adreesị IP na ọdụ ụgbọ mmiri. IDS/IPS nwere ike ịchọpụta omume okporo ụzọ na-adịghị mma ma gbochie njikọ enyo. Ngwá ọrụ ndị a nwere ike ịdị irè na nsuso na igbochi okporo ụzọ nwere ike ime.

Na-ahazi sava weebụ Apache na Nginx iji belata mmetụta ọgụ DDoS.

Dị ka ihe ngwọta maka Apache, anyị na-enyere ndị mod_evasive modul. Iji mee nke a, akọwapụtaghị ma ọ bụ tinye ahịrị na-esonụ na httpd.conf or apache2.conf nhazi faịlụ:

LoadModule evasive20_module modules/mod_evasive.so

N'otu faịlụ ahụ, ịkwesịrị ịgbakwunye ngọngọ ntọala:

<IfModule mod_evasive20.c>
# Hash table size for storing request information
DOSHashTableSize 3097

# Number of requests to one page before activating protection
DOSPageCount 2
DOSPageInterval 1

# Number of requests to all pages before activating protection
DOSSiteCount 50
DOSSiteInterval 1

# Blocking period in seconds for IP addresses
DOSBlockingPeriod 10
</IfModule>

N'otu aka ahụ, anyị na-arụ ọrụ mod_ratelimit modul:

LoadModule ratelimit_module modules/mod_ratelimit.so

Ma tinye nhazi ahụ:

<IfModule mod_ratelimit.c>
# Setting the output filter for rate limiting (Rate Limit)
SetOutputFilter RATE_LIMIT

# Beginning of the settings block for the location "/login"
<Location "/login">

# Setting the environment variable rate-limit with a value of 1
SetEnv rate-limit 1

# Ending of the settings block for the location "/login"
</Location>
</IfModule>

Nhazi maka Nginx yiri ya Apache. Na nginx.conf faịlụ nhazi, ekwesịrị iji ntuziaka ndị a:

http {
...
# Defining a zone for connection limits
limit_conn_zone $binary_remote_addr zone=addr:10m;

# Defining a zone for request limits
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;

server {
        ...
        # Configuring connection limits
        limit_conn addr 10;

        # Configuring request limits
        limit_req zone=req_zone burst=5;

        ...
    }
}

Mgbe emechara mgbanwe na ọrụ nke ọ bụla, ha kwesịrị ibugharị ha:

sudo systemctl restart apache2

ma ọ bụ:

sudo systemctl restart nginx

Ihe atụ ndị a na-enye naanị nhazi ntọala, nke enwere ike ịmegharị ọzọ dabere na ihe ndị a chọrọ na ọdịdị nke ọgụ.

Na-ebuli ajụjụ MySQL

Ịkwalite ajụjụ MySQL nchekwa data na sava weebụ nwere ike nweta n'ụzọ dị iche iche, otu n'ime ha bụ nhazi nhazi nke faịlụ nhazi. Dịka, a na-akpọ faịlụ a aha m.cnf or m.ini ma dị n'ime / wdg / or /etc/mysql/ ndekọ. Ị ga-emepe ya ma mee mgbanwe ndị a:

[mysqld]
# Location of the file for recording slow queries. Be sure to replace it with your path
log-slow-queries = /var/log/mariadb/slow_queries.log

# Threshold time for considering slow queries (in seconds)
long_query_time = 5

# Enabling recording of queries that do not use indexes
log-queries-not-using-indexes = 1

# Disabling query caching
query_cache_size = 0
query_cache_type = 0
query_cache_limit = 1M

# Size of temporary tables
tmp_table_size = 16M
max_heap_table_size = 16M

# Size of the thread cache
thread_cache_size = 16

# Disabling name resolving
skip-name-resolve = 1

# Size of the InnoDB buffer pool. Set to 50-70% of available RAM
innodb_buffer_pool_size = 800M

# Size of the InnoDB log file
innodb_log_file_size = 200M

Ka anyị tụleekwa ndụmọdụ ndị ọzọ nwere ike ime ka mmekọrịta dị na nchekwa data ihe nkesa dị mfe:

