Muchinyorwa chino, isu tichaongorora kuti sei yakawedzera server kuremerwa kunoitika uye kukurukura nzira dzakasiyana dzekukwirisa yakakwirira-mutoro maitiro. Kunyanya kutariswa kuchapihwa kodhi optimization muApache/Nginx uye MySQL, isu tichataura nezve caching sechishandiso chekubatsira, uye zvakare kufunga dzingangove kutyisidzira kwekunze, sekurwiswa kweDDOS, uye nzira dzekudzidzivirira.
Sei Server Load Inoitika
Usati waenderera kune server optimization, zvinodikanwa kuita ongororo yakakwana yemutoro wazvino pane zviwanikwa. Izvi zvinosanganisira kuyera CPU mutoro, kushandiswa kweRAM, chiitiko chetiweki, uye mamwe akakosha paramita. Kunzwisisa masimba uye mitoro yepamusoro inobvumira kuona mabhodhoro uye optimize zviwanikwa zvekugovera, nekudaro kuwedzera kugadzikana uye kuita kweiyo server zvivakwa.
Kwekutanga kugadzirisa dambudziko repamusoro server mutoro, tinokurudzira kuitisa a general server diagnostics. Kana izvi zvisina kukwana, imwe yakadzama kuongororwa kwezvinhu zvinodiwa. Sechishandiso chekubatsira, kuongorora iyo matanda eLinux server inogona kubatsira, sezvo apa ndipo panowanikwa sosi yedambudziko muzviitiko zvakawanda.
Kugadzirisa Apache/Nginx Server
Yakawedzera Server Mutoro Nekuda kweIndexing
Kuwedzera mutoro nekuda kwe indexing pane sevha inogona kuitika, semuenzaniso, kana injini dzekutsvaga dzichitsvaga nhamba huru yemapeji panzvimbo yako. Izvi zvinogona kutungamira mukuwedzera kushandiswa kwemaseva zviwanikwa uye, nekudaro, kunonotsa kuita kwesaiti. Kuziva chikonzero kuri nyore; unofanira kuvhura faira riri pa:
/var/www/httpd-logs/sitename.access.logKana yaiswa indexed neinjini dzekutsvaga, mushandisi achaona zvinyorwa zveanotevera hunhu:
11.22.33.44 - - [Date and Time] "GET /your-page-path HTTP/1.1" 200 1234 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"Semhinduro yekutanga kuderedza mutoro, unogona kushandisa kuseta kwema meta tags "noindex" uye "nofollow" pamapeji asingade kunyorwa. Mhinduro yechipiri ndeye .htaccess faira, uko zvinyorwa zvinoenderana neinjini dzekutsvaga dzinoda kuwedzerwa, semuenzaniso, kuvanda kubva kuYandex neGoogle:
SetEnvIfNoCase User-Agent "^Yandex" search_bot
SetEnvIfNoCase User-Agent "^Googlebot" search_bot
Order Allow,Deny
Allow from all
Deny from env=search_botSaizvozvo, edits dzinofanira kuitwa kune dzimwe injini dzekutsvaga. Izvo zvinofanirwa kucherechedzwa kuti kugona kwe.htaccess hakungogumiri pakuvharira indexing. Isu tinokurudzira kuti tiwedzere kujairana neayo makuru maficha mu chinyorwa.
Kushandisa Caching Settings
Zvisizvo caching zvigadziriso pane sevha zvinogona zvakare kutungamirira kune yakakwira mutoro. Kukwirisa iyi paramende, shanduko dzinoenderana dzinofanirwa kuitwa mumafaira ekugadzirisa kana .htaccess. Panyaya yeApache, iyo yekupedzisira sarudzo yakanakira, yeNginx - yekutanga.
On an Apache server, unofanirwa kuvhura iyo .htacess faira uye isa kodhi inotevera:
<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf|doc|docx)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>Zvadaro, shandisa iyo Kupera module uchishandisa murairo:
sudo a2enmod expiresMushure meizvozvo, tangazve sevha yewebhu:
sudo service apache2 restartUye shandisa module nekutsanangura:
ExpiresActive Onpane Nginx server, zvakakwana kuwedzera kodhi inotevera kune faira yekumisikidza:
location ~* .(jpg|jpeg|gif|png|ico|css|swf|flv|doc|docx)$ {
root /var/www/yoursite.com;
}Uye ita sevhisi reload:
sudo service nginx restartZiva kuti nezvirongwa izvi, iyo tendera uye Denyera mirairo ichadziviswa.
