{"id":589,"date":"2026-04-06T16:09:45","date_gmt":"2026-04-06T13:09:45","guid":{"rendered":"https:\/\/m4.ist\/index.php\/2026\/04\/06\/ev-sunucusu-ile-ev-sunucusu\/"},"modified":"2026-04-06T16:09:45","modified_gmt":"2026-04-06T13:09:45","slug":"ev-sunucusu-ile-ev-sunucusu","status":"publish","type":"post","link":"https:\/\/m4.ist\/index.php\/2026\/04\/06\/ev-sunucusu-ile-ev-sunucusu\/","title":{"rendered":"Ev Sunucusu ile: 2026 Pratik Rehber"},"content":{"rendered":"<h1>Ev Sunucusu ile Kendi Hosting Altyap\u0131n\u0131z\u0131 Kurun: WordPress, Mail Server ve DNS Y\u00f6netimi<\/h1>\n<div class=\"rankmath-manual-toc\" data-rankmath-toc=\"1\">\n<p>Ev Sunucusu ile odakli bu bolum, Icindekiler<\/p>\n<ul>\n<li><a href=\"#bolum-1\">Ev Sunucusu ile: Neden \u00d6nemli?<\/a><\/li>\n<li><a href=\"#bolum-2\">Gereksinimler<\/a><\/li>\n<li><a href=\"#bolum-3\">Donan\u0131m<\/a><\/li>\n<li><a href=\"#bolum-4\">Yaz\u0131l\u0131m<\/a><\/li>\n<li><a href=\"#bolum-5\">A\u011f<\/a><\/li>\n<li><a href=\"#bolum-6\">Rollback &amp; Backup<\/a><\/li>\n<li><a href=\"#bolum-7\">En \u0130yi Uygulamalar<\/a><\/li>\n<li><a href=\"#bolum-8\">Uygulama Ad\u0131mlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-9\">A\u011f Yap\u0131land\u0131rmas\u0131<\/a><\/li>\n<li><a href=\"#bolum-10\">BIND9 DNS Kurulumu ve Zone Dosyas\u0131<\/a><\/li>\n<li><a href=\"#bolum-11\">WordPress Kurulumu<\/a><\/li>\n<li><a href=\"#bolum-12\">E\u2011posta Sunucusu (Postfix + Dovecot)<\/a><\/li>\n<li><a href=\"#bolum-13\">SSL Entegrasyonu (Let\u2019s Encrypt)<\/a><\/li>\n<li><a href=\"#bolum-14\">Sorun Giderme &amp; Rollback<\/a><\/li>\n<li><a href=\"#bolum-15\">DNS TTL Gecikmesi<\/a><\/li>\n<li><a href=\"#bolum-16\">WordPress 500 Hatas\u0131<\/a><\/li>\n<li><a href=\"#bolum-17\">Mail Sunucusu Port \u00c7at\u0131\u015fmas\u0131<\/a><\/li>\n<li><a href=\"#bolum-18\">Yedek Alma ve Restore Ad\u0131mlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-19\">Rollback Stratejisi<\/a><\/li>\n<li><a href=\"#bolum-20\">Sistemsel G\u00fcncelleme Sorunlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-21\">Optimizasyon &amp; En \u0130yi Uygulamalar<\/a><\/li>\n<li><a href=\"#bolum-22\">Dosya \u0130zinleri ve SELinux \/ AppArmor<\/a><\/li>\n<li><a href=\"#bolum-23\">\u00d6nbellekleme (Redis, Varnish)<\/a><\/li>\n<li><a href=\"#bolum-24\">Log Rotasyonu ve \u0130zlenebilirlik<\/a><\/li>\n<li><a href=\"#bolum-25\">Least Privilege Uygulamas\u0131<\/a><\/li>\n<li><a href=\"#bolum-26\">Best\u2011Practice Kontrol Tablosu<\/a><\/li>\n<li><a href=\"#bolum-27\">Ger\u00e7ek \u00d6rnekler<\/a><\/li>\n<li><a href=\"#bolum-28\">Ki\u015fisel Blog ve Alt Domain<\/a><\/li>\n<li><a href=\"#bolum-29\">K\u00fc\u00e7\u00fck \u0130\u015fletme E\u2011Posta \u00c7\u00f6z\u00fcm\u00fc<\/a><\/li>\n<li><a href=\"#bolum-30\">Yedekleme Senaryosu (Snapshot + Backup)<\/a><\/li>\n<li><a href=\"#bolum-31\">Sonu\u00e7<\/a><\/li>\n<\/ul>\n<\/div>\n<p>\u0130\u00e7inde WordPress, e\u2011posta ve DNS\u2019i tek bir sunucuda bar\u0131nd\u0131rmak, veri kontrol\u00fcn\u00fc elinize al\u0131r. Sunucu donan\u0131m\u0131 ve yaz\u0131l\u0131m\u0131 kendi y\u00f6netin, yetkisiz eri\u015fimi azalt\u0131n.<\/p>\n<p>Bu rehber, \u00fc\u00e7 kritik bile\u015feni g\u00fcvenli bir bi\u00e7imde birle\u015ftirmeye odaklan\u0131r. Her ad\u0131m, en az ayr\u0131cal\u0131k, d\u00fczenli yedekleme ve izlenebilir loglamaya dayan\u0131r.<\/p>\n<p>Veri gizlili\u011fi, maliyet d\u00fc\u015f\u00fc\u015f\u00fc ve ger\u00e7ek\u2011zaman izleme, ev sunucusunun ana avantajlar\u0131d\u0131r. Bilgiyi elinizde tutmak, sald\u0131r\u0131 y\u00fczeyini k\u00fc\u00e7\u00fclt\u00fcr ve operasyonel \u00f6zerkli\u011fi art\u0131r\u0131r.