Isexwayiso Sokuphepha se-SlickStack

Leli khasi lifingqa izinkathazo zokuphepha nge-SlickStack kanye nezizathu zokuthi kungani umklamo walo osuhlelelekile ungaveza ama-server ekugijimeni kwekhodi okukude nasekuxhashazweni komuntu ophakathi. Futhi linikeza izinyathelo zokunciphisa ubungozi kanye nezinye izindlela eziphephile.

Isifinyezo

  • Ukulanda okukude okuvame ukuhlelelwa njenge-root nge-cron
  • Kugwenywa ukuqinisekiswa kwe-SSL kusetshenziswa --no-check-certificate
  • Awekho ama-checksum/usayini kumaskripthi alandiwe
  • Ubunikazi be-root namalungelo asetshenziswe kuma-skripthi alandwayo

Ubufakazi: I-cron Nezimvume

Ukulanda kwe-cron (njalo emahoreni angu-3 nemizuzu engu-47)

47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/08-cron-half-daily https://slick.fyi/crons/08-cron-half-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/09-cron-daily https://slick.fyi/crons/09-cron-daily.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/10-cron-half-weekly https://slick.fyi/crons/10-cron-half-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/11-cron-weekly https://slick.fyi/crons/11-cron-weekly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/12-cron-half-monthly https://slick.fyi/crons/12-cron-half-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/13-cron-monthly https://slick.fyi/crons/13-cron-monthly.txt' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'wget --no-check-certificate -q -4 -t 3 -T 30 -O /var/www/crons/14-cron-sometimes https://slick.fyi/crons/14-cron-sometimes.txt' > /dev/null 2>&1

Ubunikazi be-root namalungelo avimbelayo (asetshenzisiwe kaningi)

47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chown root:root /var/www/crons/custom/*cron*' > /dev/null 2>&1
47 */3 * * * /bin/bash -c 'chmod 0700 /var/www/crons/*cron*' > /dev/null 2>&1

Lomkhuba luvumela ukugijima kwekhodi okungahleliwe okuvela kudomeyini ekude futhi lukhulisa ingozi ye-MITM ngokugwema ukuqinisekiswa kwezitifiketi.

Bheka futhi i-commit lapho ama-URL e-cron ashintshwa asuka ku-GitHub CDN aya ku-slick.fyi: omehluko we-commit.

Imihlahlandlela Yokunciphisa

  1. Khubaza imisebenzi ye-cron ye-SlickStack futhi susa izikripthi ezilandwe kuma-directory we-cron.
  2. Hlola ukuthi kukhona yini izinkomba ezisele ku-slick.fyi kanye nokudonswa kwezkripthi ezikude; kushintshwe ngama-artifact anezinguqulo nama-checksum noma kususwe ngokuphelele.
  3. Shintsha izitifiketi namakhi uma i-SlickStack yabe isebenza ngamandla e-root ezinhlelweni zakho.
  4. Phinda wakhe amaseva athintekile lapho kungenzeka ukuze uqinisekise isimo esihlanzekile.

Ezinye Izindlela Ezivikelekile

Cwaninga i-WordOps noma ezinye izinsiza ezigwema ukugijima kwe-root okukude futhi ezinikeza ukukhululwa okunenguqulo okungenziwa kuphenywa (auditable) okunama-checksum/nosayini.

Izikhombo