"HosCon - GMO Hosting Conference - @æ¸è°·" http://gmohoscon.connpass.com/event/41490/ ã®çºè¡¨ã¹ã©ã¤ãã§ãã10å LT ãªã®ã«ã ãã¶è©°ãè¾¼ãã§ã¾ãã - - - - - - - - - - - - - - - - - â¦
nginxã®ã¹ãã¼ã¿ã¹ã³ã¼ã444 nginxç¬èªã®ã¹ãã¼ã¿ã¹ã³ã¼ã444ã¯ãã¬ã¹ãã³ã¹ããããè¿ããã«ã³ãã¯ã·ã§ã³ãåæã§ãããã¬ã¹ãã³ã¹ããããè¿ããªãã®ã§ãã¹ãã¼ã¿ã¹ã³ã¼ã444ãã¯ã©ã¤ã¢ã³ããåãåããã¨ã¯ãªãã http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return The non-standard code 444 closes a connection without sending a response header. DoSæ»æãªã©ãç¹å®æ¡ä»¶ã®ã¢ã¯ã»ã¹ãBANããã¨ãã«ããªãã¹ãè¨ç®æ©ãªã½ã¼ã¹æ¶è²»ãæãããã¨ãã«ä½¿ããã¯ãã 403ãè¿ãã¨ããªã©ã¨æ¯ã¹ã¦ãã¬ã¹ãã³ã¹éä¿¡ã®ããã®CPUã³ã¹ããç¯ç´ 403ãè¿ãã¨ããªã©ã¨æ¯ã¹ã¦ãã¬ã¹ãã³ã¹ãããåã®ãããã¯ã¼ã¯å¸¯åãç¯ç´ HTTP Keepalive
SREãã¼ã ã®@cubicdaiyaã§ããä»åã¯nginxã«ããTCPã¬ã¤ã¤ã¼ã§ã®ãã¼ããã©ã³ã¹ã«ã¤ãã¦è§£èª¬ãã¾ãã ãã¼ããã©ã³ãµã¼ã¨ãã¦ã®nginx nginxã¯HTTPãTCPãUDPçã®è¤æ°ã®ã¬ã¤ã¤ã¼ã§ãã¼ããã©ã³ãµã¼ã¨ãã¦ç¨¼åããããã¨ãã§ãã¾ããï¼TCPãã¼ããã©ã³ãµã¼ã¯1.9.0以éãUDPãã¼ããã©ã³ãµã¼ã¯1.9.13以éã§å©ç¨å¯è½ã§ãï¼ ã¾ããngx_http_ssl_module ã ngx_stream_ssl_module ãå©ç¨ãããã¨ã§ããããã®ã¬ã¤ã¤ã¼ã§TLSãæå¹åãããã¨ãå¯è½ã§ãã TCPãã¼ããã©ã³ãµã¼ç¨ã®ã¢ã¸ã¥ã¼ã«ãæå¹ã«ãã HTTPã¬ã¤ã¤ã¼ã§ãã¼ããã©ã³ã¹ããããã®ã¢ã¸ã¥ã¼ã«ã¯ããã©ã«ãã§çµã¿è¾¼ã¾ãã¾ãããTCP(ã¨UDP)ã¬ã¤ã¤ã¼ã§ãã¼ããã©ã³ã¹ããã«ã¯nginxã®configureã¹ã¯ãªããã«--with-stream(ããã㯠--with
