barnaamijka affiliate Aqoonyahanka
Kasoo kicinta Datacenters Siyaasadda xadgudubka
madax--burgar
Guddiga xakamayntaControlPanel
Adeegaha ra'yi-celintaMaamulkaSSLMaamulaha ISPWindows VPSLinux VPSVPS ee VPN
Aqoonyahanka Tilmaamo fudud oo lagula shaqeeyo adeegga Profitserver
Main Aqoonyahanka Yaraynta culeyska server-ka

Yaraynta culeyska server-ka

Maqaalkan, waxaan ku dhex geli doonaa sababta kororka culeyska server-ka uu u dhaco oo aan ka wada hadalno siyaabo kala duwan oo lagu wanaajiyo hababka culeyska sare leh. Fiiro gaar ah ayaa la siin doonaa hagaajinta koodhka ee Apache/Nginx iyo MySQL, waxaan ka hadli doonaa kaydinta sidii qalab caawiye ah, sidoo kale waxaan tixgelin doonaa khataraha dibadeed ee suurtogalka ah, sida weerarrada DDOS, iyo siyaabaha looga hortago.

Shaxda content
Yaree

Waa maxay sababta Load Server u dhaco

Kahor intaadan u gudbin hagaajinta server-ka, waxaa lagama maarmaan ah in la sameeyo falanqayn qotodheer oo ku saabsan culeyska hadda jira ee kheyraadka. Tan waxaa ka mid ah cabbiraadda culeyska CPU, isticmaalka RAM, dhaqdhaqaaqa shabakadda, iyo cabbirrada kale ee muhiimka ah. Fahamka dhaq-dhaqaaqa iyo culeysyada ugu sarreeya waxay u oggolaaneysaa in la aqoonsado caqabadaha iyo hagaajinta qoondaynta kheyraadka, sidaas darteed kordhinta xasilloonida iyo waxqabadka kaabayaasha server-ka.

Cilad-baadhista bilowga ah ee culayska badan ee server-ka, waxaanu ku talinaynaa in la sameeyo a ogaanshaha guud ee server-ka. Haddii tani aysan ku filneyn, faahfaahin dheeraad ah falanqaynta khayraadka waa lagama maarmaan. Sida qalab caawiye ah, sahaminta Logs ee Linux server-ku wuxuu noqon karaa mid waxtar leh, sababtoo ah tani waa meesha isha dhibaatada laga helo inta badan kiisaska.

Hagaajinta Apache/Nginx Server

Kordhinta Culayska Server-ka Sababtoo ah Tilmaan-ururinta

Kordhinta culeyska sababtoo ah tusmaynta server-ka ayaa dhici karta, tusaale ahaan, marka makiinadaha raadinta ay sawiraan tiro badan oo bogag ah oo ku yaal goobtaada. Tani waxay u horseedi kartaa korodhka isticmaalka ilaha server-ka iyo, sidaas awgeed,, hoos u dhigista waxqabadka goobta. Aqoonsiga sababta waa mid fudud; waxaad u baahan tahay inaad furto faylka ku yaal:

/var/www/httpd-logs/sitename.access.log

Marka lagu tilmaansado makiinadaha raadinta, isticmaaluhu wuxuu arki doonaa galitaanka dabeecadda soo socota:

11.22.33.44 - - [Date and Time] "GET /your-page-path HTTP/1.1" 200 1234 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

Sida xalka ugu horreeya si loo yareeyo culeyska, waxaad isticmaali kartaa dejinta meta tags "noindex" iyo "nofollow" boggaga aan u baahnayn in la tilmaamo. Xalka labaad waa kan .htaccess faylka, halkaasoo gelinta u dhiganta matoorada raadinta gaarka ah loo baahan yahay in lagu daro, tusaale ahaan, si looga qariyo Yandex iyo Google:

SetEnvIfNoCase User-Agent "^Yandex" search_bot
SetEnvIfNoCase User-Agent "^Googlebot" search_bot
Order Allow,Deny
Allow from all
Deny from env=search_bot

Sidoo kale, wax ka beddel ayaa loo baahan yahay in lagu sameeyo makiinadaha raadinta kale. Waa in la ogaadaa in awoodaha .htaccess aysan ku koobnayn kaliya xannibista tusmooyinka. Waxaan kugula talineynaa inaad si badan u barato sifooyinkeeda ugu muhiimsan ee ku jira article.