<\/p>\n<p>\u015eimdi WordPress g\u00fcvenlik ayarlar\u0131ndan Postfix\/Dovecot kurulumuna ve BIND ile DNS yap\u0131land\u0131rmas\u0131na ad\u0131m ad\u0131m ge\u00e7elim. Her b\u00f6l\u00fcmde olas\u0131 hatalar\u0131 ve geri alma y\u00f6ntemlerini bulacaks\u0131n\u0131z.<\/p>\n<h2 id=\"bolum-1\">Ev Sunucusu ile: Neden \u00d6nemli?<\/h2>\n<p>Bulut sa\u011flay\u0131c\u0131lar\u0131n\u0131n otomatik g\u00fcncellemeleri ve veri saklama politikalar\u0131, kontrol\u00fc s\u0131n\u0131rlayabilir. Ev sunucusunda g\u00fcncellemeleri kendi h\u0131z\u0131n\u0131zda uygulayabilirsiniz.<\/p>\n<p>WordPress, mail ve DNS ayn\u0131 sunucuda \u00e7al\u0131\u015f\u0131rsa tek bir a\u00e7\u0131k t\u00fcm hizmetleri etkileyebilir. Yerel yap\u0131land\u0131rma, a\u00e7\u0131\u011f\u0131 izole etmenize ve h\u0131zl\u0131 bir rollback plan\u0131 olu\u015fturman\u0131za imkan verir.<\/p>\n<p>Veri kayb\u0131, sald\u0131r\u0131 sonras\u0131 ortaya \u00e7\u0131kabilir. Yedekleme prosed\u00fcrleri tamamen sizin sorumlulu\u011funuzdad\u0131r. \u015eifreli, s\u00fcr\u00fcm kontrol\u00fc ile yerinde saklama, kay\u0131p riskini azalt\u0131r.<\/p>\n<p>Bulut maliyetleri y\u0131ll\u0131k abonelik ve veri transfer \u00fccretleriyle artarken, ev sunucusunda sabit maliyetler bulunur. Enerji, ekipman \u00f6mr\u00fc ve bak\u0131m giderleri g\u00f6z \u00f6n\u00fcnde bulundurulmal\u0131.<\/p>\n<p>Log toplama, anormallik tespitini h\u0131zland\u0131r\u0131r. <code>syslog<\/code>, <code>journald<\/code> ve <code>auditd<\/code> ile tam izlenebilirlik sa\u011flan\u0131r. Bu loglar denetimde kan\u0131t olarak kullan\u0131l\u0131r.<\/p>\n<p>Least privilege, kullan\u0131c\u0131 ve servis hesaplar\u0131 i\u00e7in ayr\u0131, en az ayr\u0131cal\u0131kl\u0131 eri\u015fim seviyeleri belirler. \u00d6rne\u011fin, WordPress veritaban\u0131 yaln\u0131zca okuma\/yazma yetkisine sahip olmal\u0131.<\/p>\n<p>Rollback stratejileri, g\u00fcncelleme hatalar\u0131nda h\u0131zl\u0131 geri d\u00f6n\u00fc\u015f i\u00e7in kritiktir. Snapshot ve yedekleme ara\u00e7lar\u0131, 15 dakikal\u0131k kesintiden \u00f6nceki duruma d\u00f6nmeyi m\u00fcmk\u00fcn k\u0131lar.<\/p>\n<p>Ek olarak, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 izlemek i\u00e7in <code>OSSEC<\/code> veya <code>Wazuh<\/code> gibi host\u2011based IDS\u2019ler kurmak, sald\u0131r\u0131 an\u0131nda uyar\u0131 alman\u0131z\u0131 sa\u011flar. Bu ara\u00e7lar, sistem \u00e7a\u011fr\u0131lar\u0131n\u0131, kullan\u0131c\u0131 giri\u015flerini ve dosya de\u011fi\u015fikliklerini anl\u0131k izler.<\/p>\n<h2 id=\"bolum-2\">Gereksinimler<\/h2>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" alt=\"Gereksinimler\" loading=\"lazy\" src=\"https:\/\/m4.ist\/wp-content\/uploads\/2026\/04\/z-image-turbo_00070_.png\"\/><\/figure>\n<p>Kurulumdan \u00f6nce donan\u0131m, yaz\u0131l\u0131m ve a\u011f yap\u0131land\u0131rmas\u0131n\u0131 netle\u015ftirin.<\/p>\n<h3 id=\"bolum-3\">Donan\u0131m<\/h3>\n<p>En az 4 \u00e7ekirdekli CPU, 8\u202fGB RAM, 500\u202fGB SSD ve 1\u202fTB HDD \u00f6nerilir. UPS, ani kapanma riskini ortadan kald\u0131r\u0131r.<\/p>\n<table>\n<tbody>\n<tr>\n<th>Yeterli<\/th>\n<th>\u0130deal<\/th>\n<\/tr>\n<tr>\n<td>CPU: 2 \u00e7ekirdek, 2\u202fGHz<\/td>\n<td>CPU: 4 \u00e7ekirdek, 3\u202fGHz<\/td>\n<\/tr>\n<tr>\n<td>RAM: 4\u202fGB<\/td>\n<td>RAM: 8\u202fGB<\/td>\n<\/tr>\n<tr>\n<td>Depolama: 256\u202fGB SSD<\/td>\n<td>Depolama: 500\u202fGB SSD + 1\u202fTB HDD<\/td>\n<\/tr>\n<tr>\n<td>UPS: 500\u202fVA<\/td>\n<td>UPS: 1000\u202fVA, 2\u202fsaat \u00e7al\u0131\u015fma s\u00fcresi<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"bolum-4\">Yaz\u0131l\u0131m<\/h3>\n<p>Ubuntu 24.04 LTS, Docker Engine, BIND9, Postfix, Dovecot, MySQL, PHP\u2011FPM ve Cert\u2011bot temel bile\u015fenlerdir.