Kushandisa Data Compression
Kugonesa kudzvanya data uchishandisa Gzip paApache uye Nginx webhu maseva inobatsira kuderedza huwandu hwe data inofambiswa pakati pesevha nemutengi, iyo inovandudza mashandiro uye inoderedza nguva yekurodha peji rewebhu.
Kugonesa Gzip on Apache, iwe unofanirwa kushandura iyo mod_deflate module:
sudo a2enmod deflateZvadaro, tangazve web server:
sudo service apache2 restartUye pakupedzisira, wedzera chivharo chinotevera kune faira rekugadzirisa kana .htaccess:
<IfModule mod_deflate.c>
# Configure compression for specified file types
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json
# If the browser matches the specified pattern, apply compression only to text/html files
BrowserMatch ^Mozilla/4 gzip-only-text/html
# If the browser matches the specified version patterns of Mozilla 4.0.6, 4.0.7, 4.0.8, disable compression
BrowserMatch ^Mozilla/4\.0[678] no-gzip
# If the browser is MSIE (Internet Explorer), disable compression for all files except text/html
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# If the request contains the specified pattern (extensions of image files), disable compression
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip
</IfModule>Iyi gadziriso inogonesa kudzvanya kwemamwe marudzi emafaira uye inodzima kune mifananidzo.
Kana Nginx, configuration inoitika mu http: block yefaira rekugadzirisa. Iyo inotevera kodhi inoda kuwedzerwa:
gzip on;
gzip_disable "msie6";
# Adds the Vary header, indicating that the response may change depending on the Accept-Encoding header value
gzip_vary on;
# Enables compression for any proxy servers
gzip_proxied any;
# Sets the compression level. A value of 6 provides a good balance between compression efficiency and resource use
gzip_comp_level 6;
# Sets the size of the buffer for compressed data (16 buffers of 8 kilobytes each)
gzip_buffers 16 8k;
# Specifies that data compression should be used only for HTTP version 1.1 and higher
gzip_http_version 1.1;
# Sets the file types that can be compressed
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;Saizvozvowo Apache, pano iyo compression parameters yemamwe marudzi emafaira akaiswa. Mushure mekuita shanduko kune chero yewebhu maseva, sevhisi reload inodiwa:
sudo service apache2 restartOr
sudo service nginx restartDDOS Kurwisa paSevha
Yakakwira sevha mutoro inogona kuitika semhedzisiro yekurwiswa kweDDoS. Kuziva kuvepo kwekurwiswa kweDDoS kunogona kuitwa kuburikidza nekutarisa kuwedzera kamwe kamwe mutraffic, zvikumbiro zvisina kujairika, uye server performance inodonha. Kudzokorora matanda ezvikumbiro zvakadzokororwa kubva kune imwe kero yeIP kana chiteshi chekuongorora kunogonawo kuratidza inogona kuitika DDoS kurwisa. Kune akawanda matanho ekudzivirira, asi isu tichangokurukura zvekutanga.
Kushandisa CDN (Content Delivery Network). A CDN inogona kushanda semurevereri pakati pewebhu server yako nevashandisi, kugovera traffic uye caching zvemukati kudzikamisa kukanganisa kweDDoS kurwiswa. MaCDN anogona zvakare kuve akavakirwa-mukati meDDoS nzira dzekudzivirira, kusanganisira kugovera mutoro uye kusefa kwemigwagwa.
Kugadzirisa firewall uye intrusion yekuona masisitimu (IDS/IPS). Mafirewall anogona kugadzirwa kusefa traffic zvichienderana neakasiyana maitiro, senge IP kero uye madoko. IDS/IPS inogona kuona zvisirizvo maitiro emutraffic uye kuvharisa fungidziro yekufungidzira. Zvishandiso izvi zvinogona kushanda mukutevera nekuvharisa zvingangove zvakashata traffic.