ä»æ¥ã¯å¤ã³ãã®ããã§ããï¼åã¯ä»å¹´ã¯ç¹ã«å稿ãæãã¦ãããç¨äºãç¡ãããã³ãã±ã«ç¸ã®ãªãå¤ãéããã¦ãã¾ãã¾ããã ã¨ããã§æè¿æä½ã® ATS(Apache Traffic Server) ãã©ã°ã¤ã³ã§ãã ts_mruby ã«ã¬ã¹ãã³ã¹ããã£ãããããã¡ã½ããã追å ãããµã¨æãç«ã£ã¦ç»åãªãµã¤ãºã®ãã¸ãã¯ã mruby ã§æ¸ãã¦ã¿ã¾ããã ãã®ã¬ã¹ãã³ã¹ããã£å å·¥ã¡ã½ãã㯠ATS::Filter#transform! ã«ãªãã¾ãã ãã®ã¡ã½ããã§ã¯ãããã¯ã¾ã㯠Proc ãªãã¸ã§ã¯ãã渡ãã¨ãããã¯ãã©ã¡ã¼ã¿ã«å å·¥åã®ã¬ã¹ãã³ã¹ããã£ã渡ãããè©ä¾¡å¤ã§ã¬ã¹ãã³ã¹ããã£ãå·®ãæ¿ãã¾ãã f = ATS::Filter.new f.transform! do |body| # append text to the end of response body body + "rewritte
ã¯ããã¾ãã¦ãæè¡åºç¤é¨ã®ç¸å(kaihar4)ã§ãï¼ ä»åã¯ãã¢ããªã±ã¼ã·ã§ã³ã®ã¯ã©ã¦ããµã¼ãã¹ã¸ã®ç§»è¡ã®ä¸ç°ã§ã Amazon S3ããåå¾ããç»åURLãå«ããã¡ã¤ã«ãå ã«ããã®URLã®å¤é¨ç»åãåå¾ãã¦è¿ãæ©è½ ãmrubyã§æ¸ãç´ãã¦AWSã«ç§»è¡ãã話ããã¦ããããã¨æãã¾ãã ãã®æ©è½ã¯å ã ã¢ããªã·ãã¯ãªã¢ããªã±ã¼ã·ã§ã³ã®ä¸æ©è½ã¨ãã¦åãã¦ãããã®ã§ããããåãåºãã¦AWSã«ç§»è¡ããã¨ããã®ãä»åç§ã«ä¸ããããããã·ã§ã³ã§ããã ãã®ã¢ããªã±ã¼ã·ã§ã³ã¯æ´å²ãé·ãããã®éã»ã¨ãã©ã¡ã³ããã³ã¹ããã¦ãã¾ããã§ããã ãã£ã¹ããªãã¥ã¼ã·ã§ã³ã¯å¤ãPHPã®ãã¼ã¸ã§ã³ã4ç³»ããããã£ã¦ãã®ã¾ã¾æã£ã¦ããã¨ããé¸æè¢ã¯ãªããAWSä¸ã«æ°è¦ã«ã¤ã³ã¹ã¿ã³ã¹ãæ§ç¯ãããã¨ã«ãªãã¾ãã å¼ç¤¾ã«ã¯APIé¨åãPHPããRubyã«ç§»è¡ããæ¹éãããã¨ãããã¨ããããAmazon Linuxä¸ã«Ruby
nginxã®ãªã¯ã¨ã¹ãæ°ãå¶éãããngx_http_limit_req_moduleã®åä½ãåæã«åéããã¦åæã«ããã£ãã¨ããã話ã§ãã 大ãããã¨ã§ã¯ãªãã®ã§ããdockerã§ãã®åä½ãåç¾ããä¾ã¯ãã¡ãã§ãã github.com ä½ã«ããã£ãã®ãã¨ããã¨ãâ5r/sã5req per secã§ã¯ãªãâã®ã§ãã â2r/sã2req per secã§ã¯ãªãâã®ã§ããã§ãâ1r/sã¯1req per secã§ãâããªããªãã§ããããã ...dockerã®ã³ã³ãããåããã¦shellãå®è¡ããã¨æ¬¡ã®ãããªã¨ã©ã¼ãã°ã¨ã¢ã¯ã»ã¹ãã°ãåºåããã¾ãã nginx_1 | 2016/06/13 15:35:35 [error] 8#8: *18 limiting requests, excess: 0.995 by zone "five", client: 192.168.99.1, ser