1. jiri KWURU nye iwu n'ihu ajụjụ SQL iji nyochaa mmezu ya. Nke a na-enye gị ohere ịnweta atụmatụ ogbugbu maka ajụjụ a wee chọpụta nke index na-eji, nke tebụl na-enyocha, wdg.
2. Ndekọ ndeksi na-eme ka ọchụchọ data dị ngwa, yabụ ndenye aha ahaziri nke ọma nwere ike melite arụmọrụ ajụjụ. Lezienụ anya na ogidi ndị a na-ejikarị eme ihe EBE or BỤ ọnọdụ.
3. Zere iji Họrọ *. Ezipụta naanị kọlụm ndị ahụ dị mkpa n'ezie maka ajụjụ gị, kama ịhọrọ ogidi niile dị na tebụl.
4. Zere iji ọrụ n'ime EBE ọnọdụ. Iji ọrụ (dịka Dị ala, AKWKWỌ, LEFT, RIGHT) na EBE ọnọdụ nwere ike ime ka ndeksi abaghị uru. Gbalịa izere iji ha mee ihe ozugbo na ọnọdụ.
5. Iji AKWỤKWỌ NDỊ ỌZỌ ebe o kwere mee, dịka ọ na-adịkarị mma karịa. Ọzọkwa, hụ na kọlụm ndị dabara adaba maka ịbanye nwere ndeksi.
6. Iji MGBE iji gbochie ọnụọgụ nke ahịrị eweghachiri ma ọ bụrụ na ịchọrọ ịnweta naanị ọnụọgụ ụfọdụ nsonaazụ.
7. Tụlee caching nsonaazụ ajụjụ, ọkachasị ma ọ bụrụ na ha anaghị agbanwe agbanwe, iji belata ibu nkesa.

Ihe nkesa ozi na-emepụta ibu dị elu na nkesa

Na ngalaba a, anyị ga-enyocha otu esi achọpụta na ihe nkesa ozi na-enwe nnukwu ibu yana usoro ndị a ga-eme iji kwalite ọrụ ya, gụnyere ịlele kwụ n'ahịrị ozi na ịhazi paramita nkesa. Malite na ịlele kwụ n'ahịrị ozi. Nke mailq Utility nwere ike inye aka na nke a, iji rụọ ọrụ ya, tinye iwu kwekọrọ na njedebe:

mailq

Nke a ga-egosipụta ndepụta ozi na kwụ n'ahịrị, ọ bụrụ na ọ dị. A ga-egosipụta ozi ọ bụla yana njirimara pụrụ iche yana ozi gbasara ọkwa izipu. Enwere ike nweta nsonaazụ yiri ya site na nyochaa ndekọ ndekọ ndị ahịa mail.

N'ọtụtụ ọnọdụ, ibu dị elu na-eme n'ọnọdụ nke nkwekọrịta nkesa mgbe ọ malitere izipu spam. Otú ọ dị, ọ bụrụ na mgbe ịlele onye nchịkwa nwere obi ike na ihe nkesa adịghị ebuso ya n'èzí na ndị ọrụ anaghị eleghara spam anya, ọ bụ oge ịga n'ihu na-ebuli ihe nkesa ozi. Nke a bụ usoro ndị ga-enyere aka:

1. Gbaa mbọ hụ na ahaziri ndekọ ndekọ DNS nke ngalaba gị nke ọma, gụnyere SPF, Dkim, na DMARC ndekọ iji melite nnyefe ozi ma chebe megide spam. Enwere ike ịchọta nhazi nke ọma nke parampat n'isiokwu na nchọpụta ihe nkesa ozi.
2. Lelee ntọala netwọkụ, gụnyere nhazi firewall na iwu ụzọ, ka ịzena ihe mgbochi ma mee ka nnyefe ozi dị ngwa.
3. Hazie paramita kwụ n'ahịrị ozi dịka ibu nkesa si dị. Nke a nwere ike ịgụnye ịtọ oke kwụ n'ahịrị yana oge nkwụsị.
4. Tụlee ihe ngwọta anyị tụlere n'isiokwu a ná mmalite. Na-ebuli nchekwa data ihe nkesa ozi kwa oge iji kwalite arụmọrụ, jiri usoro nkpuchi iji mee ka ọchụchọ na nhazi data dị ngwa, dị ka ajụjụ DNS.
5. Ọ bụrụ na ihe nkesa ozi ka na-ezute ibu dị elu mgbe niile, tụlee nhọrọ nhazi, dị ka iji ụyọkọ nke sava ozi ma ọ bụ ngwọta igwe ojii.

mmechi

Mmụba ibu nkesa na-emetụta ngwa ngwa nbudata weebụsaịtị, na-emetụta ahụmịhe onye ọrụ na aha ọma na igwe ọchụchọ. Ya mere, ijikwa ibu a nke ọma na-arụ ọrụ dị mkpa n'ịhụ na ọrụ akụ na-aga n'ihu na ịbawanye ohere ya maka ndị ọbịa.