<\/p>\n<p>\u00d6rnek <code>apt install<\/code>:<\/p>\n<pre>sudo apt update\nsudo apt install -y docker.io bind9 postfix dovecot-core dovecot-imapd dovecot-pop3d mysql-server php-fpm php-mysql certbot<\/pre>\n<p>Y\u00f6ntem kar\u015f\u0131la\u015ft\u0131rma tablosu: Docker vs. native paket y\u00f6netimi<\/p>\n<table>\n<tbody>\n<tr>\n<th>Y\u00f6ntem<\/th>\n<th>Avantajlar<\/th>\n<th>Dezavantajlar<\/th>\n<\/tr>\n<tr>\n<td>Docker<\/td>\n<td>H\u0131zl\u0131 kurulum, ba\u011f\u0131ms\u0131z konteynerler<\/td>\n<td>Ek kaynak t\u00fcketimi, snapshot y\u00f6netimi zor<\/td>\n<\/tr>\n<tr>\n<td>A\u011f Paketleri<\/td>\n<td>D\u00fc\u015f\u00fck kaynak, yerel y\u00f6netim<\/td>\n<td>Yeniden kurulum zaman al\u0131c\u0131<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"bolum-5\">A\u011f<\/h3>\n<p>Sabit IP, port y\u00f6nlendirme ve DNS yap\u0131land\u0131rmas\u0131 kritik. 80, 443, 25, 587, 143, 993 portlar\u0131n\u0131 y\u00f6nlendirin. BIND9 zone dosyas\u0131 \u00f6rne\u011fi:<\/p>\n<pre>$TTL 600\n@ IN SOA ns1.example.com. admin.example.com. (\n   2024040601 ; serial\n   604800     ; refresh\n   86400      ; retry\n   2419200    ; expire\n   604800 )   ; minimum\n\n@ IN NS ns1.example.com.\n@ IN A 203.0.113.10\nns1 IN A 203.0.113.10\nwww IN CNAME @\nmail IN A 203.0.113.10<\/pre>\n<h3 id=\"bolum-6\">Rollback &amp; Backup<\/h3>\n<p>Snapshot ile t\u00fcm sistem durumunu 15\u202fdakika i\u00e7inde geri d\u00f6nd\u00fcr\u00fcn. LVM veya Btrfs snapshotlar\u0131 kullan\u0131n. MySQL i\u00e7in <code>mysqldump<\/code>, WordPress dizini i\u00e7in <code>rsync<\/code> ile g\u00fcnl\u00fck yedek al\u0131n.<\/p>\n<p>Risk ve rollback noktas\u0131 tablosu:<\/p>\n<table>\n<tbody>\n<tr>\n<th>Risk<\/th>\n<th>Rollback Noktas\u0131<\/th>\n<th>Geri D\u00f6n\u00fc\u015f Y\u00f6ntemi<\/th>\n<\/tr>\n<tr>\n<td>WordPress G\u00fcncelleme Hatas\u0131<\/td>\n<td>WP-CLI ile <code>wp core update<\/code> \u00f6ncesi <code>wp db export<\/code><\/td>\n<td>Veritaban\u0131 yede\u011fi geri y\u00fckle<\/td>\n<\/tr>\n<tr>\n<td>Postfix Yap\u0131land\u0131rma De\u011fi\u015fikli\u011fi<\/td>\n<td>Configuration directory snapshot<\/td>\n<td>Snapshot\u2019\u0131 <code>btrfs restore<\/code> ile geri y\u00fckle<\/td>\n<\/tr>\n<tr>\n<td>DNS Zone G\u00fcncelleme<\/td>\n<td>Zone dosyas\u0131 snapshot<\/td>\n<td>\u0130lk haliyle yeniden y\u00fckle<\/td>\n<\/tr>\n<tr>\n<td>Sistemsel G\u00fcncelleme<\/td>\n<td>\u0130lk snapshot<\/td>\n<td>Rollback i\u00e7in <code>systemctl reboot<\/code> ile snapshot\u2019dan ba\u015fla<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"bolum-7\">En \u0130yi Uygulamalar<\/h3>\n<ul>\n<li>Least privilege: Her servis kendi kullan\u0131c\u0131 hesab\u0131yla \u00e7al\u0131\u015fmal\u0131.<\/li>\n<li>Loglama: <code>journald<\/code>, <code>syslog-ng<\/code> ve <code>auditd<\/code> ile tam izlenebilirlik.<\/li>\n<li>SSL\/TLS: Let\u2019s Encrypt ile otomatik yenileme.<\/li>\n<li>Port g\u00fcvenli\u011fi: <code>ufw<\/code> ile sadece gerekli portlar\u0131 a\u00e7\u0131n.<\/li>\n<\/ul>\n<h2 id=\"bolum-8\">Uygulama Ad\u0131mlar\u0131<\/h2>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" alt=\"Uygulama Ad\u0131mlar\u0131\" loading=\"lazy\" src=\"https:\/\/m4.ist\/wp-content\/uploads\/2026\/04\/z-image-turbo_00071_.png\"\/><\/figure>\n<h3 id=\"bolum-9\">A\u011f Yap\u0131land\u0131rmas\u0131<\/h3>\n<ul>\n<li>Sunucuya sabit IP atay\u0131n. \u00d6rne\u011fin <code>203.0.113.10<\/code>.<\/li>\n<li>Y\u00f6nlendiricide 80, 443, 25, 587, 143, 993 portlar\u0131n\u0131 <code>203.0.113.10<\/code> IP\u2019ine y\u00f6nlendirin.<\/li>\n<li>UFW ile sadece gerekli portlar\u0131 a\u00e7\u0131n: <code>ufw allow 80,443,25,587,143,993\/tcp<\/code>.<\/li>\n<li>DNS i\u00e7in TTL\u2019i 600 saniye alt\u0131na d\u00fc\u015f\u00fcr\u00fcn; h\u0131zl\u0131 de\u011fi\u015fiklik i\u00e7in kritik.<\/li>\n<li>Firewall\u2019da <code>ufw deny 22\/tcp<\/code> ile SSH\u2019ye sadece yetkili IP\u2019lerden eri\u015fim izni verin.