Isticmaalka Settings Caching

Dejinta kaydinta khaldan ee server-ka waxay sidoo kale horseedi kartaa culeys sare. Si loo hagaajiyo cabbirkan, isbeddelada u dhigma ayaa loo baahan yahay in lagu sameeyo faylalka habaynta ama .htaccess. Xaaladda Apache, doorashada dambe ayaa la doorbidaa, Nginx - kii hore.

On a Apache server, waxaad u baahan tahay inaad furto .htacess fayl garee oo geli koodka soo socda:

<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf|doc|docx)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>

Markaas, awood Dhacayaa moduleka isticmaalaya amarka:

sudo a2enmod expires

Ka dib markaa, dib u bilaw serverka shabakada:

sudo service apache2 restart

Oo dhaqaaji moduleka adiga oo tilmaamaya:

ExpiresActive On

on a Nginx server, waa ku filan tahay in lagu daro koodka soo socda faylka qaabeynta:

location ~* .(jpg|jpeg|gif|png|ico|css|swf|flv|doc|docx)$ {
root /var/www/yoursite.com;
}

Oo samee dib u dejinta adeegga:

sudo service nginx restart

Ogsoonow in goobahan, the U oggolow iyo Iska diid awaamiirta waa la dhaafi doonaa.

Isticmaalka Cadaadiska Xogta

Awood-siinta xogta iyadoo la adeegsanayo Gzip on Apache iyo server-yada Nginx waxay gacan ka geystaan ​​dhimista qadarka xogta u dhaxaysa serverka iyo macmiilka, taas oo wanaajisa waxqabadka waxayna yaraynaysaa wakhtiga rarista bogga shabakadda.

Si aad u awoodsiiso Gzip on Apache, waxaad u baahan tahay inaad kiciso mod_deflate module:

sudo a2enmod deflate

Kadibna, dib u bilaw serverka shabakada:

sudo service apache2 restart

Ugu dambeyntiina, ku dar xannibaadda soo socota faylka qaabeynta ama .htaccess:

<IfModule mod_deflate.c>
# Configure compression for specified file types
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json

# If the browser matches the specified pattern, apply compression only to text/html files
BrowserMatch ^Mozilla/4 gzip-only-text/html

# If the browser matches the specified version patterns of Mozilla 4.0.6, 4.0.7, 4.0.8, disable compression
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# If the browser is MSIE (Internet Explorer), disable compression for all files except text/html
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# If the request contains the specified pattern (extensions of image files), disable compression
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip
</IfModule>

Qaabayntan waxay awood u siinaysaa isku-buufinta noocyada faylalka qaarkood oo waxay ka joojinaysaa sawirrada.

In the case of Nginx, habayntu waxay ku dhacdaa http block ee faylka qaabeynta. Koodhka soo socda ayaa loo baahan yahay in lagu daro:

gzip on;
gzip_disable "msie6";

# Adds the Vary header, indicating that the response may change depending on the Accept-Encoding header value
gzip_vary on;

# Enables compression for any proxy servers
gzip_proxied any;

# Sets the compression level. A value of 6 provides a good balance between compression efficiency and resource use
gzip_comp_level 6;