ããã«ã¡ã¯ãåå· ( @rrreeeyyy ) ã§ããä»æãªã¹ã¹ã¡ã®ã¢ãã¡ã¯ãªã¼ãã§ãã Nginx ã¯è¨å®ãã¡ã¤ã«ã®è¨è¿°åãé«ãã大å¤ä¾¿å©ãª Web ãµã¼ãã§ãã 便å©ãªåé¢ãè¨å®ãã¡ã¤ã«ã®è¤éåããè¨å®ã«ä¾ã£ã¦ã¯æå³ããªãæåãå¼ãèµ·ããã¦ãã¾ããã¨ãããã¾ãã ããã§æ¬ç¨¿ã§ã¯ docker 並ã³ã« infrataster ã使ç¨ãã Nginx ã®æåããã¹ããããã¨ã«ãã£ã¦ãå®å ¨ã« Nginx ã®è¨å®ãè¨è¿°ããæ¹æ³ã«ã¤ãã¦ç´¹ä»ãã¾ãã ãã¹ã対象㮠Nginx ã®ä»æ§ ä»åã¯ä¾ã¨ãã¦ã次ã®ãããªä»æ§ã® Nginx ã®ãã¹ãã«ã¤ãã¦èãã¾ãã ãããã¯ã¼ã¯å¸¯ã¯ 10.0.0.0/16 ã使ç¨ãã¦ãã Nginx ã®å段ã¨ã㦠L7 ãã¼ããã©ã³ãµãåå¨ãã¦ãã L7 ãã¼ããã©ã³ãµã https ãçµç«¯ãã¦ãã Nginx èªä½ã¯ 80 çªãã¼ã㨠8080 çªãã¼ãã«ã¦å¾ ã¡åãã¦ã
OpenRestyã¯nginxã®ã»ãã«ngx_luaãã¯ããã¨ããCã§æ¸ãããå種ãµã¼ããã¼ãã£ã¢ã¸ã¥ã¼ã«ã¨ngx_luaã®APIãå©ç¨ããrestyã¢ã¸ã¥ã¼ã«ãããã¦Lua/LuaJITã§æ§æããã¦ãã¾ãã OpenRestyã«å«ã¾ãã¦ããnginxèªä½ã¯æ¬å®¶ã®nginxã¨åºæ¬åããªã®ã§ãå¥ã«OpenRestyãå©ç¨ããªãã¦ãèªåã§ngx_luaãçµã¿è¾¼ãã ãããµã¼ãä¸ã«restyã¢ã¸ã¥ã¼ã«ãé å¸ãããã¨ã§ä¼¼ããããªç°å¢ãæ§ç¯ãããã¨ã¯å¯è½ã§ãããOpenRestyã§ããã°ä¸»è¦ãªã¢ã¸ã¥ã¼ã«ãã©ã¤ãã©ãªã./configureãmakeãmake installã®ä¸é£ã®æµãã§ãã¹ã¦ã´ã½ãã¨ã¤ã³ã¹ãã¼ã«ããã¾ãããOpenRestyã®configureã¹ã¯ãªããã¯nginxã®configureã¹ã¯ãªãããç¶æ¿ãããã®ãªã®ã§nginxã®configureãªãã·ã§ã³ãã»ã¼ãã®ã¾ã¾å©ç¨ãããã¨ãã§
ããã«ã¡ã¯ãã¤ã³ãã©ãã¼ã Hazama ã®æ·±è°·ã§ãã ãããµã 2015 ã§ãcybozu.com ã®èªç¤¾è£½ãªãã¼ã¹ãããã·ãå ¨é¢çã«åå®è£ ãã話ããã¦ãã¾ããã ä»åã¯ããã¡ãã®è³æãç´¹ä»ãããã¾ãã cybozu.com ã§ã¯ã客æ§ãã¨ã«ç°ãªããµããã¡ã¤ã³ï¼ex. demo.cybozu.comï¼ãç¨æãã¦ãã¾ãããµããã¡ã¤ã³æ¹å¼ã«ã¯ãã客æ§ãã¨ã«ç°ãªã IP ã¢ãã¬ã¹å¶éããããããã¨ããSame-Origin-Policy ã®ããå®å ¨ã« JavaScript