<\/li>\n<\/ul>\n<h3 id=\"bolum-10\">BIND9 DNS Kurulumu ve Zone Dosyas\u0131<\/h3>\n<ul>\n<li><code>apt-get install bind9 bind9utils bind9-doc<\/code><\/li>\n<li>Zone dosyas\u0131n\u0131 <code>\/etc\/bind\/db.example.com<\/code> i\u00e7inde olu\u015fturun:\n<pre>$TTL 600\n@ IN SOA ns1.example.com. admin.example.com. (\n    2024040601 ; serial\n    604800 ; refresh\n    86400 ; retry\n    2419200 ; expire\n    604800 ) ; minimum\n@ IN NS ns1.example.com.\n@ IN A 203.0.113.10\nns1 IN A 203.0.113.10\nwww IN CNAME @\nmail IN A 203.0.113.10<\/pre>\n<\/li>\n<li>BIND\u2019in <code>\/etc\/bind\/named.conf.local<\/code> dosyas\u0131na zone\u2019\u0131 ekleyin:\n<pre>zone \"example.com\" IN {\n    type master;\n    file \"\/etc\/bind\/db.example.com\";\n};<\/pre>\n<\/li>\n<li>Servisi yeniden ba\u015flat\u0131n: <code>systemctl restart bind9<\/code>.<\/li>\n<li>DNS sorgular\u0131n\u0131 <code>dig @203.0.113.10 mail.example.com<\/code> ile test edin.<\/li>\n<\/ul>\n<h3 id=\"bolum-11\">WordPress Kurulumu<\/h3>\n<ul>\n<li>MySQL kuruluysa veri taban\u0131 olu\u015fturun: <code>mysql -u root -p -e \"CREATE DATABASE wordpress; CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'root_pass'; GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost'; FLUSH PRIVILEGES;\"<\/code><\/li>\n<li>Web dizini <code>\/var\/www\/html<\/code> olarak ayarlay\u0131n ve yetkileri s\u0131n\u0131rland\u0131r\u0131n: <code>chown -R www-data:www-data \/var\/www\/html<\/code>.<\/li>\n<li>WP-CLI ile kurulumu tamamlay\u0131n:\n<pre>wp core download --path=\/var\/www\/html\nwp config create --path=\/var\/www\/html --dbname=wordpress --dbuser=wpuser --dbpass=root_pass --dbhost=localhost\nwp core install --path=\/var\/www\/html --url=\"https:\/\/example.com\" --title=\"Ev Sunucusu\" --admin_user=\"admin\" --admin_password=\"admin_pass\" --admin_email=\"admin@example.com\"<\/pre>\n<\/li>\n<li>Apache yap\u0131land\u0131rma dosyas\u0131 <code>\/etc\/apache2\/sites-available\/ev-sunucu.conf<\/code>:\n<pre>&lt;VirtualHost *:80&gt;\n    ServerName example.com\n    ServerAlias www.example.com\n    DocumentRoot \/var\/www\/html\n    Redirect permanent \/ https:\/\/example.com\/\n&lt;\/VirtualHost&gt;\n\n&lt;VirtualHost *:443&gt;\n    ServerName example.com\n    ServerAlias www.example.com\n    DocumentRoot \/var\/www\/html\n    SSLEngine on\n    SSLCertificateFile \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/example.com\/privkey.pem\n&lt;\/VirtualHost&gt;<\/pre>\n<\/li>\n<li>Site\u2019i etkinle\u015ftirin: <code>a2ensite ev-sunucu<\/code>, <code>systemctl reload apache2<\/code>.<\/li>\n<li>WordPress\u2019in dosya izinlerini 644\/755 olarak kurun: <code>find \/var\/www\/html -type d -exec chmod 755 {} \\;<\/code>, <code>find \/var\/www\/html -type f -exec chmod 644 {} \\;<\/code>.<\/li>\n<\/ul>\n<h3 id=\"bolum-12\">E\u2011posta Sunucusu (Postfix + Dovecot)<\/h3>\n<ul>\n<li>Postfix kurun: <code>apt-get install postfix<\/code>. \u201cInternet Site\u201d se\u00e7in ve <code>example.com<\/code> girin.<\/li>\n<li>Postfix yap\u0131land\u0131rmas\u0131 <code>\/etc\/postfix\/main.cf<\/code>:<\/li>\n<\/ul>\n<pre>myhostname = mail.example.com\nmydestination = $myhostname, example.com, localhost.$mydomain, localhost\ninet_interfaces = all\ninet_protocols = all\nmyorigin = \/etc\/mailname\nsmtpd_tls_cert_file = \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\nsmtpd_tls_key_file = \/etc\/letsencrypt\/live\/example.com\/privkey.pem\nsmtpd_use_tls = yes\nsmtpd_tls_security_level = encrypt\nsmtpd_tls_auth_only = yes\nsmtpd_tls_ciphers = high\nsmtpd_tls_protocols = TLSv1.2, TLSv1.3\nsmtpd_tls_exclude_ciphers = ALL-EXP, RC4, DES, MD5, SHA1, SSLv2, SSLv3\nsmtpd_tls_cert_file = \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\nsmtpd_tls_key_file = \/etc\/letsencrypt\/live\/example.com\/privkey.pem\nsmtpd_tls_session_cache_database = btree:${data_directory}\/smtpd_scache<\/pre>\n<li>Dovecot kurun: <code>apt-get install dovecot-core dovecot-imapd dovecot-pop3d<\/code>.