Littafin Adireshi
Bugawa HestiaCP Wannan cikakken jagorar shigar da Admin ya haɗa da tura kayan aiki sau ɗaya, ƙarfafa tsaro, da matakan daidaitawa ta atomatik. Yana koya muku mataki-mataki yadda ake amfani da kayan aikin sarrafa bayanai da kare sabar ku, yana sauƙaƙa wa masu farawa su fara da sauri da kuma magance matsalolin aikin da kuma kula da HestiaCP + Admin.
Idan har yanzu kana amfani da kayan aikin sarrafa bayanai ba tare da wata kariya ba, to kana mika makullan ga masu kutse.
Me yasa za a zaɓi Admin maimakon... phpMyAdmin?
Adminer ya ƙunshi fayil guda ɗaya na PHP wanda bai wuce 1MB ba, wanda hakan ya sa shigarwar ta zama mai sauƙi, sauri, kuma mai inganci.
Idan aka kwatanta da tsarin phpMyAdmin mai rikitarwa, Adminer ya fi dacewa da VPS, ƙananan gidajen yanar gizo, da ayyukan sirri.
Matakai don shigar da Administrator a HestiaCP
1. Sauke fayil ɗin Mai Gudanarwa
Je zuwa Shafin Yanar Gizo na Gudanarwa Sauke sabuwar sigar adminer.php.
Loda fayil ɗin zuwa babban fayil ɗin gidan yanar gizo na HestiaCP, misali:
/home/username/web/adminer.domain.com/public_html/adminer.php
2. Ƙirƙiri wani yanki mai suna (domain) sannan ka kunna SSL.
Ƙara wani yanki a cikin kwamitin HestiaCP adminer.domain.comKunna Bari Mu Ƙirƙiri SSL don tabbatar da tsaro na watsawa.
3. Saita kariyar kalmar sirri ta Nginx
Ƙara mai zuwa zuwa fayil ɗin sanyi na Nginx don ƙaramin yanki:
location / {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
root /home/username/web/adminer.domain.com/public_html;
index index.php adminer.php;
}
Samar da fayil ɗin kalmar sirri:
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminuser
Lokacin da kake shiga Administrator, akwatin tattaunawa na kalmar sirri zai bayyana, kuma zaka iya shiga ne kawai ta hanyar shigar da sunan mai amfani da kalmar sirri da ta dace.
Sabunta fayilolin Mai Gudanarwa ta atomatik
Don guje wa haɗarin tsaro da ke da alaƙa da amfani da tsofaffin sigar, ana iya samun sabuntawa ta atomatik ta amfani da rubutun harsashi da ayyukan da aka tsara na Cron.
Sabunta misalin rubutun
#!/bin/bash
URL="https://www.adminer.org/latest.php"
TARGET="/home/username/web/adminer.domain.com/public_html/adminer.php"
wget -q -O "$TARGET" "$URL"
chown username:username "$TARGET"
chmod 644 "$TARGET"
Ajiye kamar yadda /usr/local/bin/update-adminer.shKuma ƙara aikin da aka tsara:
crontab -e
0 3 * * 1 /usr/local/bin/update-adminer.sh
Ta wannan hanyar, za a sabunta fayil ɗin Mai Gudanarwa ta atomatik kowace Litinin da ƙarfe 3 na safe.
Fail2Ban ya kai hari kan ƙarfin soja
Simple Basic Auth yana da sauƙin kamuwa da hare-haren ƙarfi, yayin da Fail2Ban zai iya toshe IPs masu cutarwa ta atomatik.
Tsarin matattara
takarda:/etc/fail2ban/filter.d/nginx-adminer.conf
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
Tsarin gidan yari (ƙarin tsawon lokacin haramcin)
takarda:/etc/fail2ban/jail.local
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
Tasiri: Haramcin farko na minti 10 ne, na biyu na minti 20, na uku na minti 40, da sauransu. Za a ci gaba da haramtawa masu kai hari na tsawon lokaci.
Cikakken rubutun tura da aka danna sau ɗaya
Ajiye kamar yadda /usr/local/bin/setup-fail2ban-adminer.sh:
#!/bin/bash
FILTER_PATH="/etc/fail2ban/filter.d/nginx-adminer.conf"
JAIL_PATH="/etc/fail2ban/jail.local"
cat > $FILTER_PATH << 'EOF'
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
EOF
cat >> $JAIL_PATH << 'EOF'
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
EOF
systemctl restart fail2ban
fail2ban-client status nginx-adminer
aiwatar:
sudo chmod +x /usr/local/bin/setup-fail2ban-adminer.sh
sudo /usr/local/bin/setup-fail2ban-adminer.sh
Kammalawa: Daidaita Tsaro da Inganci
Ina da yakinin cewa kayan aikin sarrafa bayanai ba wani abu bane da za ku iya barinwa a intanet na jama'a ku yi amfani da shi cikin kwanciyar hankali. Tsarin mai sauƙin amfani da mai gudanarwa yana da kyau, amma matakan tsaro dole ne su ci gaba da tafiya. Kare kalmar sirri shine layin farko na kariya, sabuntawa ta atomatik yana ba da kariya akai-akai, kuma Fail2Ban yana ba da matakan kariya masu wayo. Ta hanyar haɗa waɗannan abubuwa uku ne kawai za ku iya ƙirƙirar yanayin sarrafa bayanai wanda yake da inganci da aminci.
Babban malami ba wai kawai ya san yadda ake gina kayan aiki ba ne, amma wanda ya san yadda zai kare su.
Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ Labarin "HestiaCP Admin Installation: Security Automation Settings + Database Management Optimization" da aka raba a nan zai iya taimaka muku.
Barka da zuwa raba hanyar haɗin wannan labarin:https://www.chenweiliang.com/cwl-34018.html