{"id":594,"date":"2026-04-07T08:59:10","date_gmt":"2026-04-07T05:59:10","guid":{"rendered":"https:\/\/m4.ist\/index.php\/2026\/04\/07\/kendi-hosting-altyapn-kendi-hosting\/"},"modified":"2026-04-07T08:59:10","modified_gmt":"2026-04-07T05:59:10","slug":"kendi-hosting-altyapn-kendi-hosting","status":"publish","type":"post","link":"https:\/\/m4.ist\/index.php\/2026\/04\/07\/kendi-hosting-altyapn-kendi-hosting\/","title":{"rendered":"Kendi Hosting Altyap\u0131n\u0131: 2026 Pratik Rehber"},"content":{"rendered":"<h1>Kendi Hosting Altyap\u0131s\u0131n\u0131 Evde Kurmak: DNS, Reverse Proxy, T\u00fcnel ve \u0130zleme Sistemiyle Tam Mimari<\/h1>\n<div class=\"rankmath-manual-toc\" data-rankmath-toc=\"1\">\n<p>Kendi Hosting Altyap\u0131n\u0131 odakli bu bolum, Icindekiler<\/p>\n<ul>\n<li><a href=\"#bolum-1\">Kendi Hosting Altyap\u0131n\u0131: 1. Kapsam Tan\u0131m\u0131: DNS, Reverse Proxy, T\u00fcnel ve \u0130zleme<\/a><\/li>\n<li><a href=\"#bolum-2\">DNS: Y\u00f6nlendirme Temeli<\/a><\/li>\n<li><a href=\"#bolum-3\">Reverse Proxy: Alt Alan Y\u00f6nlendirmesi<\/a><\/li>\n<li><a href=\"#bolum-4\">VPN T\u00fcnelleri: G\u00fcvenli Eri\u015fim<\/a><\/li>\n<li><a href=\"#bolum-5\">\u0130zleme: Prometheus &amp; Grafana<\/a><\/li>\n<li><a href=\"#bolum-6\">2. Reverse Proxy ile Alt Alan Y\u00f6nlendirme: Pratik \u00d6rnekler<\/a><\/li>\n<li><a href=\"#bolum-7\">Nginx ile \u00c7oklu Alt Alan Y\u00f6nlendirme<\/a><\/li>\n<li><a href=\"#bolum-8\">Caddyfile ile Otomatik Let&#8217;s Encrypt Entegrasyonu<\/a><\/li>\n<li><a href=\"#bolum-9\">Traefik ile Dinamik Konfig\u00fcrasyon<\/a><\/li>\n<li><a href=\"#bolum-10\">Canl\u0131 Test ve \u0130zleme Ad\u0131mlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-11\">3. VPN T\u00fcnelleri ve G\u00fcvenlik: \u00d6rnek Senaryolar<\/a><\/li>\n<li><a href=\"#bolum-12\">WireGuard Kurulum Ad\u0131mlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-13\">OpenVPN vs WireGuard Kar\u015f\u0131la\u015ft\u0131rmas\u0131<\/a><\/li>\n<li><a href=\"#bolum-14\">Eri\u015fim Kontrol\u00fc ve ACL<\/a><\/li>\n<li><a href=\"#bolum-15\">IPsec ve Y\u00f6nlendirme<\/a><\/li>\n<li><a href=\"#bolum-16\">4. \u0130zleme ve Loglama: Operat\u00f6r\u00fcn G\u00f6z\u00fc<\/a><\/li>\n<li><a href=\"#bolum-17\">Prometheus ile Metric Toplama<\/a><\/li>\n<li><a href=\"#bolum-18\">Grafana ile Dashboard Olu\u015fturma<\/a><\/li>\n<li><a href=\"#bolum-19\">ELK Stack ile Log Toplama<\/a><\/li>\n<li><a href=\"#bolum-20\">Alertmanager ile Bildirim Ayarlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-21\">Rollback ve Log Ar\u015fivleme<\/a><\/li>\n<li><a href=\"#bolum-22\">5. Yayg\u0131n Hatalar ve Risk Y\u00f6netimi<\/a><\/li>\n<li><a href=\"#bolum-23\">Zay\u0131f TLS Yap\u0131land\u0131rmas\u0131<\/a><\/li>\n<li><a href=\"#bolum-24\">Yanl\u0131\u015f ACL ile A\u00e7ma<\/a><\/li>\n<li><a href=\"#bolum-25\">Eksik Log Rotasyonu<\/a><\/li>\n<li><a href=\"#bolum-26\">Y\u00fcksek TTL\u2019li DNS Cache Sorunlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-27\">Yedekleme Eksikli\u011fi<\/a><\/li>\n<li><a href=\"#bolum-28\">6. \u00d6zet ve H\u0131zl\u0131 Hat\u0131rlatma<\/a><\/li>\n<li><a href=\"#bolum-29\">G\u00fcvenlik Kontrol Listesi<\/a><\/li>\n<li><a href=\"#bolum-30\">Kaynak Ba\u011flant\u0131lar\u0131<\/a><\/li>\n<li><a href=\"#bolum-31\">\u0130zleme &amp; Bak\u0131m D\u00f6ng\u00fcs\u00fc<\/a><\/li>\n<li><a href=\"#bolum-32\">S\u0131k\u00e7a Sorulan Sorular<\/a><\/li>\n<li><a href=\"#bolum-33\">Evde hosting kurarken reverse proxy se\u00e7erken hangi kriterleri g\u00f6z \u00f6n\u00fcnde bulundurmal\u0131y\u0131m?<\/a><\/li>\n<li><a href=\"#bolum-34\">DNS kay\u0131tlar\u0131n\u0131 tek bir IP \u00fczerinden y\u00f6nlendirmek riskli midir?<\/a><\/li>\n<li><a href=\"#bolum-35\">T\u00fcnel (SSH) ile veri ak\u0131\u015f\u0131n\u0131 korurken performans\u0131 nas\u0131l optimize ederim?<\/a><\/li>\n<li><a href=\"#bolum-36\">\u0130zleme sistemi kurarken loglar\u0131 merkezi olarak toplamak i\u00e7in hangi ara\u00e7 \u00f6nerirsiniz?<\/a><\/li>\n<li><a href=\"#bolum-37\">Sonu\u00e7<\/a><\/li>\n<\/ul>\n<\/div>\n<p>Kendi Hosting Altyap\u0131n\u0131, bu rehberin merkezindeki konu olarak ilk adimdan itibaren net sekilde ele alinir. Evde hosting, kendi altyap\u0131n\u0131z\u0131 kontrol ederek tam ba\u011f\u0131ms\u0131zl\u0131k sa\u011flar. Sunucunuzun donan\u0131m\u0131n\u0131 ve yaz\u0131l\u0131m\u0131n\u0131 istedi\u011finiz gibi yap\u0131land\u0131rabilirsiniz. Bu \u00f6zelle\u015ftirilebilirlik, projelerinizin gereksinimlerine uyacak \u00e7\u00f6z\u00fcmler \u00fcretmenizi m\u00fcmk\u00fcn k\u0131lar. Maliyet kontrol\u00fc, lisans \u00fccretleri ve bulut sa\u011flay\u0131c\u0131lar\u0131n\u0131n d\u00f6nen faturalara son verir.