內容簡介
這個套件提供了下載應用程式日誌檔案、傾印和下載資料庫的 API。它還包含身分驗證中介軟體,可保護 API 路由。
Centinel API 設計與 Centinel 結合使用——這是一個集中式應用程式管理系統,用於外部資料庫備份和應用程式日誌檢查。
需求
PHP 5.6 +
WordPress 4.4 +
使用方式
建議只在使用 HTTPS 的網站上使用此外掛程式!
安裝外掛程式後,進入 WordPress 管理區域的 設定 > Centinel API 設定 。從那裡,將 privateKey、encryptionKey 和 routePrefix 複製到 Centinel,然後您就可以安排應用程式日誌檢查和資料庫備份。
設定
私密金鑰 - 用於身分驗證的隨機字串
加密金鑰 - 用於額外的安全層的隨機字串
路由前綴 - 在 API 路由前面加上的隨機字串
日誌路由啟用 - 如果不希望將日誌發送到 Centinel,請停用
資料庫路由啟用 - 如果不希望將資料庫備份發送到 Centinel,請停用
停用時間基礎授權 - 如果您的伺服器和 Centinel 的日期時間不同步,會導致請求時間不符或太多 API 呼叫的錯誤,請勾選此選項
壓縮密碼 - 在壓縮資料庫備份時使用的密碼。請確保保存壓縮密碼,可在伺服器崩潰時還原您的資料庫
傾印資料夾 - 創建資料庫備份的資料夾。所有資料庫備份(包括此資料夾)都會在發送到 Centinel 後刪除
MySQL 設定 - 各種資料庫備份選項
所有 MySQL 設定皆為選擇性。如果您在 Windows 上進行開發(例如 WAMP),您可能希望將您的傾印二進制路徑 設置為類似'C:\ Progra~1 \wamp\bin\mysql\mysql5.7.18\bin'的內容。
對於 PHP 5.6,某些 MySQL 設定將被忽略。有關詳細信息,請參閱 Spatie DB Dumper v1.5.1
有關如何使用傾印選項的詳細信息,請參閱安裝的套件版本。對於 PHP 7,版本為Spatie DB Dumper v2.9
API 路由
[POST] /{routePrefix}/create-log
[POST] /{routePrefix}/download-log
[POST] /{routePrefix}/dump-database
[POST] /{routePrefix}/download-database
更多詳細信息請查看/app/Controllers/CentinelApiApiController.php 控制器。
應用程式日誌檔案
預設情況下,WordPress 不會將任何錯誤寫入日誌檔案。要更改此設定,您可以打開wp-config.php並設置以下選項:
define(‘WP_DEBUG’, true);
define(‘WP_DEBUG_LOG’, true);
define(‘WP_DEBUG_DISPLAY’, false);
您可以在WordPress 文檔中了解有關這些選項的更多信息。
資料庫備份
外掛標籤
開發者團隊
原文外掛簡介
This package provides API for downloading the application log file, and dumping and downloading the database. It ships with authentication middleware which protects the API routes.
Centinel API is designed to work in combination with Centinel – centralized application management system for off-site database backups and application log checks.
Requirements
PHP 5.6+
WordPress 4.4+
Usage
It’s highly recommended to use this plugin only on websites that use HTTPS!
After installing the plugin, go to Settings > Centinel API Settings in your WordPress Admin zone. From there, copy privateKey, encryptionKey and routePrefix to Centinel, and you’re ready to schedule your application log checks and database backups.
Settings
Private Key – random string, used for authentication
Encryption Key – random string, used for additional security layer
Route Prefix – random string, prefixing the API routes
Log Routes Enabled – disable if you do not wish to send logs to Centinel
Database Routes Enabled – disable if you do not wish to send database dumps to Centinel
Disable Time Based Authorization – check this option in case of your server’s and Centinel’s datetime being out of sync which results in Request time mismatch or Too many API calls error
Zip Password – password used when zipping the database dump. Make sure to save the Zip Password so you can restore your database in case of server crash
Dump Folder – folder where the database dumps are going to be created. All database dumps, along with this folder, are always deleted after being sent to Centinel.
MySQL Settings – various database dump options
All MySQL settings are optional. If you’re developing on Windows (WAMP, for example), you may want to set your Dump Binary Path to something like 'C:\Progra~1\wamp\bin\mysql\mysql5.7.18\bin'.
Some MySQL settings will be ignored for PHP 5.6. For more details check Spatie DB Dumper v1.5.1
For details on how to use the dump options check the installed version of the package. For PHP 7 that will be Spatie DB Dumper v2.9
API Routes
[POST] /{routePrefix}/create-log
[POST] /{routePrefix}/download-log
[POST] /{routePrefix}/dump-database
[POST] /{routePrefix}/download-database
For more details check /app/Controllers/CentinelApiApiController.php controller.
Application Logs
By default, WordPress does not write any errors to the log file. To change this, you can open up wp-config.php and set the following options:
define(‘WP_DEBUG’, true);
define(‘WP_DEBUG_LOG’, true);
define(‘WP_DEBUG_DISPLAY’, false);
You can read more about these options in WordPress documentation
Database Backups
Spatie DB Dumper is used to make database dumps. MySQL is supported, and requires mysqldump utility.
Centinel API will try to zip and password protect database dumps before sending them to Centinel. In case you’re using PHP 7.2+, it will use PHP’s native ZipArchive class to zip and encrypt the database. Otherwise, it will look for 7-Zip and Zip libraries to do so. If no option is available, dumps will be sent without being zipped and password protected.
Run Check Zip Availability in Centinel API Settings to see which library is available on your server. Note that Zip encryption algorithm is much less secure than that of ZipArchive and 7-Zip. Ultimately it is up to you to decide which level of security is satisfactory. You can always opt out of backing up your database by disabling database backups in Centinel, and additionally, unchecking Database Routes Enabled in the settings.
Authentication
For details check /app/Middleware/CentinelApiAuthorizeRequest.php middleware.
License
WordPress Centinel API is open-sourced software licensed under the MIT license.