Kugadzirisa Apache uye Nginx webhu maseva kudzikamisa kukanganisa kweDDoS kurwiswa.
Semhinduro yeApache, isu tinogonesa iyo mod_evasive module. Kuti uite izvi, uncomment kana kuwedzera mutsara unotevera mu httpd.conf or apache2.conf configuration file:
LoadModule evasive20_module modules/mod_evasive.soMune iyo faira imwe chete, iwe unofanirwa kuwedzera marongero block:
<IfModule mod_evasive20.c>
# Hash table size for storing request information
DOSHashTableSize 3097
# Number of requests to one page before activating protection
DOSPageCount 2
DOSPageInterval 1
# Number of requests to all pages before activating protection
DOSSiteCount 50
DOSSiteInterval 1
# Blocking period in seconds for IP addresses
DOSBlockingPeriod 10
</IfModule>Saizvozvo, isu activate the mod_ratelimit module:
LoadModule ratelimit_module modules/mod_ratelimit.soUye wedzera gadziriso:
<IfModule mod_ratelimit.c>
# Setting the output filter for rate limiting (Rate Limit)
SetOutputFilter RATE_LIMIT
# Beginning of the settings block for the location "/login"
<Location "/login">
# Setting the environment variable rate-limit with a value of 1
SetEnv rate-limit 1
# Ending of the settings block for the location "/login"
</Location>
</IfModule>Iyo configuration ye Nginx zvakafanana Apache. Mu nginx.conf configuration faira, zvinotevera zvinongedzo zvinoda kushandiswa:
http {
...
# Defining a zone for connection limits
limit_conn_zone $binary_remote_addr zone=addr:10m;
# Defining a zone for request limits
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;
server {
...
# Configuring connection limits
limit_conn addr 10;
# Configuring request limits
limit_req zone=req_zone burst=5;
...
}
}Mushure mekuita shanduko kune yega yega masevhisi, anofanirwa kurodhazve:
sudo systemctl restart apache2Or:
sudo systemctl restart nginxIyi mienzaniso inopa chete gadziriro yekutanga, iyo inogona kugadziridzwa zvakare zvichienderana nezvinodiwa chaizvo uye chimiro chekurwiswa.
Kugadzirisa MySQL Mibvunzo
Kugadzirisa mibvunzo yedatabase yeMySQL pawebhu server inogona kuwanikwa nenzira dzakasiyana-siyana, uye imwe yadzo ndeyekugadziriswa kwakakodzera kwefaira rekugadzirisa. Kazhinji, iyi faira inodanwa yangu.cnf or yangu.ini uye inowanikwa mu / nezvimwe / or /etc/mysql/ directory. Iwe unofanirwa kuivhura uye kuita shanduko dzinotevera:
[mysqld]
# Location of the file for recording slow queries. Be sure to replace it with your path
log-slow-queries = /var/log/mariadb/slow_queries.log
# Threshold time for considering slow queries (in seconds)
long_query_time = 5
# Enabling recording of queries that do not use indexes
log-queries-not-using-indexes = 1
# Disabling query caching
query_cache_size = 0
query_cache_type = 0
query_cache_limit = 1M
# Size of temporary tables
tmp_table_size = 16M
max_heap_table_size = 16M
# Size of the thread cache
thread_cache_size = 16
# Disabling name resolving
skip-name-resolve = 1
# Size of the InnoDB buffer pool. Set to 50-70% of available RAM
innodb_buffer_pool_size = 800M
# Size of the InnoDB log file
innodb_log_file_size = 200MNgatitariseiwo mamwe mazano anogona kufambisa kudyidzana neserver database:
- Shandisa DZIDZA raira pamberi pemubvunzo weSQL kuti uongorore kuita kwayo. Izvi zvinokutendera kuti uwane chirongwa chekuuraya chemubvunzo uye uone kuti ndeapi ma index anoshandiswa, ndeapi matafura anoongororwa, nezvimwe.
