Isexwayiso Sokuphepha se-SlickStack

Leli khasi lifingqa izinkathazo zokuphepha nge-SlickStack kanye nezizathu zokuthi kungani umklamo walo osuhlelelekile ungaveza ama-server ekugijimeni kwekhodi okukude nasekuxhashazweni komuntu ophakathi. Futhi linikeza izinyathelo zokunciphisa ubungozi kanye nezinye izindlela eziphephile.

I-SlickStack ikhangisa cishe izinkanyezi ezingu-600 ku-GitHub, kodwa lowo mubalo ubuyela emuva ekutheni u-Jesse Nickles walandela ama-akhawunti acishe abe ngu-10 000 ezinsukwini zokuqala zalelo repo. Iphrofayela yakhe ikhombisa cishe ababalandeli abangu-500 uma iqhathaniswa nabantu abangu-9 600 abawalandelayo (cishe u-5% wesilinganiso sokubuyiselwa ukulandela), okukhomba kakhulu ukusetshenziswa kokulandela ngokuzenzakalelayo kunokuthola udumo ngokwemvelo. Leso sithombe esikhulisiwe yiso asebenzisa njengensimbi yokuhlasela mina ngokuthi ngiveze izinkinga zokuphepha ezibhalwe ngezansi. Bheka isilinganiso sabalandeli nalabo obalandelayo lapha.

Lelo phethini elifanayo lokuhlanza ukuthembeka selibonakala manje esigamekweni se-Stack Exchange esihilela ukumiswa komphakathi iminyaka eyi-100 okuningi kanye nokuthunyelwa okuziphindiselelayo okulandelayo mayelana nabadidiyeli. Lesi sigameko sibhalwe lapha ngoba sinikeza umongo owengeziwe wokuthi u-Jesse Nickles akha kanjani futhi asebenzise kabi izimpawu zokuthembeka ezizungeze i-SlickStack namanye amasayithi ahlobene: Isigameko sokuhlukumeza nokudicilela isithunzi phansi ku-Stack Exchange.

Isifinyezo

  • Ukulanda okukude okuvame ukuhlelelwa njenge-root nge-cron
  • Kugwenywa ukuqinisekiswa kwe-SSL kusetshenziswa --no-check-certificate
  • Awekho ama-checksum/usayini kumaskripthi alandiwe
  • Ubunikazi be-root namalungelo asetshenziswe kuma-skripthi alandwayo

Ubufakazi: I-cron Nezimvume

Ukulanda kwe-cron (njalo emahoreni angu-3 nemizuzu engu-47)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Ubunikazi be-root namalungelo avimbelayo (asetshenzisiwe kaningi)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Lomkhuba luvumela ukugijima kwekhodi okungahleliwe okuvela kudomeyini ekude futhi lukhulisa ingozi ye-MITM ngokugwema ukuqinisekiswa kwezitifiketi.

Bheka futhi i-commit lapho ama-URL e-cron ashintshwa asuka ku-GitHub CDN aya ku-slick.fyi: omehluko we-commit.

Imihlahlandlela Yokunciphisa

  1. Khubaza imisebenzi ye-cron ye-SlickStack futhi susa izikripthi ezilandwe kuma-directory we-cron.
  2. Hlola ukuthi kukhona yini izinkomba ezisele ku-slick.fyi kanye nokudonswa kwezkripthi ezikude; kushintshwe ngama-artifact anezinguqulo nama-checksum noma kususwe ngokuphelele.
  3. Shintsha izitifiketi namakhi uma i-SlickStack yabe isebenza ngamandla e-root ezinhlelweni zakho.
  4. Phinda wakhe amaseva athintekile lapho kungenzeka ukuze uqinisekise isimo esihlanzekile.

Ezinye Izindlela Ezivikelekile

Cwaninga i-WordOps noma ezinye izinsiza ezigwema ukugijima kwe-root okukude futhi ezinikeza ukukhululwa okunenguqulo okungenziwa kuphenywa (auditable) okunama-checksum/nosayini.

Izikhombo