<\/li>\n<li>Dovecot yap\u0131land\u0131rmas\u0131 <code>\/etc\/dovecot\/dovecot.conf<\/code>:<\/li>\n<pre>protocols = imap pop3 lmtp\nssl = required\nssl_cert = \n<li>Postfix ve Dovecot\u2019\u0131 yeniden ba\u015flat\u0131n: <code>systemctl restart postfix dovecot<\/code>.<\/li>\n\n<h3 id=\"bolum-13\">SSL Entegrasyonu (Let\u2019s Encrypt)<\/h3>\n<ul>\n<li>Certbot kurun: <code>apt-get install certbot python3-certbot-apache python3-certbot-dovecot<\/code>.<\/li>\n<li>Do\u011frulama ve sertifika al\u0131m\u0131: <pre>certbot certonly --apache -d example.com -d www.example.com -d mail.example.com<\/pre>\n<\/li>\n<li>Postfix ve Dovecot dosyalar\u0131n\u0131 otomatik yenileme i\u00e7in <code>\/etc\/letsencrypt\/renewal-hooks\/deploy<\/code> i\u00e7inde script ekleyin:\n<pre>#!\/bin\/bash\nsystemctl reload postfix\nsystemctl reload dovecot<\/pre>\n<\/li>\n<li>Sertifika s\u00fcresini kontrol edin: <code>certbot certificates<\/code>.<\/li>\n<\/ul>\n<h2 id=\"bolum-14\">Sorun Giderme &amp; Rollback<\/h2>\n<h3 id=\"bolum-15\">DNS TTL Gecikmesi<\/h3>\n<p>TTL de\u011feri d\u00fc\u015f\u00fckse de\u011fi\u015fiklikler hemen uygulanmaz. Ad\u0131m 1: <code>\/etc\/hosts<\/code> dosyas\u0131nda ge\u00e7ici IP y\u00f6nlendirme ekleyin. Ad\u0131m 2: DNS sunucusunda TTL\u2019i 60 saniyeye d\u00fc\u015f\u00fcr\u00fcn. Ad\u0131m 3: <code>dig @dns.example.com mail.example.com +trace<\/code> ile kontrol edin. Ad\u0131m 4: TTL\u2019i 3600 saniyeye y\u00fckseltin.<\/p>\n<h3 id=\"bolum-16\">WordPress 500 Hatas\u0131<\/h3>\n<p>500 hatas\u0131 dosya izinleri eksikse veya tema hatas\u0131 varsa ortaya \u00e7\u0131kar. \u0130zinleri kontrol edin: wp-content 755, dosyalar 644; wp-config.php 600. Ad\u0131m 1: <code>.htaccess<\/code> dosyas\u0131n\u0131 yedekleyin. Ad\u0131m 2: WordPress\u2019i varsay\u0131lan temaya ge\u00e7in. Ad\u0131m 3: eklenti say\u0131s\u0131n\u0131 s\u0131f\u0131rla. Ad\u0131m 4: <code>php.ini<\/code>\u2019de <code>memory_limit<\/code>i art\u0131r\u0131n. Ad\u0131m 5: loglar\u0131 <code>\/var\/log\/apache2\/error.log<\/code>\u2019da inceleyin.<\/p>\n<h3 id=\"bolum-17\">Mail Sunucusu Port \u00c7at\u0131\u015fmas\u0131<\/h3>\n<p>Postfix ve Dovecot genelde 25, 143 ve 587 portlar\u0131n\u0131 kullan\u0131r. Ayn\u0131 port ba\u015fka servis taraf\u0131ndan \u00e7al\u0131\u015f\u0131yorsa \u00e7at\u0131\u015fma olur. Ad\u0131m 1: <code>netstat -tuln<\/code> ile port kullan\u0131m\u0131n\u0131 kontrol edin. Ad\u0131m 2: \u00c7ak\u0131\u015fan servisi durdurun: <code>systemctl stop apache2<\/code>. Ad\u0131m 3: Postfix\u2019i yeniden ba\u015flat\u0131n: <code>systemctl restart postfix<\/code>. Ad\u0131m 4: Dovecot portunu <code>\/etc\/dovecot\/dovecot.conf<\/code>\u2019da 993\u2019e ta\u015f\u0131y\u0131n. Ad\u0131m 5: SSL sertifikas\u0131n\u0131 yeniden y\u00fckleyin.<\/p>\n<h3 id=\"bolum-18\">Yedek Alma ve Restore Ad\u0131mlar\u0131<\/h3>\n<p>Ad\u0131m 1: MySQL yedekleme: <code>mysqldump -u root -p --all-databases &gt; all.sql<\/code>. Ad\u0131m 2: Dosya sistem yede\u011fi: <code>rsync -avz \/var\/www\/html \/backup\/html<\/code>. Ad\u0131m 3: Postfix ve Dovecot yap\u0131land\u0131rmalar\u0131n\u0131 <code> \/etc\/backup\/<\/code> dizinine kopyalay\u0131n.<\/p>\n<p>Restore i\u00e7in:<\/p>\n<ol>\n<li>MySQL yede\u011fini y\u00fckleyin: <code>mysql -u root -p &lt; all.sql<\/code>.<\/li>\n<li>Dosya sistemini geri y\u00fckleyin: <code>rsync -avz \/backup\/html \/var\/www\/html<\/code>.<\/li>\n<li>Postfix\/Dovecot yap\u0131land\u0131rmalar\u0131n\u0131 geri ta\u015f\u0131y\u0131n ve servisleri yeniden ba\u015flat\u0131n.