# Sets the size of the buffer for compressed data (16 buffers of 8 kilobytes each)
gzip_buffers 16 8k;

# Specifies that data compression should be used only for HTTP version 1.1 and higher
gzip_http_version 1.1;

# Sets the file types that can be compressed
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

Sidoo kale Apache, halkan waxaa lagu dejiyaa cabbirada isku-buufinta ee noocyada faylalka qaarkood. Ka dib marka isbeddel lagu sameeyo mid ka mid ah server-yada shabakadda, dib u soo dejinta adeegga ayaa loo baahan yahay:

sudo service apache2 restart

Or

sudo service nginx restart

Weerarkii DDOS ee Server-ka

Culayska sare ee server-ka wuxuu ku dhici karaa natiijada weerarka DDoS. Aqoonsiga joogitaanka weerarka DDoS waxa lagu samayn karaa la socodka korodhka degdega ah ee taraafikada, codsiyada aan caadiga ahayn, iyo hoos u dhaca waxqabadka server-ka. Dib u eegista diiwaannada codsiyada soo noqnoqda ee hal ciwaanka IP-ga ah ama sawirka dekedda waxay sidoo kale muujin kartaa weerar DDoS suurtagal ah. Waxaa jira tallaabooyin badan oo ilaalin ah, laakiin waxaan ka hadli doonaa oo kaliya aasaaska.

Isticmaalka CDN (Shabakadda Gudbinta Mawduuca). CDN waxay u adeegi kartaa dhexdhexaadiye u dhexeeya server-kaaga iyo isticmaalayaasha, qaybinta taraafikada iyo macluumaadka kaydinta si loo yareeyo saameynta weerarka DDoS. CDN-yadu waxay sidoo kale yeelan karaan habab ilaalinta DDoS oo ku dhex dhisan, oo ay ku jiraan qaybinta rarka iyo shaandhaynta taraafikada.

Habaynta dab-damiska iyo nidaamyada ogaanshaha galitaanka (IDS/IPS). Dab-damiska waxaa loo habayn karaa si loo shaandheeyo taraafikada iyadoo loo eegayo shuruudo kala duwan, sida cinwaannada IP-ga iyo dekedaha. IDS/IPS waxay ogaan karaan dhaqanka taraafikada ee aan caadiga ahayn waxayna xannibi karaan xiriirrada laga shakiyo. Qalabkani waxa uu wax ku ool u noqon karaa la socodka iyo xannibaadda taraafikada suurtagalka ah ee xaasidnimada leh.

Habaynta Apache iyo Nginx server-yada si loo yareeyo saamaynta weerarrada DDoS.

Sida xal loogu helo Apache, waxaan awood u siineynaa mod_evasive module. Si tan loo sameeyo, faallo ka bixin ama ku dar xariiqda soo socota gudaha httpd.conf or apache2.conf faylka qaabeynta:

LoadModule evasive20_module modules/mod_evasive.so

Isla faylka, waxaad u baahan tahay inaad ku darto xannibaadda dejinta:

<IfModule mod_evasive20.c>
# Hash table size for storing request information
DOSHashTableSize 3097

# Number of requests to one page before activating protection
DOSPageCount 2
DOSPageInterval 1

# Number of requests to all pages before activating protection
DOSSiteCount 50
DOSSiteInterval 1

# Blocking period in seconds for IP addresses
DOSBlockingPeriod 10
</IfModule>

Sidoo kale, waxaanu hawlgelinaynaa mod_ratelimit module:

LoadModule ratelimit_module modules/mod_ratelimit.so

Oo ku dar qaabaynta:

<IfModule mod_ratelimit.c>
# Setting the output filter for rate limiting (Rate Limit)
SetOutputFilter RATE_LIMIT

# Beginning of the settings block for the location "/login"
<Location "/login">

# Setting the environment variable rate-limit with a value of 1
SetEnv rate-limit 1

# Ending of the settings block for the location "/login"
</Location>
</IfModule>

Qaabeynta loogu talagalay Nginx waxay la mid tahay Apache. In nginx.conf faylka qaabeynta, dardaaranka soo socda ayaa loo baahan yahay in la isticmaalo:

http {
...
# Defining a zone for connection limits
limit_conn_zone $binary_remote_addr zone=addr:10m;