<\/p>\n<p>Ek baglam icin <a href=\"\/kendi-hosting-altyap-n-evde-kurmak-dns-reverse-proxy-t-nel-ve-i-zleme-sistemiyle-tam-mimari-rehberi\">kendi hosting altyap n evde kurmak dns reverse proxy t nel v<\/a> ve <a href=\"https:\/\/blog.vps.com.tr\/web-hostingde-reverse-proxy-ile-alt-alan-yonetimi\/\" target=\"_blank\" rel=\"noopener\">web hostingde reverse proxy ile alt alan yonetimi<\/a> baglantilarina bakabilirsiniz.<\/p>\n<p>\u0130\u00e7inde \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131z veri, \u00fc\u00e7\u00fcnc\u00fc taraf sunucularda depolanmayan yerel ortamda kal\u0131r. Gizlilik a\u00e7\u0131s\u0131ndan, kullan\u0131c\u0131 bilgilerinin nerede sakland\u0131\u011f\u0131n\u0131 tamamen siz belirleyirsiniz. Veri g\u00fcvenli\u011fi, fiziksel eri\u015fimle s\u0131n\u0131rl\u0131 oldu\u011fu i\u00e7in sald\u0131r\u0131 y\u00fczeyini azalt\u0131r. Ayr\u0131ca, a\u011f g\u00fcvenli\u011fini IP filtreleme, VPN ve g\u00fc\u00e7l\u00fc kimlik do\u011frulama ile y\u00fckseltebilirsiniz.<\/p>\n<p>\u00d6\u011frenme f\u0131rsatlar\u0131, ger\u00e7ek d\u00fcnya senaryolar\u0131nda sistem y\u00f6netimi ve a\u011f konfig\u00fcrasyonunu deneyimlemenizi sa\u011flar. Kendi hosting altyap\u0131s\u0131, DevOps, scripting ve otomasyon becerilerinizi peki\u015ftirmek i\u00e7in idealdir. Ekipler i\u00e7in merkezi bir y\u00f6netim noktas\u0131 sunar, uzak eri\u015fim ve bak\u0131m planlar\u0131 olu\u015fturman\u0131z\u0131 kolayla\u015ft\u0131r\u0131r. Ayr\u0131ca, a\u011f altyap\u0131s\u0131ndaki de\u011fi\u015fiklikleri an\u0131nda izleyebilir ve gerekti\u011finde m\u00fcdahale edebilirsiniz.<\/p>\n<p>Evrensel g\u00fcvenlik duvar\u0131 kurallar\u0131 ve loglama, olaylara h\u0131zl\u0131 tepki vermeyi m\u00fcmk\u00fcn k\u0131lar. Evde sunucu kurmak, s\u00fcrekli g\u00fcncelleme ve yedekleme sorumlulu\u011funu da beraberinde getirir. Ancak do\u011fru planlama ile bu sorumluluk, kontrol ve \u00f6\u011frenme hedeflerinizi destekler. Yedekleme stratejisi, RAID yap\u0131land\u0131rmas\u0131 ve bulut kopyalama kombinasyonuyla veri kayb\u0131n\u0131 \u00f6nler.<\/p>\n<p>D\u00fc\u015f\u00fck gecikme s\u00fcresi, kullan\u0131c\u0131 deneyimini do\u011frudan etkileyen kritik bir fakt\u00f6rd\u00fcr. Kendi altyap\u0131n\u0131zda, CDN entegrasyonunu veya CDN&#8217;yi tamamen atlayarak do\u011frudan ba\u011flant\u0131 kurabilirsiniz. T\u00fcm bu avantajlar, \u00f6zellikle hassas veri i\u015fleyen veya y\u00fcksek eri\u015filebilirlik gerektiren projeler i\u00e7in ge\u00e7erlidir. Sonu\u00e7 olarak, evde hosting, esneklik, maliyet, gizlilik ve \u00f6\u011frenme a\u00e7\u0131s\u0131ndan g\u00fc\u00e7l\u00fc bir se\u00e7enektir.<\/p>\n<h2 id=\"bolum-1\">Kendi Hosting Altyap\u0131n\u0131: 1. Kapsam Tan\u0131m\u0131: DNS, Reverse Proxy, T\u00fcnel ve \u0130zleme<\/h2>\n<h3 id=\"bolum-2\">DNS: Y\u00f6nlendirme Temeli<\/h3>\n<p>DNS, evdeki sunucuya gelen istekleri IP\u2019ye \u00e7evirir. \u0130lk ad\u0131m olarak ISP\u2019nin sa\u011flad\u0131\u011f\u0131 DNS\u2019i \u201c8.8.8.8\u201d gibi g\u00fcvenilir bir sunucuya y\u00f6nlendirerek \u00e7\u00f6z\u00fcm h\u0131z\u0131 art\u0131r\u0131l\u0131r. Ev a\u011f\u0131nda <code>\/etc\/resolv.conf<\/code> dosyas\u0131na \u201cnameserver 8.8.8.8\u201d eklenir.<\/p>\n<p>Alan ad\u0131n\u0131z\u0131 sat\u0131n ald\u0131ktan sonra, kay\u0131t panelinde A kayd\u0131 ekleyin. Bu kayda evinizin dinamik IP yerine DDNS hizmetiyle ba\u011flanan statik alan ad\u0131n\u0131 (\u00f6r. <code>home.example.com<\/code>) girin. B\u00f6ylece ev d\u0131\u015f\u0131ndan gelen istekler do\u011fru sunucuya y\u00f6nlendirilir.<\/p>\n<h3 id=\"bolum-3\">Reverse Proxy: Alt Alan Y\u00f6nlendirmesi<\/h3>\n<p>NGINX ya da Caddy, gelen istekleri portlara g\u00f6re da\u011f\u0131tarak tek IP \u00fczerinden birden fazla hizmet sunar. \u00d6rnek yap\u0131land\u0131rma:<\/p>\n<pre><code># NGINX \u00f6rne\u011fi\nserver {\n    listen 80;\n    server_name api.home.example.com;\n\n    location \/ {\n        proxy_pass http:\/\/127.0.0.1:5000;\n    }\n}\n<\/code><\/pre>\n<p>Bu sayede <code>api.home.example.com<\/code> istekleri 5000 portundaki uygulamaya y\u00f6nlendirilir. Her alt alan i\u00e7in ayr\u0131 blok ekleyerek g\u00fcvenlik seviyesini art\u0131rabilirsiniz.<\/p>\n<h3 id=\"bolum-4\">VPN T\u00fcnelleri: G\u00fcvenli Eri\u015fim<\/h3>\n<p>OpenVPN veya WireGuard, ev a\u011f\u0131n\u0131za uzak eri\u015fim sa\u011flar. Sunucu taraf\u0131nda <code>server.conf<\/code> dosyas\u0131nda <code>port 1194<\/code> ve <code>proto udp<\/code> tan\u0131mlan\u0131r. \u0130stemci taraf\u0131nda ayn\u0131 <code>client.conf<\/code> ile t\u00fcnel a\u00e7\u0131l\u0131r.