ã§ã«ã¹ã¿ãã¤ãºãã§ããã¨ãã£ãå©ç¹ãããã¾ãã ãã®ãµããã¡ã¤ã³ãå®ç¾ãã¦ããã®ã¯ãå¾æ¥ Apache ã§å®è£ ããããªãã¼ã¹ãããã·ã§ããããããããã®æã®å®è£ ã¯ãµããã¡ã¤ã³ãã¨ã«ç°ãªã VirtualHost ãå®ç¾©ããæ¹å¼ã§ãã客æ§ãµããã¡ã¤ã³ã®æ°ã«æ¯ä¾ã㦠Apache ã®è¨å®ãå¤æ´ããæéã伸ã³ã¦ããã¨ãããã®ã§ãã
ããã«ã¡ã¯ã@harukasanã§ãããã¯ã·ãã§ã¯3年以ä¸ã«ããã£ã¦HTTPãµã¼ãã«nginxãæ¡ç¨ãã¦ãã¾ãããããã®ãã¦ãã¦ãè©°ã¾ã£ããnginxå®è·µå ¥éãã1/16(å)ãæè¡è©è«ç¤¾ããçºå£²ããããã¨ã«ãªãã¾ããã ãã®è¨äºã§ã¯æ¬æ¸ãããã¯ã·ãã§è¯ã使ããã¦ããnginxã®ãã¯ããã¯ã«ã¤ãã¦ããã¤ã¾ãã§ç´¹ä»ãã¾ãã ãã¹ã¦ã®ãªã¯ã¨ã¹ããåãæ¢ããnginx ãã¯ã·ãã®ãããããããµã¼ãã¹ï¼pixivãpixiv Spotlightãpixivã³ããã¯ããã¯ã·ãç¾ç§äºå ¸â¦â¦ï¼ã®ã©ããã«HTTPãªã¯ã¨ã¹ããæããã¨ãè¤æ°å°ããããã³ããµã¼ãã®ã©ããã«å±ãã¾ããå®éã«ã¢ããªã±ã¼ã·ã§ã³ãå¦çããã®ã¯ããã³ããµã¼ãã®è£å´ã«ããã¢ããªã±ã¼ã·ã§ã³ãµã¼ãã§ãããããã®ãµã¼ãã«ã¯PHPã ã£ãããRuby on Railsã ã£ããPlay/Scalaã ã£ããããããªã¢ããªã±ã¼ã·ã§ã³ããããã¤ããã¦ãã¾ã
âHello Worldâãªãã³ããã¼ã¯ã§Unicornã«æ¯ã¹2åé«éã«åä½ããRackãµã¼ãããªãªã¼ã¹ãã¾ããã rubygems: http://rubygems.org/gems/rhebok github: https://github.com/kazeburo/rhebok Perlã®Gazelleããã¼ã¹ã«ä½ã£ã¦ãã¾ããRackã¢ããªã±ã¼ã·ã§ã³ã®éç¨çµé¨ãã»ã¼ãªãã®ã§ãæ©è½ä¸è¶³ãããã¨æãã¾ããissueçã§æãã¦é ããã°å¹¸ãã§ãã ãªãé«éã«åä½ããã¢ããªã±ã¼ã·ã§ã³ãµã¼ããå¿ è¦ãªã®ã Unicornã¯é«éã«åä½ãã¾ããå¤ãã®ã¢ããªã±ã¼ã·ã§ã³ã«ã¨ã£ã¦ã¯ååã§ããããããã§ãRhebokã§ããã«ä¸ã®ããã©ã¼ãã³ã¹ãåºããã¨ããã®ã¯ãæè¡çãªãã£ã¬ã³ã¸ã®ä»ã«ä»¥ä¸ã®ãããªã¢ããªã±ã¼ã·ã§ã³ã§é«éãªã¢ããªã±ã¼ã·ã§ã³ãµã¼ããå¿ è¦ã¨ãããã¨èãã¦ããããã§ãã ã½ã¼ã·ã£ã«ã²ã¼ã ãåºåãµã¼ãã