<\/li>\n<li>SSL sertifikas\u0131n\u0131 certbot ile yeniden ba\u015flat\u0131n: <code>certbot renew --deploy-hook \"systemctl reload postfix dovecot\"<\/code>.<\/li>\n<\/ol>\n<h3 id=\"bolum-19\">Rollback Stratejisi<\/h3>\n<p>Yedek al\u0131m\u0131, de\u011fi\u015fiklik \u00f6ncesi kritik. Her g\u00fcncellemeden \u00f6nce tam yedek al\u0131n. Gerekirse snapshot ile anl\u0131k geri d\u00f6n\u00fc\u015f yap\u0131labilir. Rollback plan\u0131 s\u00fcr\u00fcm kontrol sisteminde saklanmal\u0131.<\/p>\n<h3 id=\"bolum-20\">Sistemsel G\u00fcncelleme Sorunlar\u0131<\/h3>\n<p>Ubuntu 24.04 LTS\u2019de <code>apt upgrade<\/code> sonras\u0131 kernel de\u011fi\u015fikli\u011fi, grub yap\u0131land\u0131rmas\u0131n\u0131 g\u00fcnceller. Sorun ya\u015farsan\u0131z, <code>GRUB_TIMEOUT=0<\/code> ekleyerek do\u011frudan k\u00f6k \u00e7ekirde\u011fe atlay\u0131n. Yedek grub dosyas\u0131: <code>cp \/boot\/grub\/grub.cfg \/boot\/grub\/grub.cfg.bak<\/code>.<\/p>\n<h2 id=\"bolum-21\">Optimizasyon &amp; En \u0130yi Uygulamalar<\/h2>\n<h3 id=\"bolum-22\">Dosya \u0130zinleri ve SELinux \/ AppArmor<\/h3>\n<p>Web k\u00f6k dizini ve e\u2011posta klas\u00f6rleri i\u00e7in 644 dosya, 755 klas\u00f6r izinleri belirleyin. Sahipli\u011fi <code>www-data<\/code> kullan\u0131c\u0131s\u0131na verin. SELinux aktifse <code>httpd_can_network_connect<\/code> ve <code>httpd_enable_homedirs<\/code> booleanlar\u0131n\u0131 <code>setsebool -P<\/code> ile a\u00e7\u0131n. AppArmor i\u00e7in <code>\/etc\/apparmor.d\/apache2<\/code> i\u00e7inde <code>\/var\/www\/html\/** r,<\/code> ve <code>owner<\/code> izinlerini kontrol edin.<\/p>\n<h3 id=\"bolum-23\">\u00d6nbellekleme (Redis, Varnish)<\/h3>\n<p>Redis\u2019i yaln\u0131zca localhost \u00fczerinden eri\u015fime a\u00e7\u0131n (<code>bind 127.0.0.1<\/code>), <code>requirepass<\/code> ile \u015fifreleme yap\u0131n ve <code>save \"\"<\/code> ile kal\u0131c\u0131 saklama devre d\u0131\u015f\u0131 b\u0131rak\u0131n. Varnish\u2019i 80 portunda dinleyip, <code>backend default { .host = \"127.0.0.1\"; .port = \"8080\"; }<\/code> ile Apache\u2019e y\u00f6nlendirin. <code>Cache-control<\/code> ba\u015fl\u0131klar\u0131n\u0131 <code>Cache-Control: max-age=300, public<\/code> olarak ayarlayarak 5 dakikal\u0131k \u00f6nbellek s\u00fcresi elde edin.<\/p>\n<h3 id=\"bolum-24\">Log Rotasyonu ve \u0130zlenebilirlik<\/h3>\n<p>Her servis i\u00e7in <code>\/etc\/logrotate.d\/<\/code> i\u00e7inde g\u00fcnl\u00fck log dosyalar\u0131n\u0131 7 g\u00fcn saklay\u0131n, s\u0131k\u0131\u015ft\u0131r\u0131n ve <code>rotate 7<\/code> ile eski loglar\u0131 silin. <code>logrotate<\/code> \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda <code>systemctl reload<\/code> komutuyla servislere log yeniden a\u00e7\u0131lmas\u0131n\u0131 bildirin. <code>syslog-ng<\/code> ile merkezi log toplay\u0131c\u0131ya y\u00f6nlendirme ekleyerek izlenebilirli\u011fi art\u0131r\u0131n.<\/p>\n<h3 id=\"bolum-25\">Least Privilege Uygulamas\u0131<\/h3>\n<p>Apache, Postfix, Dovecot ve Redis\u2019i root de\u011fil, kendi kullan\u0131c\u0131lar\u0131 alt\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131n. <code>sudoers<\/code> dosyas\u0131nda sadece gerekli komutlara izin verin: \u00f6rn. <code>www-data ALL=(ALL) NOPASSWD:\/usr\/sbin\/apache2ctl<\/code>. Dosya ve dizin eri\u015fimlerini <code>chmod<\/code> ile minimum seviyeye indirin; gereksiz <code>777<\/code> izinlerinden ka\u00e7\u0131n\u0131n.