<\/p>\n<p>VPN \u00fczerinden yap\u0131lan istek, a\u011fdaki di\u011fer hizmetlere do\u011frudan eri\u015fim sa\u011flar. B\u00f6ylece d\u0131\u015far\u0131dan eri\u015fimde port a\u00e7ma ihtiyac\u0131 ortadan kalkar ve g\u00fcvenlik katman\u0131 y\u00fckselir.<\/p>\n<h3 id=\"bolum-5\">\u0130zleme: Prometheus &amp; Grafana<\/h3>\n<p>Prometheus, metrikleri <code>pushgateway<\/code> veya <code>node_exporter<\/code> ile toplar. Basit yap\u0131land\u0131rma dosyas\u0131:<\/p>\n<pre><code># prometheus.yml\nscrape_configs:\n  - job_name: 'node'\n    static_configs:\n      - targets: ['192.168.1.10:9100']\n<\/code><\/pre>\n<p>Grafana, Prometheus verilerini g\u00f6rselle\u015ftirir. Dashboard ekleyip, servis bazl\u0131 metrikleri g\u00f6zetleyerek anl\u0131k aksakl\u0131klar\u0131 erken fark edebilirsiniz. Alarm kurarak kritik durumlarda e-posta veya webhook ile bildirim al\u0131n.<\/p>\n<p>Bu bile\u015fenlerin koordinasyonu, evdeki hosting altyap\u0131s\u0131n\u0131n sa\u011flam, izlenebilir ve g\u00fcvenli olmas\u0131n\u0131 sa\u011flar. Her ad\u0131mda least privilege ilkesine uyun: DNS, reverse proxy, VPN ve izleme ara\u00e7lar\u0131 i\u00e7in sadece gerekli portlar\u0131 a\u00e7\u0131n ve eri\u015fim izinlerini s\u0131k\u0131la\u015ft\u0131r\u0131n.<\/p>\n<h2 id=\"bolum-6\">2. Reverse Proxy ile Alt Alan Y\u00f6nlendirme: Pratik \u00d6rnekler<\/h2>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" alt=\"2. Reverse Proxy ile Alt Alan Y\u00f6nlendirme: Pratik \u00d6rnekler\" loading=\"lazy\" src=\"https:\/\/m4.ist\/wp-content\/uploads\/2026\/04\/z-image-turbo_00093_.png\"\/><\/figure>\n<h3 id=\"bolum-7\">Nginx ile \u00c7oklu Alt Alan Y\u00f6nlendirme<\/h3>\n<p>Home server\u2019\u0131n\u0131z\u0131n tek IP\u2019ine ba\u011fl\u0131 birden fazla hizmeti <strong>sub.domain.com<\/strong> bi\u00e7iminde sunmak i\u00e7in Nginx\u2019in <code>server<\/code> bloklar\u0131n\u0131 kullan\u0131n. A\u015fa\u011f\u0131daki \u00f6rnek, <code>api.example.local<\/code> ve <code>blog.example.local<\/code> i\u00e7in ayr\u0131 backend\u2019lere y\u00f6nlendirir. Her bir <code>listen 80<\/code> sat\u0131r\u0131 ayn\u0131 IP\u2019de kal\u0131r; sadece <code>server_name<\/code> ile ayr\u0131l\u0131r.<\/p>\n<pre><code>server {\n    listen 80;\n    server_name api.example.local;\n\n    location \/ {\n        proxy_pass http:\/\/192.168.1.10:8080;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n    }\n}\n\nserver {\n    listen 80;\n    server_name blog.example.local;\n\n    location \/ {\n        proxy_pass http:\/\/192.168.1.20:80;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n    }\n}\n<\/code><\/pre>\n<h3 id=\"bolum-8\">Caddyfile ile Otomatik Let&#8217;s Encrypt Entegrasyonu<\/h3>\n<p>Caddy, Let&#8217;s Encrypt\u2019i varsay\u0131lan olarak y\u00f6netir. Tek sat\u0131rda t\u00fcm alt alanlar\u0131 ayn\u0131 backend\u2019e y\u00f6nlendirebilir ve HTTPS\u2019i otomatik olarak sa\u011flayabilirsiniz. <code>tls internal<\/code> sat\u0131r\u0131, kendi sertifikalar\u0131n\u0131z\u0131 kullanmak i\u00e7in gereklidir; burada ise otomatik sertifika talebi tercih edilir.<\/p>\n<pre><code>api.example.local, blog.example.local {\n    reverse_proxy 192.168.1.10:8080\n    tls {\n        dns cloudflare\n    }\n}\n<\/code><\/pre>\n<p>Burada <code>dns cloudflare<\/code> kullanmak, dinamik DNS g\u00fcncellemeleriyle DNS kay\u0131tlar\u0131n\u0131 otomatik g\u00fcnceller. Caddyfile\u2019in son sat\u0131r\u0131nda <code>log<\/code> ayarlar\u0131 ekleyerek hatalar\u0131 izleyebilirsiniz.<\/p>\n<h3 id=\"bolum-9\">Traefik ile Dinamik Konfig\u00fcrasyon<\/h3>\n<p>Traefik, Docker, Kubernetes veya do\u011frudan dosya tabanl\u0131 konfig\u00fcrasyonlar\u0131 dinamik olarak alg\u0131lar. <code>traefik.yml<\/code> ana dosyas\u0131 ile genel ayarlar, <code>dynamic.yml<\/code> ise alt alan y\u00f6nlendirmeleri i\u00e7erir. A\u015fa\u011f\u0131daki diyagramda, Traefik\u2019in \u201cProvider\u201d olarak dosya kullan\u0131m\u0131 ve otomatik HTTPS y\u00f6netimi g\u00f6sterilmi\u015ftir.<\/p>\n<pre><code># traefik.yml\nentryPoints:\n  web:\n    address: \":80\"\n  websecure:\n    address: \":443\"\n\nproviders:\n  file:\n    filename: \"\/etc\/traefik\/dynamic.yml\"\n\ncertificatesResolvers:\n  http:\n    acme:\n      email: admin@example.local\n      storage: acme.json\n      httpChallenge:\n        entryPoint: web\n<\/code><\/pre>\n<pre><code># dynamic.yml\nhttp:\n  routers:\n    api:\n      rule: \"Host(`api.example.local`)\"\n      service: api\n      entryPoints: [\"websecure\"]\n      tls: true\n      tls:\n        certResolver: http\n    blog:\n      rule: \"Host(`blog.example.local`)\"\n      service: blog\n      entryPoints: [\"websecure\"]\n      tls: true\n      tls:\n        certResolver: http\n\n  services:\n    api:\n      loadBalancer:\n        servers:\n          - url: \"http:\/\/192.168.1.10:8080\"\n    blog:\n      loadBalancer:\n        servers:\n          - url: \"http:\/\/192.168.1.20:80\"\n<\/code><\/pre>\n<h3 id=\"bolum-10\">Canl\u0131 Test ve \u0130zleme Ad\u0131mlar\u0131<\/h3>\n<ul>\n<li>DNS kay\u0131tlar\u0131n\u0131 <code>dig api.example.local<\/code> ile kontrol edin; A kayd\u0131 ev sunucusunun IP\u2019sini g\u00f6stermeli.