ã¤ã³ãã©ã¹ãã©ã¯ãã£ã¼é¨ id:sora_h ã§ããã¯ãã¯ãããã§ã¯ã社å åãã® Web ã¢ã㪠(以é â社å ãã¼ã«â) ã社å¤ã®ãããã¯ã¼ã¯ããå©ç¨ããéãã¢ããªã±ã¼ã·ã§ã³ã¬ãã«ã§ã®ã¢ã¯ã»ã¹å¶å¾¡ã¨ã¯å¥ã«ããªãã¼ã¹ãããã·ã§ãã¢ã¯ã»ã¹å¶å¾¡ãå®æ½ãã¦ãã¾ãã*1 ããã¾ã§ BASIC èªè¨¼ããã㯠VPN ã«ãã社å ãããã¯ã¼ã¯ãçµç±ããæ¥ç¶ã¨ããå½¢ã§è¨±å¯ãã¦ãã¾ãããããããiOS ã® Safari ãªã©ã§ã¯ BASIC èªè¨¼æã®ãã¹ã¯ã¼ããä¿åã§ããªãä¸ãé »ç¹ã«å ¥åãæ±ãããã¦ãã¾ãã¾ãããVPN ã¯ãªã³ã¯ãéãåã«æ¥ç¶ããã¦ããå¿ è¦ãããã¾ããããã«ããã社å ãã¼ã«ã社å¤ã§éãæã«æéãããã£ã¦ãã¾ãåé¡ãããã¾ããã ããã«å¯¾ããä¸é¨ã§ã¯ typester/gate ãªã©ãå°å ¥ã Google Apps ã§ã®èªè¨¼ãè¡ãªã£ã¦ãã¾ããããããããã¤ãåé¡ããããéã¢ãããã¯ãªå¯¾å¿ã§ã¯
Nginxã§ã¯, serverã³ã³ããã¹ãã®locationã³ã³ããã¹ãã«ããã¦, proxy_passãã£ã¬ã¯ãã£ããå©ç¨ãããã¨ã§ä»»æã®ãã¹ãã«ã¢ã¯ã»ã¹ã転éãããã¨ãã§ãã¾ã. ä¾ãã°, serverã³ã³ããã¹ãã«ããã¦, location / { proxy_pass http://127.0.0.1:5000; } ã¿ããã«æ¸ãã¦ãããã°, localhostã®5000çªãã¼ãã«ã¢ã¯ã»ã¹ã転éãããã¨ãåºæ¥ã¾ã. Webãµã¼ãã¹ã§ã¯, ããããæãã§Nginxã443çª(HTTPS)ã80çªãã¼ã(HTTP)ã§åããã¢ã¯ã»ã¹ã5000çªãã¼ããªã©ã§åãã¦ããWebã¢ããªã±ã¼ã·ã§ã³ã«è»¢éãã¦ãã訳ã§ã. ã§, ãã®proxy_passãã£ã¬ã¯ãã£ãã¯, IPããã®ã¾ã¾æ¸ãã®ã§ã¯ãªã, 次ã®ããã«ãã¡ã¤ã³ãæ¸ããã¨ãã§ãã¾ã. location / { proxy_pass http
Nginx ã§ãwww ä»ãã® URL ã www ç¡ãã«ãªãã¤ã¬ã¯ããããè¨å®æ¹æ³ããç´¹ä»ãã¾ãã ä¸è¨ã®è¨å®ã¯ãwww.codenote.net ã«ã¢ã¯ã»ã¹ãããããcodenote.net ã¸ãªãã¤ã¬ã¯ãããã¾ãã server { listen 80; server_name www.codenote.net; rewrite ^ http://codenote.net$request_uri? permanent; } wwwä»ãURLã¯ä»å¾ããã£ã¨ãwwwç¡ãURLã«ãªãã¤ã¬ã¯ããããã®ã§ãæå¾ã®ãªãã¤ã¬ã¯ããã©ã°ã permanent ã«ãã¦ãã¾ãã ãªãã¤ã¬ã¯ããã©ã°ã«ã¤ãã¦ã¯è²ã ã¨ç¨®é¡ãããã®ã§ãç¶æ³ã«å¿ãã¦è¨å®ãå¤æ´ãã¦ã¿ã¦ä¸ããã æå¾ã®ãªãã¤ã¬ã¯ããã©ã°ã«ä½ãæå®ãããã§ãHTTPã®ã¹ãã¼ã¿ã¹çªå·ãå¤ãã£ã¦ãã¾ãã ã»last rewriteã¯å®äºã§ã以éã®ãããã