# Defining a zone for request limits
limit_req_zone $binary_remote_addr zone=req_zone:10m rate=1r/s;

server {
        ...
        # Configuring connection limits
        limit_conn addr 10;

        # Configuring request limits
        limit_req zone=req_zone burst=5;

        ...
    }
}

Kadib marka ay isbedel ku sameeyaan mid kasta oo ka mid ah adeegyada, waxay u baahan yihiin in dib loo raro:

sudo systemctl restart apache2

Ama:

sudo systemctl restart nginx

Tusaalooyinkani waxay bixiyaan kaliya qaabeynta aasaasiga ah, kaas oo si dheeraad ah loo waafajin karo iyadoo ku xiran shuruudaha gaarka ah iyo nooca weerarrada.

Hagaajinta Su'aalaha MySQL

Hagaajinta su'aalaha xogta MySQL ee server-ka shabakada waxaa lagu gaari karaa siyaabo kala duwan, mid ka mid ahna waa qaabeynta saxda ah ee faylka qaabeynta. Caadi ahaan, faylkan waa la magacaabay my.cnf or my.ini waxayna ku taal gudaha / iwm / or / iwm/mysql/ hagaha. Waxaad u baahan tahay inaad furto oo aad samayso isbeddellada soo socda:

[mysqld]
# Location of the file for recording slow queries. Be sure to replace it with your path
log-slow-queries = /var/log/mariadb/slow_queries.log

# Threshold time for considering slow queries (in seconds)
long_query_time = 5

# Enabling recording of queries that do not use indexes
log-queries-not-using-indexes = 1

# Disabling query caching
query_cache_size = 0
query_cache_type = 0
query_cache_limit = 1M

# Size of temporary tables
tmp_table_size = 16M
max_heap_table_size = 16M

# Size of the thread cache
thread_cache_size = 16

# Disabling name resolving
skip-name-resolve = 1

# Size of the InnoDB buffer pool. Set to 50-70% of available RAM
innodb_buffer_pool_size = 800M

# Size of the InnoDB log file
innodb_log_file_size = 200M

Aynu sidoo kale tixgelinno talooyinka dheeraadka ah ee fududayn kara isdhexgalka xogta serverka:

  1. Isticmaal Faahfaahin amar ka hor su'aalaha SQL si loo falanqeeyo fulinteeda. Tani waxay kuu ogolaaneysaa inaad hesho qorshe fulinta su'aasha oo aad go'aamiso tusmooyinka la isticmaalo, miisaska la sawiray, iwm.
  2. Tusayaashu waxay dedejiyaan raadinta xogta, sidaas darteed tusmooyinka sida habboon loo qaabeeyey ayaa si weyn u wanaajin kara waxqabadka weydiinta. U fiirso tiirarka sida badan loo isticmaalo HALKEE or JOIN xaaladaha.
  3. Ka fogow adeegsiga DOELECT *. Keliya tiirarka sida dhabta ah lagama maarmaanka u ah weydiintaada, halkii aad ka dooran lahayd dhammaan tiirarka shaxda.
  4. Ka fogow isticmaalka hawlaha gudaha HALKEE shuruudaha. Isticmaalka hawlaha (sida HOOSAN, UPPER, BIDIX, XAQA) HALKEE shuruudaha waxay ka dhigi karaan tusmooyinka wax aan faa'iido lahayn. Isku day inaad ka fogaato isticmaalkooda tooska ah xaaladaha.
  5. Isticmaal INNER JOIN halka ay suurtagal tahay, maadaama ay inta badan ka waxtar badan tahay. Sidoo kale, hubi in tiirarka u dhigma ee ku biirista ay leeyihiin tusmooyin.
  6. Isticmaal Yaree si loo xaddido tirada safafka la soo celiyay haddii aad u baahan tahay inaad hesho tiro cayiman oo natiijooyin ah.
  7. Tixgeli kaydinta natiijooyinka weydiinta, gaar ahaan haddii ay naadir isbeddelaan, si loo dhimo culayska server-ka.