<\/li>\n<li>HTTP iste\u011fi: <code>curl -I http:\/\/api.example.local<\/code>; 302 y\u00f6nlendirme ve <code>Location: https:\/\/api.example.local\/<\/code> olmas\u0131 gerekir.<\/li>\n<li>HTTPS istekleri: <code>curl -I https:\/\/api.example.local<\/code>; <code>HTTP\/2 200<\/code> ve ge\u00e7erli Let&#8217;s Encrypt sertifikas\u0131 g\u00f6r\u00fclmeli.<\/li>\n<li>Traefik Dashboard\u2019a <code>http:\/\/localhost:8080\/dashboard\/<\/code> \u00fczerinden eri\u015fip rota ve servis durumlar\u0131n\u0131 do\u011frulay\u0131n.<\/li>\n<li>Log dosyalar\u0131n\u0131 (\/var\/log\/nginx\/, \/var\/log\/caddy\/, \/var\/log\/traefik\/) kontrol ederek hatalar\u0131 erken tespit edin.<\/li>\n<\/ul>\n<p>Bu ad\u0131mlar\u0131 izleyerek, ev ortam\u0131nda tek IP \u00fczerinden farkl\u0131 alt alanlara g\u00fcvenli, otomatik sertifikal\u0131 eri\u015fim sa\u011flayabilir, opsiyonel olarak Traefik ile dinamik yap\u0131land\u0131rma avantajlar\u0131ndan yararlanabilirsiniz. B\u00f6ylece, hem maliyet hem de y\u00f6netim y\u00fck\u00fcn\u00fc d\u00fc\u015f\u00fcr\u00fcrken, risk y\u00f6netimini \u00fcst seviyede tutars\u0131n\u0131z.<\/p>\n<h2 id=\"bolum-11\">3. VPN T\u00fcnelleri ve G\u00fcvenlik: \u00d6rnek Senaryolar<\/h2>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" alt=\"3. VPN T\u00fcnelleri ve G\u00fcvenlik: \u00d6rnek Senaryolar\" loading=\"lazy\" src=\"https:\/\/m4.ist\/wp-content\/uploads\/2026\/04\/z-image-turbo_00094_.png\"\/><\/figure>\n<h3 id=\"bolum-12\">WireGuard Kurulum Ad\u0131mlar\u0131<\/h3>\n<p>1. Sunucu taraf\u0131nda <code>sudo apt install wireguard<\/code> komutu ile paket y\u00fckl\u00fcyoruz. <code>wg-quick up wg0<\/code> ile servis ba\u015flat\u0131l\u0131yor.<\/p>\n<p>2. <code>\/etc\/wireguard\/wg0.conf<\/code> dosyas\u0131nda a\u015fa\u011f\u0131daki gibi yap\u0131land\u0131rma olu\u015fturuluyor. <code>PrivateKey<\/code> ve <code>ListenPort<\/code> sunucu taraf\u0131, <code>AllowedIPs<\/code> ise a\u011f ge\u00e7idi olarak 10.0.0.0\/24 belirlendi.<\/p>\n<pre><code>[Interface]\nAddress = 10.0.0.1\/24\nPrivateKey = SUNUCU_PRIVATE_KEY\nListenPort = 51820\n\n[Peer]\nPublicKey = CLIENT_PUBLIC_KEY\nAllowedIPs = 10.0.0.2\/32\n<\/code><\/pre>\n<p>3. \u0130stemci cihazda benzer bir dosya olu\u015fturup, <code>sudo wg-quick up wg0<\/code> komutuyla t\u00fcnel a\u00e7\u0131l\u0131r. A\u011f ge\u00e7idi olarak 10.0.0.1\/24 tan\u0131mlan\u0131r.<\/p>\n<p>4. <code>ufw allow 51820\/udp<\/code> ile firewall \u00fczerinden port a\u00e7\u0131l\u0131r. Sunucu ve istemci ayn\u0131 subnet\u2019e ba\u011fland\u0131\u011f\u0131nda, trafik \u015fifreli ve do\u011frudan y\u00f6nlendirilir.<\/p>\n<h3 id=\"bolum-13\">OpenVPN vs WireGuard Kar\u015f\u0131la\u015ft\u0131rmas\u0131<\/h3>\n<p>\u2022 <strong>Performans<\/strong>: WireGuard, kernel mod\u00fcl\u00fc sayesinde 20% daha h\u0131zl\u0131. OpenVPN\u2019in kullan\u0131c\u0131 mod\u00fclde \u00e7al\u0131\u015fmas\u0131 yava\u015flat\u0131r.<\/p>\n<p>\u2022 <strong>Kurulum Karma\u015f\u0131kl\u0131\u011f\u0131<\/strong>: WireGuard tek bir yap\u0131land\u0131rma dosyas\u0131; OpenVPN i\u00e7in cert, ca, server.conf, client.ovpn dosyalar\u0131 gerekir.<\/p>\n<p>\u2022 <strong>G\u00fcvenlik**: WireGuard, modern AEAD \u015fifreleme (ChaCha20-Poly1305) kullan\u0131r; OpenVPN RSA ile DH \u00e7ifti ve TLS v1.3 kullan\u0131r.<\/strong><\/p>\n<p><strong><\/p>\n<p>\u2022 <strong>\u0130zlenebilirlik**: OpenVPN, <code>systemd-logind<\/code> ile detayl\u0131 g\u00fcnl\u00fckler; WireGuard <code>wg show<\/code> ile anl\u0131k istatistik verir.<\/strong><\/p>\n<p><strong><\/p>\n<h3 id=\"bolum-14\">Eri\u015fim Kontrol\u00fc ve ACL<\/h3>\n<p>WireGuard ile <code>AllowedIPs<\/code> sat\u0131r\u0131 ACL olarak hizmet eder. \u00d6rne\u011fin, sadece <code>10.0.0.2\/32<\/code> ile <code>10.0.0.1\/24<\/code> aras\u0131ndaki trafik izlenir.<\/p>\n<p>IPsec tabanl\u0131 \u00e7\u00f6z\u00fcmler, IPsec\u2011AutoIP gibi ara\u00e7larla ACL\u2019i <code>src=10.0.0.2 dst=10.0.0.1<\/code> \u015feklinde tan\u0131mlar. B\u00f6ylece belirli istemciler i\u00e7in a\u011f eri\u015fimi s\u0131n\u0131rland\u0131r\u0131l\u0131r.