<\/p>\n<h3 id=\"bolum-26\">Best\u2011Practice Kontrol Tablosu<\/h3>\n<table>\n<tbody>\n<tr>\n<th>Alan<\/th>\n<th>Do\u011frulama<\/th>\n<\/tr>\n<tr>\n<td>Dosya \u0130zinleri<\/td>\n<td>644 \/ 755, www-data sahibi<\/td>\n<\/tr>\n<tr>\n<td>SELinux Booleanlar<\/td>\n<td>httpd_can_network_connect, httpd_enable_homedirs<\/td>\n<\/tr>\n<tr>\n<td>Redis Konfig\u00fcrasyonu<\/td>\n<td>bind 127.0.0.1, requirepass, save \"\"<\/td>\n<\/tr>\n<tr>\n<td>Varnish Backend<\/td>\n<td>localhost:8080, Cache\u2011Control 300s<\/td>\n<\/tr>\n<tr>\n<td>Log Rotasyonu<\/td>\n<td>rotate 7, compress, postrotate reload<\/td>\n<\/tr>\n<tr>\n<td>Least Privilege<\/td>\n<td>Root olmayan kullan\u0131c\u0131lar, sudoers NOPASSWD<\/td>\n<\/tr>\n<tr>\n<td>G\u00fcnl\u00fck Log \u0130zleme<\/td>\n<td>syslog-ng + SIEM entegrasyonu<\/td>\n<\/tr>\n<tr>\n<td>SSL Sertifikas\u0131 Yenileme<\/td>\n<td>Certbot otomatik deploy hook<\/td>\n<\/tr>\n<tr>\n<td>Snapshot Otomasyonu<\/td>\n<td>crontab: 0 2 * * * btrfs subvolume snapshot \/ \/srv\/backup\/root_$(date +%F)<\/td>\n<\/tr>\n<tr>\n<td>Veri Yedekleme<\/td>\n<td>mysqldump + rsync periyotluk<\/td>\n<\/tr>\n<tr>\n<td>Port G\u00fcvenli\u011fi<\/td>\n<td>ufw deny 22\/tcp, izin verilen IP listesi<\/td>\n<\/tr>\n<tr>\n<td>Uygulama G\u00fcncelleme<\/td>\n<td>WP-CLI update \u00f6nce yedek, rollback test<\/td>\n<\/tr>\n<tr>\n<td>Sunucu G\u00fcncelleme<\/td>\n<td>GRUB backup, kernel rollback<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"bolum-27\">Ger\u00e7ek \u00d6rnekler<\/h2>\n<h3 id=\"bolum-28\">Ki\u015fisel Blog ve Alt Domain<\/h3>\n<p>WordPress\u2019i <code>blog.mydomain.com<\/code> alt domainine kurarak ana web sunucusundan izole bir ortam yarat\u0131n. <code>virtualhost<\/code> dosyas\u0131nda <code>DocumentRoot \/srv\/blog<\/code> ve <code>ServerName blog.mydomain.com<\/code> ayarlar\u0131n\u0131 yap\u0131n. SSL i\u00e7in Let\u2019s Encrypt sertifikas\u0131, <code>postfix<\/code> ve <code>dovecot<\/code> ile ayn\u0131 subdomain \u00fczerinden e\u2011posta g\u00f6nderimini etkinle\u015ftirin. Loglar\u0131 <code>\/srv\/blog\/logs<\/code> i\u00e7ine y\u00f6nlendirin ve <code>logrotate<\/code> ile 30 g\u00fcn saklay\u0131n.<\/p>\n<h3 id=\"bolum-29\">K\u00fc\u00e7\u00fck \u0130\u015fletme E\u2011Posta \u00c7\u00f6z\u00fcm\u00fc<\/h3>\n<p>\u0130\u015fletme alan ad\u0131 <code>company.com<\/code> i\u00e7in <code>mail.company.com<\/code> subdomaini olu\u015fturun. Postfix\u2019in <code>myhostname<\/code> alan\u0131n\u0131 bu subdomain olarak ayarlay\u0131n, <code>smtpd_tls_security_level=may<\/code> ile \u015fifreli ba\u011flant\u0131 zorunlu edin. Dovecot\u2019da <code>mail_location<\/code> olarak <code>maildir:\/srv\/mail\/%d\/%n<\/code> yap\u0131land\u0131r\u0131n. Kullan\u0131c\u0131 dizinlerini <code>700<\/code> izinleriyle k\u0131s\u0131tlay\u0131n, <code>postfix<\/code> ve <code>dovecot<\/code> servislerini ayr\u0131 kullan\u0131c\u0131lar alt\u0131nda \u00e7al\u0131\u015ft\u0131r\u0131n.<\/p>\n<h3 id=\"bolum-30\">Yedekleme Senaryosu (Snapshot + Backup)<\/h3>\n<p>Sunucu snapshot\u2019\u0131 i\u00e7in <code>btrfs subvolume snapshot \/ \/srv\/backup\/root_$(date +%F)<\/code> komutunu kullan\u0131n. Veri taban\u0131 yedeklemesi i\u00e7in <code>mysqldump --single-transaction --quick --lock-tables=false --databases wpdb &gt; \/srv\/backup\/db_$(date +%F).sql<\/code>. \u00d6zel dosya yedekleri i\u00e7in <code>rsync -avz \/srv\/blog\/ \/srv\/backup\/blog_$(date +%F)\/<\/code>. Snapshot ve dosya yedeklerini haftal\u0131k olarak <code>cron<\/code> \u00fczerinden <code>daily_backup.sh<\/code> scriptiyle otomatikle\u015ftirin. Geri y\u00fckleme s\u0131ras\u0131nda \u00f6nce snapshot\u2019\u0131 <code>btrfs restore<\/code>, ard\u0131ndan <code>mysqldump<\/code> restore dosyas\u0131n\u0131 <code>mysql<\/code> ile geri y\u00fckleyin.<\/p>\n<h2 id=\"bolum-31\">Sonu\u00e7<\/h2>\n<p>Ev sunucusu kurmak, g\u00fcvenlik, dayan\u0131kl\u0131l\u0131k ve performans\u0131n birle\u015fti\u011fi bir ekosistem olu\u015fturur. En az ayr\u0131cal\u0131k ile servisleri \u00e7al\u0131\u015ft\u0131r\u0131n; dosya izinlerini 700, kullan\u0131c\u0131 dizinlerini 700 olarak ayarlay\u0131n. G\u00fcnl\u00fck loglar\u0131 <code>\/srv\/blog\/logs<\/code> konumuna y\u00f6nlendirin ve logrotate ile 30\u2011g\u00fcnl\u00fck d\u00f6ng\u00fc sa\u011flay\u0131n. Snapshot + mysqldump + rsync kombinasyonu ile haftal\u0131k cron otomasyonu olu\u015fturun. TLS zorunlu olmal\u0131, sertifika Let's Encrypt \u00fczerinden otomatik yenilenmeli ve SMTP\/IMAP i\u00e7in g\u00fcvenli ba\u011flant\u0131 tercih edilmeli.