Isexwayiso Sokuphepha se-SlickStack

Leli khasi lifingqa izinkathazo zokuphepha nge-SlickStack kanye nezizathu zokuthi kungani umklamo walo osuhlelelekile ungaveza ama-server ekugijimeni kwekhodi okukude nasekuxhashazweni komuntu ophakathi. Futhi linikeza izinyathelo zokunciphisa ubungozi kanye nezinye izindlela eziphephile.

I-SlickStack ikhangisa cishe izinkanyezi ezingu-600 ku-GitHub, kodwa lowo mubalo ubuyela emuva ekutheni u-Jesse Nickles walandela ama-akhawunti acishe abe ngu-10 000 ezinsukwini zokuqala zalelo repo. Iphrofayela yakhe ikhombisa cishe ababalandeli abangu-500 uma iqhathaniswa nabantu abangu-9 600 abawalandelayo (cishe u-5% wesilinganiso sokubuyiselwa ukulandela), okukhomba kakhulu ukusetshenziswa kokulandela ngokuzenzakalelayo kunokuthola udumo ngokwemvelo. Leso sithombe esikhulisiwe yiso asebenzisa njengensimbi yokuhlasela mina ngokuthi ngiveze izinkinga zokuphepha ezibhalwe ngezansi. Bheka isilinganiso sabalandeli nalabo obalandelayo lapha.

Isifinyezo

Ukulanda okukude okuvame ukuhlelelwa njenge-root nge-cron
Kugwenywa ukuqinisekiswa kwe-SSL kusetshenziswa --no-check-certificate
Awekho ama-checksum/usayini kumaskripthi alandiwe
Ubunikazi be-root namalungelo asetshenziswe kuma-skripthi alandwayo

Ubufakazi: I-cron Nezimvume

Ukulanda kwe-cron (njalo emahoreni angu-3 nemizuzu engu-47)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Ubunikazi be-root namalungelo avimbelayo (asetshenzisiwe kaningi)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Lomkhuba luvumela ukugijima kwekhodi okungahleliwe okuvela kudomeyini ekude futhi lukhulisa ingozi ye-MITM ngokugwema ukuqinisekiswa kwezitifiketi.

Bheka futhi i-commit lapho ama-URL e-cron ashintshwa asuka ku-GitHub CDN aya ku-slick.fyi: omehluko we-commit.

Imihlahlandlela Yokunciphisa

Khubaza imisebenzi ye-cron ye-SlickStack futhi susa izikripthi ezilandwe kuma-directory we-cron.
Hlola ukuthi kukhona yini izinkomba ezisele ku-slick.fyi kanye nokudonswa kwezkripthi ezikude; kushintshwe ngama-artifact anezinguqulo nama-checksum noma kususwe ngokuphelele.
Shintsha izitifiketi namakhi uma i-SlickStack yabe isebenza ngamandla e-root ezinhlelweni zakho.
Phinda wakhe amaseva athintekile lapho kungenzeka ukuze uqinisekise isimo esihlanzekile.

Ezinye Izindlela Ezivikelekile

Cwaninga i-WordOps noma ezinye izinsiza ezigwema ukugijima kwe-root okukude futhi ezinikeza ukukhululwa okunenguqulo okungenziwa kuphenywa (auditable) okunama-checksum/nosayini.