<\/p>\n<p>ACL\u2019in g\u00fcncellenmesi <code>wg setconf<\/code> ile dinamik olarak yap\u0131labilir. Yanl\u0131\u015f ACL, a\u011fdaki di\u011fer servisleri eri\u015fime kapat\u0131r; hatal\u0131 yap\u0131land\u0131rmalar ba\u011flant\u0131y\u0131 kesebilir.<\/p>\n<h3 id=\"bolum-15\">IPsec ve Y\u00f6nlendirme<\/h3>\n<p>IPsec, VPN t\u00fcnelinden sonra gelen paketlerin y\u00f6nlendirilmesi i\u00e7in kullan\u0131l\u0131r. <code>iptables -t nat -A POSTROUTING -s 10.0.0.0\/24 -o eth0 -j MASQUERADE<\/code> komutu ile t\u00fcnel i\u00e7indeki IP\u2019ler d\u0131\u015fa y\u00f6nlendirilir.<\/p>\n<p>Y\u00f6nlendirme tablosuna <code>ip route add 10.0.0.0\/24 dev wg0<\/code> eklenir. B\u00f6ylece t\u00fcm alt a\u011f t\u00fcnel \u00fczerinden ge\u00e7er.<\/p>\n<p>\u00d6rnek senaryo: Evdeki Raspberry Pi, 10.0.0.1\/24 adresiyle VPN sunucusu. \u00c7al\u0131\u015fan bir geli\u015ftirici, laptopunda 10.0.0.2\/32 IP\u2019ine sahip olur. <code>ssh -i id_rsa pi@10.0.0.1<\/code> ile g\u00fcvenli oturum a\u00e7ar; t\u00fcm dosya transferleri \u015fifreli t\u00fcnel \u00fczerinden y\u00fcr\u00fcr.<\/p>\n<p>IPsec ile \u00e7ift y\u00f6nl\u00fc \u015fifreleme eklenirse, hem sunucu hem de istemci taraf\u0131nda paket \u015fifrelenir. B\u00f6ylece arac\u0131 bir ISP\u2019nin trafi\u011fini izleme riskini ortadan kald\u0131r\u0131r.<\/p>\n<p><\/strong><\/strong><\/p>\n<h2 id=\"bolum-16\">4. \u0130zleme ve Loglama: Operat\u00f6r\u00fcn G\u00f6z\u00fc<\/h2>\n<p>Operat\u00f6r olarak, sisteminizin her an\u0131n\u0131 g\u00f6rmeniz gerekir. \u0130zleme, loglama ve h\u0131zl\u0131 geri d\u00f6n\u00fc\u015f mekanizmalar\u0131, uptime ve g\u00fcvenlik i\u00e7in kritik. Burada \u00f6nerilen stack: Prometheus + Grafana, ELK, Alertmanager ve log ar\u015fivleme. Her bile\u015fen i\u00e7in ad\u0131m ad\u0131m yap\u0131land\u0131rma g\u00f6sterilir.<\/p>\n<h3 id=\"bolum-17\">Prometheus ile Metric Toplama<\/h3>\n<p>1. <strong>Hedef Belirleme<\/strong>: NGINX, WireGuard ve sunucu donan\u0131m\u0131 i\u00e7in <code>prometheus.yml<\/code> dosyas\u0131nda <code>job_name<\/code> tan\u0131mlay\u0131n. \u00d6rne\u011fin:<\/p>\n<pre><code>scrape_configs:\n  - job_name: 'nginx'\n    static_configs:\n      - targets: ['localhost:9113']<\/code><\/pre>\n<p>2. <strong>Exporters Kurulumu<\/strong>: NGINX i\u00e7in <code>nginx-prometheus-exporter<\/code>, WireGuard i\u00e7in <code>wireguard-exporter<\/code> y\u00fckleyin. Exporter\u2019lar, 9100 gibi standart portta metric sunar.<\/p>\n<p>3. <strong>Prometheus\u2019\u0131 Yeniden Ba\u015flatma<\/strong>: <code>systemctl restart prometheus<\/code>. Prometheus UI\u2019de <code>http:\/\/:9090\/targets<\/code> ile t\u00fcm hedeflerin aktif oldu\u011fundan emin olun.<\/p>\n<h3 id=\"bolum-18\">Grafana ile Dashboard Olu\u015fturma<\/h3>\n<p>1. <strong>Grafana\u2019yi Y\u00fckleyin<\/strong>: <code>apt install grafana<\/code>, ard\u0131ndan <code>systemctl enable --now grafana-server<\/code>.<\/p>\n<p>2. <strong>Data Source Ekleyin<\/strong>: Grafana UI\u2019de \u201cConfiguration\u201d \u2192 \u201cData Sources\u201d \u2192 \u201cPrometheus\u201d ekleyin; URL olarak <code>http:\/\/localhost:9090<\/code>.<\/p>\n<p>3. <strong>\u00d6zel Paneller Olu\u015fturun<\/strong>: <code>nginx_requests_total{method=\"GET\"}<\/code>, <code>wg_peers{state=\"up\"}<\/code>, <code>node_cpu_seconds_total{mode=\"idle\"}<\/code> gibi sorgular\u0131 tek tek ekleyerek operat\u00f6r odakl\u0131 panel olu\u015fturun. Panelleri \u201crow\u201d olarak gruplay\u0131n: \u201cWeb Trafi\u011fi\u201d, \u201cVPN Durumu\u201d, \u201cSistem Kaynaklar\u0131\u201d.<\/p>\n<p>4. <strong>\u0130zleme Kural\u0131 Tan\u0131mlay\u0131n<\/strong>: Grafana Alerts ile CPU &gt;80%, 5xx rate &gt;1% gibi kritik threshold\u2019lar\u0131 belirleyin. Alert tetiklendi\u011finde e-posta veya Slack webhook\u2019a g\u00f6nderim yap\u0131land\u0131r\u0131n.<\/p>\n<h3 id=\"bolum-19\">ELK Stack ile Log Toplama<\/h3>\n<p>1. <strong>Filebeat Kurulumu<\/strong>: <code>apt install filebeat<\/code>. <code>\/etc\/filebeat\/filebeat.yml<\/code>de NGINX ve sistem loglar\u0131n\u0131 izleyen kurallar ekleyin.<\/p>\n<p>2. <strong>Logstash Konfig\u00fcrasyonu<\/strong>: <code>input { beats { port =&gt; 5044 } }<\/code>, ard\u0131ndan <code>filter { grok { match =&gt; { \"message\" =&gt; \"%{COMBINEDAPACHELOG}\" } } }<\/code>. Logstash, yap\u0131land\u0131r\u0131lm\u0131\u015f JSON\u2019e d\u00f6n\u00fc\u015ft\u00fcr\u00fcr.<\/p>\n<p>3. <strong>Kibana ile G\u00f6rselle\u015ftirme<\/strong>: <code>http:\/\/:5601<\/code> \u00fczerinden \u201cDiscover\u201d tab\u0131nda loglar\u0131 inceleyin. \u201cDashboard\u201d olu\u015fturup, \u201cNGINX 5xx\u201d ve \u201cWireGuard Connection\u201d gibi kritik metrikler ekleyin.