Isalathiso senqaku
- 1 Kutheni ukhetha iAdminer endaweni yephpMyAdmin?
- 2 Amanyathelo okufaka uMlawuli kwiHestiaCP
- 3 Hlaziya ngokuzenzekelayo iifayile zoMlawuli
- 4 Uhlaselo oluchasene namandla oluchasene ne-brute lwe-Fail2Ban
- 5 Gqibezela iskripthi sokusasazwa ngokucofa kube kanye
- 6 Isiphelo: Ukulinganisela uKhuseleko kunye nokusebenza kakuhle
Mva nje I-HestiaCP Esi sikhokelo sipheleleyo sokufaka i-Adminer siquka ukufakwa kokucofa kube kanye, ukuqina kokhuseleko, kunye namanyathelo okumisela ngokuzenzekelayo. Sikufundisa inyathelo ngenyathelo indlela yokusebenzisa izixhobo zolawulo lwedatha kunye nokukhusela iseva yakho, okwenza kube lula kubaqalayo ukuqalisa ngokukhawuleza kunye nokusombulula iingxaki zokusebenza nokugcinwa kwe-HestiaCP + Administer.
Ukuba usasebenzisa izixhobo zolawulo lwedathabheyisi ngaphandle kokhuseleko, unika izitshixo kubaphangi.
Kutheni ukhetha iAdminer endaweni ye... phpMyAdmin?
I-Adminer inefayile enye ye-PHP engaphantsi kwe-1MB, nto leyo eyenza ukuthunyelwa kwayo kube lula kakhulu, kukhawuleze, kwaye kube luncedo kakhulu kwizixhobo.
Xa kuthelekiswa nolwakhiwo oluntsonkothileyo lwe-phpMyAdmin, i-Adminer ifaneleke ngakumbi kwi-VPS, iiwebhusayithi ezincinci, kunye neeprojekthi zobuqu.
Amanyathelo okufaka uMlawuli kwiHestiaCP
1. Khuphela ifayile yoMlawuli
Yiya e Iwebhusayithi Esemthethweni Yolawulo Khuphela inguqulelo yamva nje adminer.php,
Layisha ifayile kwi-HestiaCP website directory, umzekelo:
/home/username/web/adminer.domain.com/public_html/adminer.php
2. Yenza i-subdomain kwaye uvule i-SSL.
Yongeza i-subdomain kwiphaneli yeHestiaCP adminer.domain.comNika amandla i-Let's Encrypt SSL ukuqinisekisa ukudluliselwa okukhuselekileyo.
3. Lungiselela ukhuseleko lwephasiwedi yeNginx
Yongeza oku kulandelayo kwifayile yoqwalaselo lweNginx kwi-subdomain:
location / {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/.htpasswd;
root /home/username/web/adminer.domain.com/public_html;
index index.php adminer.php;
}
Yenza ifayile yegama lokugqitha:
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/nginx/.htpasswd adminuser
Xa ungena kwi-Administrator, ibhokisi yencoko yegama lokugqitha iya kuvela, kwaye ungangena kuphela ngokufaka igama lomsebenzisi negama lokugqitha elichanekileyo.
Hlaziya ngokuzenzekelayo iifayile zoMlawuli
Ukuze kuthintelwe iingozi zokhuseleko ezinxulumene nokusebenzisa iinguqulelo ezindala, uhlaziyo oluzenzekelayo lunokufezekiswa kusetyenziswa izikripthi zeshell kunye nemisebenzi ecwangcisiweyo yeCron.
Hlaziya umzekelo wesikripthi
#!/bin/bash
URL="https://www.adminer.org/latest.php"
TARGET="/home/username/web/adminer.domain.com/public_html/adminer.php"
wget -q -O "$TARGET" "$URL"
chown username:username "$TARGET"
chmod 644 "$TARGET"
Yigcine njenge /usr/local/bin/update-adminer.shKwaye yongeza umsebenzi ocwangcisiweyo:
crontab -e
0 3 * * 1 /usr/local/bin/update-adminer.sh
Ngale ndlela, ifayile yoMlawuli iya kuhlaziywa ngokuzenzekelayo rhoqo ngoMvulo ngentsimbi yesi-3 kusasa.
Fail2Nqanda uhlaselo oluchasene namandla angaqhelekanga
I-Simple Basic Auth isengozini yokuhlaselwa ngamandla e-brute, ngelixa i-Fail2Ban inokuvala ngokuzenzekelayo ii-IP ezinobungozi.
Uqwalaselo lwesihluzi
uxwebhu:/etc/fail2ban/filter.d/nginx-adminer.conf
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
Uqwalaselo lwejele (ubude bokuvalwa okongeziweyo)
uxwebhu:/etc/fail2ban/jail.local
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
Isiphumo: Isithintelo sokuqala semizuzu eli-10, esesibini semizuzu engama-20, esesithathu semizuzu engama-40, njalo njalo. Abahlaseli abaqhubekayo baya kuthintelwa ixesha elide ngakumbi.
Gqibezela iskripthi sokusasazwa ngokucofa kube kanye
Yigcine njenge /usr/local/bin/setup-fail2ban-adminer.sh:
#!/bin/bash
FILTER_PATH="/etc/fail2ban/filter.d/nginx-adminer.conf"
JAIL_PATH="/etc/fail2ban/jail.local"
cat > $FILTER_PATH << 'EOF'
[Definition]
failregex = ^<HOST> - .* "GET /adminer.php HTTP/.*" 401
ignoreregex =
EOF
cat >> $JAIL_PATH << 'EOF'
[nginx-adminer]
enabled = true
filter = nginx-adminer
port = http,https
logpath = /var/log/nginx/access.log
maxretry = 3
findtime = 600
bantime.increment = true
bantime.rndtime = 60
bantime.factor = 2
bantime = 600
EOF
systemctl restart fail2ban
fail2ban-client status nginx-adminer
sebenzisa:
sudo chmod +x /usr/local/bin/setup-fail2ban-adminer.sh
sudo /usr/local/bin/setup-fail2ban-adminer.sh
Isiphelo: Ukulinganisela uKhuseleko kunye nokusebenza kakuhle
Ndikholelwa ngokuqinileyo ukuba izixhobo zolawulo lwedathabheyisi aziyonto onokuzishiya nje kwi-intanethi kawonke-wonke uze uzisebenzise ngoxolo lwengqondo. Uyilo olukhaphukhaphu luka-Adminer luyathandeka, kodwa amanyathelo okhuseleko kufuneka ahambelane nesantya. Ukhuseleko lwegama eliyimfihlo luyindlela yokuqala yokuzikhusela, uhlaziyo oluzenzekelayo lubonelela ngokhuseleko oluqhubekayo, kwaye i-Fail2Ban inikezela ngamanyathelo okulwa akrelekrele. Kuphela ngokudibanisa ezi zinto zintathu apho ungadala khona imeko-bume yolawulo lwedathabheyisi esebenzayo nekhuselekileyo.
Inkosi yokwenene ayingomntu owazi nje kuphela indlela yokwakha izixhobo, kodwa ngumntu owaziyo indlela yokuzikhusela.
Ndiyathemba Chen Weiliang Blog ( https://www.chenweiliang.com/ Inqaku elithi "HestiaCP Admin Installation: Security Automation Settings + Database Management Optimization" elikwabelwana ngalo apha linokuba luncedo kuwe.
Wamkelekile ukwabelana ngekhonkco leli nqaku:https://www.chenweiliang.com/cwl-34018.html