ãè©«ã³ nginx advent calendar ã§ãããnginxã®æ¿ã話ã§ã¯ãªãã§ããnginxã¨çµã¿åããã¦ä½æããç°¡æèªè¨¼ã·ã¹ãã ã«ã¤ãã¦æ¸ãã¾ãã ã¯ãã㫠管çç»é¢ã®èªè¨¼ãçããã©ãããã¦ãã¾ããï¼ ä¸çªãã¤ã¼ããªæ¹æ³ã ã¨Basicèªè¨¼ã使ããã¨ãããã¨ã«ãªãã¨æãã¾ãããID/PWã®ç®¡çãé¢åãªãã¨ããæ¼æ´©ããæã®ãªã¹ã¯ãèããã¨ãããã«ä¼æ¥å ã§ã¯Basicèªè¨¼ã®ã¿ã§ã®èªè¨¼ã¯æ¡ç¨ããã¥ããã§ããã¨ã¯ããããã¡ãã¨ãã管çã·ã¹ãã ãä½æããã®ããããã¯ããã§æéã§ããå¤ãã®ãªã½ã¼ã¹ã管çæ¥åã«å²ãäºãé£ããå°ããçµç¹ã§ããã°å°æ´ãé£é¡ã§ãã å¤ãã®äººãGoogleã®ã¢ã«ã¦ã³ããææããGoogle Appsãæ¡ç¨ãã¦ããä¼æ¥ãå¤ãä»ãããããèªè¨¼é¨åã¯ã§ãããã¨ãªãGoogleããã«ä»»ãã¦ãã¾ããããªãã¨æãã¨ããã§ãã google_auth_proxy ã¨ã¯ãããgoog
Nginxã§HTTPSï¼ã¼ãããå§ãã¦SSLã®è©ä¾¡ãA+ã«ããã¾ã§ Part 2 â è¨å®ãCiphersuiteãããã©ã¼ãã³ã¹ ä»æ¥ã®ã¤ã³ã¿ã¼ãããã®ä¸çã§ã¯ãä¸è¬çãªéçWebãµã¤ããå«ãã å ¨ã¦ã®Webãµã¤ã ã«ãå¼·åºã§å®å ¨ãªHTTPSã®ã»ããã¢ãããå¿ è¦ã¨ãªãã¾ãããã®è¨äºã¯ãNginxã»ãã¥ãªãã£ãã©ã®ããã«ã»ããã¢ããããã®ãã«é¢ããã·ãªã¼ãºã®ãã¼ã2ã§ãã ãã¼ã1 ã¯ãWebãµã¼ãã«æå¹ãªç½²å証ææ¸ãã»ããã¢ãããã話ã§çµäºãã¾ããããããããã«ã¯ãæé©ãªè¨å®ã¨ã¯è¨ãé£ããããã©ã«ãã®Nginxã®è¨å®ã使ç¨ãã¦ãã¾ããã ãã®è¨äºãèªã¿çµããã°ãSSL Labsã®ã¬ãã¼ãã§ãA+ã®è©ä¾¡ãç²å¾ã§ããå®å ¨ãªHTTPSã®è¨å®ãã§ãã¾ããããã ãã§ãªãã追å ã§ããã¤ãã®å¾®èª¿æ´ãè¡ããããã©ã¼ãã³ã¹ããã¦UXãåä¸ããã¦ããã¾ãã ããã«æ²è¼ããè¨è¿°ãã³ã¼ãã®æç²ã®ä»ã«ããããã«ä½¿
ãªãªã¼ã¹ãé害æ å ±ãªã©ã®ãµã¼ãã¹ã®ãç¥ãã
ææ°ã®äººæ°ã¨ã³ããªã¼ã®é ä¿¡
å¦çãå®è¡ä¸ã§ã
j次ã®ããã¯ãã¼ã¯
kåã®ããã¯ãã¼ã¯
lãã¨ã§èªã
eã³ã¡ã³ãä¸è¦§ãéã
oãã¼ã¸ãéã
{{#tags}}- {{label}}
{{/tags}}