<\/p>\n<p>4. <strong>Log Retention Politikas\u0131<\/strong>: ElasticSearch\u2019te <code>index.lifecycle.name<\/code> ile g\u00fcnl\u00fck loglar\u0131 30 g\u00fcn tutun, ard\u0131ndan ar\u015fivleyin. Bu, disk kullan\u0131m\u0131n\u0131 kontrol alt\u0131nda tutar.<\/p>\n<h3 id=\"bolum-20\">Alertmanager ile Bildirim Ayarlar\u0131<\/h3>\n<p>1. <strong>Alertmanager Kurulumu<\/strong>: <code>apt install alertmanager<\/code>. <code>\/etc\/alertmanager\/config.yml<\/code>de e-posta, PagerDuty, Opsgenie entegrasyonlar\u0131n\u0131 tan\u0131mlay\u0131n.<\/p>\n<p>2. <strong>Alert D\u00fczenleme<\/strong>: Prometheus\u2019ta tan\u0131mlad\u0131\u011f\u0131n\u0131z alert\u2019leri Alertmanager\u2019a y\u00f6nlendirin. \u00d6rne\u011fin, \u201cnginx_5xx_high\u201d alert\u2019\u0131 <code>opsgenie_receiver<\/code> \u00fczerinden g\u00f6nderilsin.<\/p>\n<p>3. <strong>Silence &amp; Acknowledgement<\/strong>: Operat\u00f6r olarak, sahte alarm durumlar\u0131nda <code>amtool silence add<\/code> ile ge\u00e7ici susturma yap\u0131n. Bu, yan\u0131lma pay\u0131n\u0131 azalt\u0131r.<\/p>\n<h3 id=\"bolum-21\">Rollback ve Log Ar\u015fivleme<\/h3>\n<p>1. <strong>Configuration Management<\/strong>: Ansible, Terraform veya GitOps kullanarak t\u00fcm yap\u0131land\u0131rma dosyalar\u0131n\u0131z\u0131 versiyon kontrol\u00fcne al\u0131n. Her de\u011fi\u015fiklik <code>git commit<\/code> ile kaydedilsin.<\/p>\n<p>2. <strong>Snapshot Al\u0131n<\/strong>: Docker\/KVM\/VM ortamlar\u0131nda, de\u011fi\u015fiklikten \u00f6nce <code>docker commit<\/code> veya <code>virsh snapshot-create-as<\/code> ile snapshot al\u0131n.<\/p>\n<p>3. <strong>Log Ar\u015fivi<\/strong>: Logstash\u2019da <code>archive<\/code> output plugin\u2019i kullanarak loglar\u0131 S3 veya on-premise NAS\u2019e ta\u015f\u0131y\u0131n. Ar\u015fiv loglar\u0131, belirli bir TTL ile silin.<\/p>\n<p>4. <strong>Rollback \u0130\u015flemi<\/strong>: Problemler ortaya \u00e7\u0131kt\u0131\u011f\u0131nda, Ansible playbook\u2019\u0131n\u0131 <code>--diff --tags rollback<\/code> ile geri \u00e7ekin veya snapshot\u2019\u0131 geri y\u00fckleyin. Operat\u00f6r, de\u011fi\u015fiklik tarih\u00e7esini kontrol eder ve tek ad\u0131m geri d\u00f6n\u00fc\u015f yapar.<\/p>\n<p>Bu yap\u0131, s\u00fcrekli g\u00f6zlem, h\u0131zl\u0131 tepki ve g\u00fcvenli geri d\u00f6n\u00fc\u015f imkan\u0131 sunar. Operat\u00f6r olarak, sisteminizin durumu her an g\u00f6r\u00fcn\u00fcr ve m\u00fcdahale senaryolar\u0131 \u00f6nceden tan\u0131mlanm\u0131\u015f durumda. B\u00f6ylece uptime ve g\u00fcvenlik birle\u015ftirilen sa\u011flam bir ev altyap\u0131s\u0131 elde edilir.<\/p>\n<h2 id=\"bolum-22\">5. Yayg\u0131n Hatalar ve Risk Y\u00f6netimi<\/h2>\n<p>Evde kurulan altyap\u0131larda kar\u015f\u0131la\u015f\u0131lan hatalar, sistemin g\u00fcvenli\u011fini ve s\u00fcreklili\u011fini tehdit eder. A\u015fa\u011f\u0131daki maddeler, ger\u00e7ek ortamdan \u00f6rnekler ve \u00f6nlem \u00f6nerileriyle, operat\u00f6r\u00fcn h\u0131zl\u0131 m\u00fcdahale etmesini sa\u011flar.<\/p>\n<h3 id=\"bolum-23\">Zay\u0131f TLS Yap\u0131land\u0131rmas\u0131<\/h3>\n<p>Let&#8217;s Encrypt sertifikalar\u0131 ge\u00e7erli olsa da, eski TLS s\u00fcr\u00fcmleri (TLS1.0\/1.1) veya zay\u0131f cipher setleri sunucuya sald\u0131r\u0131 kap\u0131s\u0131 a\u00e7ar. <strong>\u0130lk ad\u0131m<\/strong>, <code>ssl_protocols TLSv1.2 TLSv1.3;<\/code> ile protokolleri k\u0131s\u0131tlamak ve <code>ssl_ciphers HIGH:!aNULL:!MD5;<\/code> ile g\u00fc\u00e7l\u00fc \u015fifreler se\u00e7mektir. <strong>\u0130kinci ad\u0131m<\/strong>, <code>openssl s_client -connect host:443 -tls1_2<\/code> komutuyla test ederek zay\u0131f cipher&#8217;lar\u0131 tespit edin. Bu ayarlar, sald\u0131rgan\u0131n downgrade attack yapmas\u0131n\u0131 \u00f6nler.<\/p>\n<h3 id=\"bolum-24\">Yanl\u0131\u015f ACL ile A\u00e7ma<\/h3>\n<p>\u0130\u00e7 a\u011fdaki web sunucusu IP tabanl\u0131 ACL\u2019ler uygundur, ancak yanl\u0131\u015f yap\u0131land\u0131r\u0131lan firewall, t\u00fcm portlar\u0131 a\u00e7ar. <strong>\u00d6nlem<\/strong>: <code>ufw allow from 192.168.1.0\/24 to any port 443 proto tcp<\/code> gibi IP s\u0131n\u0131rl\u0131 kurallar koyun. Ayr\u0131ca, <code>deny from all<\/code> ile varsay\u0131lan kapatmay\u0131 unutmamak gerekir. ACL\u2019lerin d\u00fczenli denetlenmesi, izinsiz eri\u015fim giri\u015fimlerinin erken tespit edilmesine yard\u0131mc\u0131 olur.