<\/p>\n<p>\u0130leri ad\u0131mlar i\u00e7in; <a href=\"\/ev-sunucusu-ile-kendi-hosting-altyap-n-kur-wordpress-mail-server-ve-dns-y-netimi-rehberi\">Kurulum rehberi<\/a>, <a href=\"\/ev-sunucusu-ile-kendi-hosting-altyap-n-kur-wordpress-mail-server-ve-dns-y-netimi-sorun-giderme\">Sorun giderme<\/a>, <a href=\"\/ev-sunucusu-ile-kendi-hosting-altyap-n-kur-wordpress-mail-server-ve-dns-y-netimi-guvenlik-notlari\">G\u00fcvenlik notlar\u0131<\/a> ve <a href=\"https:\/\/developer.wordpress.org\/advanced-administration\/security\/hardening\/\" target=\"_blank\" rel=\"noopener\">WordPress Hardening<\/a> belgelerini derinlemesine inceleyin. Monit veya Prometheus + Grafana ile servis izlenebilirli\u011fi ekleyin.<\/p>\n<p>Son kontrol listesi:<\/p>\n<ul>\n<li>Postfix ve Dovecot ayr\u0131 kullan\u0131c\u0131larla \u00e7al\u0131\u015f\u0131yor mu?<\/li>\n<li>MySQL yede\u011fi g\u00fcnl\u00fck olarak al\u0131n\u0131yor ve restore senaryosu test edildi mi?<\/li>\n<li>Logrotates 30 g\u00fcn saklan\u0131yor, eski loglar ar\u015fivleniyor mu?<\/li>\n<li>TLS sertifikas\u0131 otomatik yenileniyor ve sertifika s\u00fcresi kritik bir a\u015famaya gelmeden uyar\u0131 g\u00f6nderiliyor mu?<\/li>\n<li>Btrfs snapshot g\u00fcnl\u00fck otomasyonuyla saklan\u0131yor ve restore ad\u0131mlar\u0131 belgelendi mi?<\/li>\n<li>Dosya izinleri ve grup\/owner rolleri en az ayr\u0131cal\u0131k ilkesine uygun mu?<\/li>\n<li>Ana alarm ve e\u2011posta bildirimleri yap\u0131land\u0131r\u0131ld\u0131 m\u0131?<\/li>\n<li>Yedek dosyalar\u0131 g\u00fcvenli bir harici ortamda saklan\u0131yor mu?<\/li>\n<\/ul>\n<p>Bu ad\u0131mlar\u0131 tamamlad\u0131\u011f\u0131n\u0131zda ev sunucusu ortam\u0131 g\u00fcvenli, izlenebilir ve s\u00fcrd\u00fcr\u00fclebilir bir sistem haline gelir. Operasyonel disiplin ve d\u00fczenli kontrollerle kritik hizmetlerin s\u00fcreklili\u011fini sa\u011flar.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ev Sunucusu ile Kendi hosting altyap\u0131n\u0131z\u0131 kurarak WordPress, e\u2011posta ve DNS y\u00f6netimini ad\u0131m ad\u0131m, g\u00fcvenli ve \u00f6l\u00e7eklenebilir bir \u015fekilde yap\u0131n. ve geli\u015fmi\u015f g\u00fcven<\/p>\n","protected":false},"author":1,"featured_media":585,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"Ev Sunucusu ile: 2026 Pratik Rehber","rank_math_description":"Ev Sunucusu ile Kendi hosting altyap\u0131n\u0131z\u0131 kurarak WordPress, e\u2011posta ve DNS y\u00f6netimini ad\u0131m ad\u0131m, g\u00fcvenli ve \u00f6l\u00e7eklenebilir bir \u015fekilde yap\u0131n. ve geli\u015fmi\u015f g\u00fcven","rank_math_focus_keyword":"Ev Sunucusu ile","footnotes":""},"categories":[217],"tags":[220,141,218,178,219,85],"class_list":["post-589","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ev-sunucusu-ile-kendi-hosting-altyapisi","tag-dns-yonetimi","tag-ev-sunucusu","tag-ev-sunucusu-ile-kendi","tag-homelab","tag-mail-server","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts\/589","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/comments?post=589"}],"version-history":[{"count":0,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts\/589\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/media\/585"}],"wp:attachment":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/media?parent=589"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/categories?post=589"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/tags?post=589"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}