Ịwụnye Onye Nchịkwa na HestiaCP: Ntọala Nchekwa Akpaaka + Nhazi Njikwa Data

Nke kacha ọhụrụ HestiaCP Nduzi zuru oke a maka itinye Adminer gụnyere ntinye otu pịa, ime ka nchekwa sie ike, na usoro nhazi akpaaka. Ọ na-akụziri gị otu nzọụkwụ otu esi etinye ngwaọrụ njikwa nchekwa data ma chebe sava gị, na-eme ka ọ dịrị ndị mbido mfe ịmalite ngwa ngwa ma dozie ihe mgbu nke ọrụ na mmezi HestiaCP + Adminer.

Ọ bụrụ na ị ka na-eji ngwaọrụ njikwa nchekwa data na-enweghị nchebe ọ bụla, ị na-enye ndị na-agba ọsọ igodo ahụ.

Gịnị mere ị ga-eji họrọ onye nchịkwa kama... phpmyadmin?

Onye nchịkwa nwere otu faịlụ PHP nke na-erughị 1MB, nke na-eme ka ntinye ya dị mfe, ngwa ngwa, ma dị irè maka akụrụngwa.

Ma e jiri ya tụnyere usoro mgbagwoju anya nke phpMyAdmin, Adminer dabara adaba maka VPS, obere weebụsaịtị, na ọrụ nkeonwe.

Ịwụnye Onye Nchịkwa na HestiaCP: Ntọala Nchekwa Akpaaka + Nhazi Njikwa Data

Nzọụkwụ iji wụnye Onye nchịkwa na HestiaCP

1. Budata faịlụ onye nchịkwa

Gaa na Weebụsaịtị gọọmentị nke onye nchịkwa Budata ụdị kachasị ọhụrụ adminer.php.

Bulite faịlụ ahụ na ndekọ weebụsaịtị HestiaCP, dịka ọmụmaatụ:

/home/username/web/adminer.domain.com/public_html/adminer.php

2. Mepụta subdomain ma mee ka SSL rụọ ọrụ.

Tinye otu subdomain na HestiaCP panel adminer.domain.comMee ka anyị zoo SSL iji hụ na nnyefe dị nchebe.

3. Hazie nchedo paswọọdụ Nginx

Tinye ihe ndị a na faịlụ nhazi Nginx maka subdomain:

location / {
    auth_basic "Restricted Area";
    auth_basic_user_file /etc/nginx/.htpasswd;

    root /home/username/web/adminer.domain.com/public_html;
    index index.php adminer.php;
}

Mepụta faịlụ paswọọdụ:

sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminuser

Mgbe ị na-abanye na onye nchịkwa, igbe mkparịta ụka paswọọdụ ga-apụta, ị ga-abanye naanị site na itinye aha njirimara na paswọọdụ ziri ezi.

Melite faịlụ Onye nchịkwa na akpaghị aka

Iji zere ihe egwu nchekwa metụtara iji ụdị ochie, enwere ike imelite mmelite akpaka site na iji edemede shei na ọrụ Cron akwadoro.

Melite ihe atụ edemede

#!/bin/bash
URL="https://www.adminer.org/latest.php"
TARGET="/home/username/web/adminer.domain.com/public_html/adminer.php"

wget -q -O "$TARGET" "$URL"
chown username:username "$TARGET"
chmod 644 "$TARGET"

Chekwaa dị ka /usr/local/bin/update-adminer.shMa tinye ọrụ a haziri ahazi:

crontab -e
0 3 * * 1 /usr/local/bin/update-adminer.sh

N'ụzọ dị otu a, a ga-emelite faịlụ onye nchịkwa na akpaghị aka kwa Mọnde na elekere atọ nke ụtụtụ.

FaiMwakpo mgbochi ike ọjọọ l2Ban

Simple Basic Auth nwere ike ịdaba na mwakpo brute-force, ebe Fail2Ban nwere ike igbochi IP ọjọọ na akpaghị aka.

Nhazi nzacha

akwụkwọ:/etc/fail2ban/filter.d/nginx-adminer.conf

[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =

Nhazi ụlọ mkpọrọ (oge mmachibido iwu na-abawanye)

akwụkwọ:/etc/fail2ban/jail.local

[nginx-adminer]
enabled  = true
filter   = nginx-adminer
port     = http,https
logpath  = /var/log/nginx/access.log
maxretry = 3
findtime = 600

bantime.increment = true
bantime.rndtime   = 60
bantime.factor    = 2
bantime           = 600

Mmetụta: Mmachibido iwu mbụ bụ nkeji iri, nke abụọ maka nkeji iri abụọ, nke atọ maka nkeji iri anọ, wdg. A ga-amachibido ndị na-awakpo ndị na-aga n'ihu ruo ogologo oge.

Ederede ntinye zuru oke otu pịa

Chekwaa dị ka /usr/local/bin/setup-fail2ban-adminer.sh:

#!/bin/bash
FILTER_PATH="/etc/fail2ban/filter.d/nginx-adminer.conf"
JAIL_PATH="/etc/fail2ban/jail.local"

cat > $FILTER_PATH << 'EOF'
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
EOF

cat >> $JAIL_PATH << 'EOF'

[nginx-adminer]
enabled  = true
filter   = nginx-adminer
port     = http,https
logpath  = /var/log/nginx/access.log
maxretry = 3
findtime = 600

bantime.increment = true
bantime.rndtime   = 60
bantime.factor    = 2
bantime           = 600
EOF

systemctl restart fail2ban
fail2ban-client status nginx-adminer

执行:

sudo chmod +x /usr/local/bin/setup-fail2ban-adminer.sh
sudo /usr/local/bin/setup-fail2ban-adminer.sh

Mmechi: Ịhazi Nchekwa na Arụmọrụ

Ekwenyere m nke ọma na ngwaọrụ njikwa nchekwa data abụghị ihe ị nwere ike ịhapụ na ịntanetị ọha ma jiri ya n'udo. Nhazi dị mfe nke onye nchịkwa na-adọrọ adọrọ, mana usoro nchekwa ga-anọgide na-aga n'ihu. Nchedo paswọọdụ bụ ụzọ mbụ nke nchekwa, mmelite akpaka na-enye nchebe na-aga n'ihu, Fail2Ban na-enyekwa usoro mgbochi amamihe. Naanị site na ijikọta ihe atọ ndị a ka ị ga-esi mepụta gburugburu njikwa nchekwa data nke dị irè ma dịkwa nchebe.

Ezigbo onye nwe ụlọ abụghị onye maara naanị otu esi arụ ngwaọrụ, kama ọ bụ onye maara otu esi echebe ha.

Hope Chen Weiliang Blog ( https://www.chenweiliang.com/ Isiokwu a kpọrọ "HestiaCP Admin Installation: Security Automation Settings + Database Management Optimization" nke e kesara ebe a nwere ike inyere gị aka.

Nnọọ ka ị kesaa njikọ nke akụkọ a:https://www.chenweiliang.com/cwl-34018.html

Iji kpọghee aghụghọ zoro ezo🔑, nabata isonye na ọwa Telegram anyị!

Pịa ebe a iji sonyere ọwa Telegram

Kekọrịta na-amasị ma ọ bụrụ na-amasị gị! Oke na mmasị gị bụ mkpali anyị na-aga n'ihu!

 

评论

Agaghị ebipụta adreesị ozi-e gị. Achọrọ ubi na-eji * Label

Pịgharịa gaa na n'elu