<\/p>\n<h3 id=\"bolum-25\">Eksik Log Rotasyonu<\/h3>\n<p>Log dosyalar\u0131, disk dolulu\u011funa ve veri kayb\u0131na yol a\u00e7ar. <strong>Pratik \u00e7\u00f6z\u00fcm<\/strong>, <code>logrotate<\/code> ile g\u00fcnl\u00fck log dosyalar\u0131n\u0131 s\u0131k\u0131\u015ft\u0131rarak ar\u015fivleyin. <code>\/etc\/logrotate.d\/nginx<\/code> i\u00e7inde <code>rotate 30<\/code> ve <code>daily<\/code> ayarlar\u0131n\u0131 kullan\u0131n. Rotasyon s\u0131ras\u0131nda loglar\u0131n bozulmamas\u0131 i\u00e7in <code>copytruncate<\/code> se\u00e7ene\u011fi tercih edilmelidir. Log rotasyonu, performans d\u00fc\u015f\u00fc\u015flerini ve g\u00fcvenlik ihlallerini engeller.<\/p>\n<h3 id=\"bolum-26\">Y\u00fcksek TTL\u2019li DNS Cache Sorunlar\u0131<\/h3>\n<p>Evde kurulan DNS sunucular\u0131, y\u00fcksek TTL (\u00f6rn. 86400 saniye) ile \u00f6nbellekleme yaparsa IP de\u011fi\u015fikliklerinde gecikme olur. <strong>\u00c7\u00f6z\u00fcm<\/strong>: <code>options { max-cache-ttl 600; }; <\/code> gibi d\u00fc\u015f\u00fck TTL de\u011ferleri belirleyin. B\u00f6ylece IP de\u011fi\u015fikli\u011fi an\u0131nda yeni sorgulara yans\u0131ma h\u0131zlan\u0131r. Ayr\u0131ca, <code>dig @dns-server sub.example.com +nocmd +noall +answer<\/code> ile TTL de\u011ferini test edin.<\/p>\n<h3 id=\"bolum-27\">Yedekleme Eksikli\u011fi<\/h3>\n<p>Konfig\u00fcrasyon ve veri dosyalar\u0131n\u0131n yedeklenmemesi, donan\u0131m ar\u0131zas\u0131nda tam kayba yol a\u00e7ar. <strong>Yedekleme stratejisi<\/strong>: <code>rsync -a \/etc\/nginx \/mnt\/backup\/nginx-$(date +%F)<\/code> komutuyla g\u00fcnl\u00fck yedekler olu\u015fturun. <code>cron<\/code> ile otomatikle\u015ftirilen bu s\u00fcre\u00e7, 3 g\u00fcnl\u00fck d\u00f6ng\u00fcyle <code>archive<\/code> klas\u00f6r\u00fcne ta\u015f\u0131r. Yedeklerin harici bir ortamda saklanmas\u0131, fiziksel hasar riskini azalt\u0131r.<\/p>\n<h2 id=\"bolum-28\">6. \u00d6zet ve H\u0131zl\u0131 Hat\u0131rlatma<\/h2>\n<p>Kurulum s\u00fcrecini k\u0131sa ad\u0131mlarla hat\u0131rlayal\u0131m: 1) DNS kay\u0131tlar\u0131n\u0131 VPSIP\u2019ye y\u00f6nlendirme. 2) Reverse proxy\u2019yi (Nginx\/Caddy) subdomain routing i\u00e7in yap\u0131land\u0131rma. 3) WireGuard ile g\u00fcvenli t\u00fcnel kurma. 4) Prometheus, Grafana, ELK ile izleme ve log toplama. 5) Let\u2019s Encrypt ile otomatik TLS y\u00f6netimi. 6) Yedekleme stratejisi (snapshot) ve rollback prosed\u00fcr\u00fc. Her ad\u0131mda en az bir kez test yap\u0131p loglar\u0131 inceleyin. Ayr\u0131ca, yap\u0131land\u0131rma de\u011fi\u015fiklikleri i\u00e7in version kontrol sistemi kullan\u0131n.<\/p>\n<h3 id=\"bolum-29\">G\u00fcvenlik Kontrol Listesi<\/h3>\n<ul>\n<li>Least privilege: servisler sadece gerekli portlar\u0131 dinlesin.<\/li>\n<li>Rollback haz\u0131r: yap\u0131land\u0131rma dosyas\u0131 de\u011fi\u015fmeden \u00f6nce snapshot al\u0131n.<\/li>\n<li>Loglama: sistem, uygulama ve a\u011f loglar\u0131 merkezi toplanmal\u0131.<\/li>\n<li>TLS: CipherSuite, SNI ve HSTS zorunlu.<\/li>\n<li>VPN: AllowedIPs s\u0131k\u0131 belirlenmeli, \u015fifreleme zorlu\u011fu y\u00fcksek.<\/li>\n<\/ul>\n<h3 id=\"bolum-30\">Kaynak Ba\u011flant\u0131lar\u0131<\/h3>\n<p>Detayl\u0131 k\u0131lavuzlar: <a href=\"\/kendi-hosting-altyap-n-evde-kurmak-dns-reverse-proxy-t-nel-ve-i-zleme-sistemiyle-tam-mimari-rehberi\">Rehber<\/a>, <a href=\"\/kendi-hosting-altyap-n-evde-kurmak-dns-reverse-proxy-t-nel-ve-i-zleme-sistemiyle-tam-mimari-sorun-giderme\">Sorun giderme<\/a>.<\/p>\n<h3 id=\"bolum-31\">\u0130zleme &amp; Bak\u0131m D\u00f6ng\u00fcs\u00fc<\/h3>\n<p>Her g\u00fcn: Prometheus alarmlar\u0131 kontrol, Grafana paneli g\u00f6zden ge\u00e7ir. Haftada bir: Log ar\u015fivleme, snapshot geri y\u00fckleme test. Ayda bir: TLS sertifikas\u0131 yenileme, WireGuard anahtar d\u00f6k\u00fcm. Otomasyon scriptleri ile g\u00fcncellemeleri s\u0131raya koyun. Her 5 dakikada Prometheus scrape, her 1 saatte log rotation, her 24 saatte snapshot al\u0131nmal\u0131. Alertmanager \u00fczerinden Slack veya e-posta ile kritik uyar\u0131lar al\u0131nmal\u0131. Bu d\u00f6ng\u00fcy\u00fc otomatikle\u015ftirerek operasyonel riskleri minimize eder, uptime\u2019i art\u0131r\u0131r.<\/p>\n<h2 id=\"bolum-32\">S\u0131k\u00e7a Sorulan Sorular<\/h2>\n<h3 id=\"bolum-33\">Evde hosting kurarken reverse proxy se\u00e7erken hangi kriterleri g\u00f6z \u00f6n\u00fcnde bulundurmal\u0131y\u0131m?<\/h3>\n<p>\u0130lk olarak, i\u015flemci ve bellek t\u00fcketimi d\u00fc\u015f\u00fck, HTTPS destekli ve yap\u0131land\u0131rma dosyas\u0131 basit olmal\u0131. Least privilege ile \u00e7al\u0131\u015fmal\u0131, yap\u0131land\u0131rma dosyas\u0131nda ayr\u0131ca sanal host tan\u0131mlanmal\u0131. \u00d6rne\u011fin Nginx ile sadece \/api ve \/web servislerini y\u00f6nlendirmek, sunucu kaynaklar\u0131n\u0131 korur. Kullan\u0131c\u0131 dostu UI de tercih edilmelidir.