Adeegaha Boostada waxa uu ku abuuraa Server-ka culays sare

Qaybtan, waxaan ku baari doonaa sida loo go'aamiyo in server-ka boostada uu la kulmaayo culeys badan iyo talaabooyinka la qaadi karo si kor loogu qaado hawshiisa, oo ay ku jiraan hubinta safka fariinta iyo habaynta xuduudaha server-ka. Ka bilow inaad hubiso safka fariinta. The mailq utility ayaa kaa caawin kara tan, si aad u dhaqaajiso, geli amarka u dhigma ee terminalka:

mailq

Tani waxay muujin doontaa liiska fariimaha safka ku jira, haddii ay jiraan. Fariin kasta waxaa lagu soo bandhigi doonaa aqoonsigeeda gaarka ah iyo macluumaadka ku saabsan heerka dirida. Natiijo la mid ah ayaa lagu heli karaa dib u eegista diiwaanka macmiilka boostada.

Xaaladaha intooda badan, culeyska sare wuxuu dhacaa haddii ay dhacdo is-afgaranwaa server-ka marka ay bilowdo diritaanka spam. Si kastaba ha noqotee, haddii ka dib markaad hubiso maamulaha uu ku kalsoon yahay in server-ka aan laga soo weerarin dibadda iyo isticmaalayaashu aysan dayacin spam, waa waqtigii loo gudbi lahaa hagaajinta serverka boostada. Waa kuwan tillaabooyinka ku caawin doona:

  1. Hubi in diiwaanka DNS ee boggaaga si sax ah loo habeeyey, oo ay ku jiraan SPF, DKIM, Iyo DMRC diiwaanada si loo hagaajiyo gudbinta waraaqaha loogana ilaaliyo spam. Qaabeynta saxda ah ee xuduudaha waxaa laga heli karaa maqaalka ku saabsan ogaanshaha server-ka boostada.
  2. Hubi goobaha shabakada, oo ay ku jiraan qaabeynta firewall-ka iyo qawaaniinta dariiqa, si aad uga fogaato xannibaadaha oo aad u dedejiso diritaannada.
  3. Habbee xuduudaha safka fariinta si waafaqsan culayska serverka. Tan waxa ku jiri kara in la dejiyo cabbirka safka ugu badan iyo waqtiyada.
  4. Ka fiirso xalalka aan kaga hadalnay maqaalkan hore. Marmarba kor u qaad xogta kaydinta boostada si aad u wanaajiso waxqabadka, adeegso hababka kaydinta si aad u dedejiso raadinta iyo habaynta xogta, sida waydiimaha DNS.
  5. Haddii serfarka boostada uu wali si joogto ah ula kulmo culays sare, ka fiirso xulashooyinka cabirida, sida isticmaalka koox ka mid ah adeegayaasha boostada ama xalalka daruuraha.

Ugu Dambeyn

Kordhinta culeyska server-ka ayaa si toos ah u saameeya xawaaraha rarka website-ka, ugu dambeyntii saameyn ku yeelata khibradaha isticmaalaha iyo sumcadda matoorada raadinta. Haddaba, si wax ku ool ah oo loo maareeyo culayskani waxa ay door muhiim ah ka ciyaartaa hubinta shaqaynta joogtada ah ee agabka iyo kordhinta marin u helida booqdayaasha.

❮ Maqaal hore Baarista Load Server
Maqaalka xiga ❯ Certbot: Rakibaadda Aynu Sirin Shahaadada

Wax naga weydii VPS

Waxaan mar walba diyaar u nahay inaan ka jawaabno su'aalahaaga wakhti kasta oo habeen iyo maalin ah.
ProfitServer
@profitserver
Ku soo biir kanaalka