Saving debug log to /var/log/letsencrypt/letsencrypt.logEnter email address (used for urgent renewal and security notices)(Enter 'c' to cancel): admin@1stcache.com----------------------------------------Please read the Terms of Service athttps://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You mustagree in order to register with the ACME server. Do you agree?----------------------------------------(Y)es/(N)o: y ----------------------------------------Would you be willing, once your first certificate is successfully issued, toshare your email address with the Electronic Frontier Foundation, a foundingpartner of the Let's Encrypt project and the non-profit organization thatdevelops Certbot? We'd like to send you email about our work encrypting the web,EFF news, campaigns,and ways to support digital freedom.----------------------------------------(Y)es/(N)o: yAccount registered.Which names would you like to activate HTTPS for?We recommend selecting either all domains,or all domains in a VirtualHost/server block.----------------------------------------1: oss.1stcache.com----------------------------------------Select the appropriate numbers separated by commas and/or spaces,or leave inputblank to select all options shown (Enter 'c' to cancel):1Requesting a certificate for oss.1stcache.comSuccessfully received certificate.Certificate is saved at:/etc/letsencrypt/live/oss.1stcache.com/fullchain.pemKey is saved at:/etc/letsencrypt/live/oss.1stcache.com/privkey.pemThis certificate expires on2024-02-14.These files will be updated when the certificate renews.Certbot has set up a scheduled task to automatically renew this certificate in the background.Deploying certificateSuccessfully deployed certificate for oss.1stcache.com to /usr/local/nginx/conf/nginx.confCongratulations! You have successfully enabled HTTPS on https://oss.1stcache.com----------------------------------------If you like Certbot, please consider supporting our work by:* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -root@sweaty-balance:/usr/local/nginx#
# Update the list of available packages and their versions
apt update
# Install curl which is required to install Meilisearch in the next step
apt install curl -y
# Install Meilisearch latest version from the script
curl -L https://install.meilisearch.com | sh
In Linux environments, a is a process that can be launched when the operating system is booting and which will keep running in the background. One of its biggest advantages is making your program available at any moment. Even if some execution problems or crashes occur, the service will be restarted and your program will be run again.service
NOTE
If you are new to services and , you can learn more about the basics of Linux services systemdhere.
In Debian and other Linux distributions, allows you to create and manage your own custom services. In order to make sure that Meilisearch will always respond to your requests, you can build your own service. This way, you will ensure its availability in case of a crash or in case of system reboot. If any of these occur, will automatically restart Meilisearch.systemdsystemd
4.1. Create a service file
Service files are text files that tell your operating system how to run your program, and when. They live in the directory, and your system will load them at boot time. In this case, let’s use a very simple service file that will run Meilisearch on port ./etc/systemd/system7700
To run Meilisearch in a production environment, use the flag. Set a master key of at least 16 bytes using the option. When you launch an instance for the first time, Meilisearch creates two default API keys: Default Search API Key and Default Admin API Key. With the , you can control who can access or create new documents, indexes, or change the configuration.--env--master-keyDefault Admin API Key
Remember to choose a safe and random key and avoid exposing it in publicly accessible applications. You can change the master key with the following command:
# Set the service meilisearch
systemctl enable meilisearch
# Start the meilisearch service
systemctl start meilisearch
# Verify that the service is actually running
systemctl status meilisearch
砰砰��
-# --- Expected output ---
● meilisearch.service - MeiliSearch
Loaded: loaded (/etc/systemd/system/meilisearch.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-04-10 14:27:49 UTC; 1min 8s ago
Main PID: 14960 (meilisearch)
在大多数情况下,启用 SSL 时,您可能希望使用自己的域名(或子域)。您需要遵循的第一步是注册自己的域名并更改 DNS 记录。要使您的域名指向新安装的Meilisearch服务器,您只需添加一个指向用于连接到您自己的服务器的IP地址的指向即可。此过程简单快捷,但可能因每个域名提供商而异。因此,我们不会在本文中介绍该过程。A record
设置域名后,您就可以配置 SSL/TLS 并使用 HTTPS。您有两种不同的选择来实现此目标。第一个是使用塞特博特,一个惊人的,免费的,非常易于使用的工具。如果您已经为您的域名颁发了 SSL 证书,则第二个选项涵盖了您需要遵循的步骤。然后,您就可以在生产中安全地使用美利搜索了!Certificate Authority or CA
5.2.1. 选项 A:认证机器人
在Linux服务器中使用certbot非常简单。此工具将为您的域名生成免费的SSL / TLS证书,并自动处理其在服务器上的安装。certbot 文档包含许多操作系统和服务器的详细说明,但我们将按照以下说明进行操作Certbot on Debian with Nginx.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
# Create a directory /etc/ssl/example to store the certificate files
mkdir -p /etc/ssl/example
# Move your files to /etc/ssl/example. We will suppose that your
# files are called example.pem and example.key
mv path-to-your-files/example.pem /etc/ssl/example/
mv path-to-your-files/example.key /etc/ssl/example/
最后,我们创建一个新的 Nginx 配置文件,并重新启动守护进程和 Nginx 服务
请记住将两个字段中的域名替换为您自己的域名example.comserver_name
砰砰��
# Replace example.com in both `server_name` fields with your own domain name
cat << EOF > /etc/nginx/sites-enabled/meilisearch
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com;
return 301 https://\$server_name\$request_uri;
}
server {
server_name example.com;
location / {
proxy_pass http://localhost:7700;
}
listen [::]:443 ssl ipv6only=on;
listen 443 ssl;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
ssl_certificate /etc/ssl/example/example.pem;
ssl_certificate_key /etc/ssl/example/example.key;
}
EOF
systemctl restart nginx
您已按照主要步骤提供安全稳定的服务。您的 Meilisearch 实例应在安全的环境中启动并运行,并且即使在出现最常见问题时也能随时可用。此外,它受具有您自己的域名和 API 密钥的反向代理保护,因此您的数据和配置只能由受信任的客户端访问。与服务器的通信现已加密。此外,在以快速和自动的方式发送敏感数据之前,每次都会验证其身份。