<\/p>\n<h3 id=\"bolum-34\">DNS kay\u0131tlar\u0131n\u0131 tek bir IP \u00fczerinden y\u00f6nlendirmek riskli midir?<\/h3>\n<p>Tek IP kullanmak, DDoS, failover eksikli\u011fi ve tek nokta ba\u015far\u0131s\u0131zl\u0131k riskini art\u0131r\u0131r. Ancak, do\u011fru yap\u0131land\u0131r\u0131lm\u0131\u015f reverse proxy ve fail2ban ile risk d\u00fc\u015f\u00fcr\u00fclebilir. Yedek IP veya bulut DNS servisi eklemek \u00f6nerilir.<\/p>\n<h3 id=\"bolum-35\">T\u00fcnel (SSH) ile veri ak\u0131\u015f\u0131n\u0131 korurken performans\u0131 nas\u0131l optimize ederim?<\/h3>\n<p>SSH t\u00fcnellerinde port forwarding yerine SOCKS5 kullanmak, paket say\u0131s\u0131n\u0131 azalt\u0131r. Ayr\u0131ca, TCP keepalive, MTU&#8217;yu d\u00fc\u015f\u00fcrme ve sunucu taraf\u0131nda yamac\u0131l\u0131\u011f\u0131 engellemek performans\u0131 y\u00fckseltir.<\/p>\n<h3 id=\"bolum-36\">\u0130zleme sistemi kurarken loglar\u0131 merkezi olarak toplamak i\u00e7in hangi ara\u00e7 \u00f6nerirsiniz?<\/h3>\n<p>Prometheus + Loki kombinasyonu, log toplama ve sorgulama i\u00e7in hafif ve ekosistem uyumlu bir \u00e7\u00f6z\u00fcmd\u00fcr. Grafana ile panel olu\u015fturmak, ger\u00e7ek zamanl\u0131 uyar\u0131lar eklemek operasyonu basitle\u015ftirir.<\/p>\n<h2 id=\"bolum-37\">Sonu\u00e7<\/h2>\n<p>Evde hosting altyap\u0131s\u0131 kurarken DNS, reverse proxy, WireGuard t\u00fcneli ve izleme sistemlerini katmanl\u0131 olarak entegre etmek, g\u00fcvenlik, performans ve y\u00f6netilebilirlik aras\u0131nda denge kurar. DNS kay\u0131tlar\u0131n\u0131 tek bir IP\u2019ye y\u00f6nlendirdikten sonra reverse proxy ile alt alan adlar\u0131n\u0131 hedef sunuculara y\u00f6nlendirir, TLS otomasyonuyla g\u00fcvenli\u011fi sa\u011flar ve minimum ayr\u0131cal\u0131k ilkesini uygulars\u0131n\u0131z. WireGuard t\u00fcneli, dahili trafi\u011fi izole eder ve Prometheus\u2011Grafana\u2011ELK stackiyle ger\u00e7ek\u2011zaman izleme, loglama ve alerting sa\u011flar. Yedekleme, rollback ve versiyon kontrol\u00fc, yap\u0131land\u0131rma de\u011fi\u015fikliklerini g\u00fcvenli tutar. B\u00f6ylece \u00fcretim ortam\u0131nda y\u00fcksek kullan\u0131labilirlik ve h\u0131zl\u0131 geri d\u00f6n\u00fc\u015fler m\u00fcmk\u00fcn olur.<\/p>\n<p>Bir sonraki ad\u0131m, mevcut altyap\u0131n\u0131z\u0131n performans \u00f6l\u00e7\u00fcmlerini toplamak ve y\u00fck dengeleme ile otomatik \u00f6l\u00e7ekleme senaryolar\u0131n\u0131 test etmektir. Bu testler s\u0131ras\u0131nda, trafikteki dalgalanmalar\u0131 g\u00f6zlemleyin, kaynak kullan\u0131m\u0131n\u0131 izleyin ve gerekti\u011finde yap\u0131land\u0131rma ayarlar\u0131n\u0131 optimize edin. Ayr\u0131ca, g\u00fcvenlik duvar\u0131 kurallar\u0131 ve eri\u015fim kontrollerini s\u0131k\u0131la\u015ft\u0131rarak d\u0131\u015f tehditlere kar\u015f\u0131 koruma seviyesini y\u00fckseltin. Test sonu\u00e7lar\u0131n\u0131 belgeleyin ve rollback plan\u0131n\u0131 g\u00fcncelleyin; b\u00f6ylece \u00fcretime ge\u00e7meden \u00f6nce t\u00fcm kritik senaryolar\u0131 kontrol alt\u0131na alm\u0131\u015f olursunuz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kendi Hosting Altyap\u0131n\u0131: Kendi Hosting Altyap Evde ile DNS, Reverse Proxy, VPN t\u00fcnelleri ve Prometheus\u2011Grafana izleme sistemini ad\u0131m ad\u0131m kurun, g\u00fcvenli ve \u00f6l\u00e7e<\/p>\n","protected":false},"author":1,"featured_media":590,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"Kendi Hosting Altyap\u0131n\u0131: 2026 Pratik Rehber","rank_math_description":"Kendi Hosting Altyap\u0131n\u0131: Kendi Hosting Altyap Evde ile DNS, Reverse Proxy, VPN t\u00fcnelleri ve Prometheus\u2011Grafana izleme sistemini ad\u0131m ad\u0131m kurun, g\u00fcvenli ve \u00f6l\u00e7e","rank_math_focus_keyword":"Kendi Hosting Altyap\u0131n\u0131","footnotes":""},"categories":[221],"tags":[82,222,223,224,133,46],"class_list":["post-594","post","type-post","status-publish","format-standard","has-post-thumbnail","category-kendi-hosting-altyapi","tag-dns","tag-kendi-hosting-altyap-evde","tag-monitoring","tag-prometheus","tag-reverse-proxy","tag-vpn"],"_links":{"self":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts\/594","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/comments?post=594"}],"version-history":[{"count":0,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts\/594\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/media\/590"}],"wp:attachment":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/media?parent=594"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/categories?post=594"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/tags?post=594"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}