- Ma indexes anomhanyisa kutsvaga kwedata, saka ma index akagadzirwa zvakanaka anogona kuvandudza zvakanyanya kuita kwemubvunzo. Chenjerera kune makoramu anowanzo shandiswa mukati WHERE or ONA mamiriro.
- Ngwarira kushandisa Sarudza *. Nyora chete makoramu ayo anonyatso diwa pamubvunzo wako, pane kusarudza makoramu ese mutafura.
- Dzivisa kushandisa mabasa mukati WHERE mamiriro. Kushandisa mabasa (akadai se CHIDUKU, PAMUSORO, RUBOSHWE, RUDYIin WHERE mamiriro anogona kuita indexes kusashanda. Edza kudzivisa kushandiswa kwavo zvakananga mumamiriro ezvinhu.
- shandisa INNER JOIN pazvinogoneka, sezvo kazhinji kazhinji inoshanda. Zvakare, ita shuwa kuti makoramu anoenderana ekubatanidza ane indexes.
- shandisa ZVIMWE kudzikamisa huwandu hwemitsara yakadzoserwa kana iwe uchida kuwana imwe nhamba yemhedzisiro.
- Funga caching mhinduro yemubvunzo, kunyanya kana isingawanzo chinja, kuderedza server kuremerwa.
Iyo Email Server Inogadzira Yakakwira Mutoro paSevha
Muchikamu chino, isu tichaongorora maitiro ekuona kuti sevha yemeseji irikuremerwa uye kuti ndeapi matanho anogona kutorwa kuti awedzere kushanda kwayo, kusanganisira kutarisa mutsara wemeseji uye kugadzirisa server paramita. Tanga nekutarisa mutsara wemeseji. The mailq utility inogona kubatsira neizvi, kuti iite kuti iite, isa murairo unoenderana mune terminal:
mailqIzvi zvicharatidza rondedzero yemameseji mumutsara, kana iripo. Imwe neimwe meseji icharatidzwa ine yakasarudzika identifier uye ruzivo nezve mamiriro ekutumira. Mhedzisiro yakafanana inogona kuwanikwa nekuongorora magwaro evatengi vetsamba.
Muzviitiko zvakawanda, mutoro wakakwirira unoitika muchiitiko che server compromise painotanga kutumira spam. Nekudaro, kana mushure mekutarisa maneja ane chivimbo chekuti sevha haina kurwiswa kubva kunze uye vashandisi havasi kuregeredza spam, inguva yekuenderera mberi nekugadzirisa iyo mail server. Heano matanho anobatsira:
- Ita shuwa kuti yako domain DNS marekodhi akagadziriswa nemazvo, kusanganisira SPF, DKIM, uye DMARC zvinyorwa zvekuvandudza mail kutumira uye kudzivirira kubva kune spam. Iko kurongeka kwakaringana kweparamita kunogona kuwanikwa muchinyorwa pa mail server diagnostics.
- Tarisa marongero etiweki, anosanganisira firewall kumisikidzwa uye routing mitemo, kudzivirira mabhuroko uye nekumhanyisa kutumira tsamba.
- Rongedza mitsara yemutsara wemeseji zvinoenderana nekuremerwa kweseva. Izvi zvinogona kusanganisira kuseta hukuru hwemutsetse uye nguva dzekupedza nguva.
- Funga nezvemhinduro dzatakurukura munyaya ino yapfuura. Nguva nenguva gadzirisa iyo mail server dhatabhesi kuti uvandudze mashandiro, shandisa caching nzira kukurumidza kutsvaga nekugadzirisa data, senge DNS mibvunzo.
- Kana iyo mail server ichiri kugara ichisangana neyakakura, funga nezve kuyera sarudzo, sekushandisa boka remasevha etsamba kana gore mhinduro.
mhedziso
Kuwedzera server kuremerwa kunobata zvakananga kurodha webhusaiti kumhanya, pakupedzisira kukanganisa mushandisi ruzivo uye mukurumbira mumajini ekutsvaga. Nokudaro, kunyatsogadzirisa mutoro uyu kunotora basa rinokosha pakuita kuti basa rirambe riripo rekushandisa uye kuwedzera kuwanikwa kwayo kune vashanyi.
