Ubuntu10.04ã§dpkgを使ã£ã¦ã€Nginxã«ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’è¿½åŠ ã™ã‚‹
前回の記事ã§ã€Nginxã«ã‚µãƒ¼ãƒ‰ãƒ‘ãƒ¼ãƒ†ã‚£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’è¿½åŠ ã—ã¦ã‚³ãƒ³ãƒ‘イルã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹æ‰‹é †ã‚’書ãã¾ã—ãŸãŒã€Ubuntu(Debian)ã®ä½œæ³•ã«ä¹—ã£å–ã£ã¦dpkgを使ã†ã¨ã€ã‚‚ã£ã¨ç°¡å˜ã«ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«è¿½åŠ ãŒã§ãã‚‹ã®ã§ãã®æ‰‹é †ã‚‚メモã—ã¦ãŠãã¾ã™ã€‚
dpkg-devã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã€Nginxã®ã‚³ãƒ³ãƒ‘イルã«å¿…è¦ãªãƒ©ã‚¤ãƒ–ラリã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã€Nginxã®ã‚½ãƒ¼ã‚¹ã®å–å¾—ã¾ã§
$ sudo apt-get install dpkg-dev $ sudo apt-get update $ sudo apt-get build-dep nginx $ apt-get source nginx $ cd nginx-0.7.65
è¿½åŠ ã™ã‚‹ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã¯ã€AWS Authã‚’è¿½åŠ ã—ãŸã„ã®ã§gitをコマンドを入れã¦ã€ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã®ã‚½ãƒ¼ã‚¹ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—
$ sudo apt-get install git-core $ git clone https://github.com/anomalizer/ngx_aws_auth.git
モジュールをconfigureã«æŒ‡å®š
$ vi debian/rules .. ./configure --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log \ --pid-path=/var/run/nginx.pid \ --lock-path=/var/lock/nginx.lock \ --http-log-path=/var/log/nginx/access.log \ --http-client-body-temp-path=/var/lib/nginx/body \ --http-proxy-temp-path=/var/lib/nginx/proxy \ --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ --with-debug \ --with-http_stub_status_module \ --with-http_flv_module \ --with-http_ssl_module \ --with-http_dav_module \ --with-http_gzip_static_module \ --with-http_realip_module \ --with-mail \ --with-mail_ssl_module \ --with-ipv6 \ --add-module=$(CURDIR)/modules/nginx-upstream-fair \ --add-module=$(CURDIR)/anomalizer-ngx_aws_auth-37adfc3/ --add-module=$(CURDIR)/ngx_aws_auth \ $(CONFIGURE_OPTS) ...
コンパイルã—ã¦ã€ãƒ‘ッケージを作æˆ
$ dpkg-buildpackage -b ... gcc -c -Wall -g -O2 -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs -I src/http -I src/http/modules -I src/mail \ -o objs/addon/anomalizer-ngx_aws_auth-37adfc3/ngx_http_aws_auth.o \ /root/nginx-0.7.65/anomalizer-ngx_aws_auth-37adfc3//ngx_http_aws_auth.c gcc -c -Wall -g -O2 -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs \ -o objs/ngx_modules.o \ objs/ngx_modules.c gcc -o objs/nginx \ objs/src/core/nginx.o \ objs/src/core/ngx_log.o \ objs/src/core/ngx_palloc.o \ objs/src/core/ngx_array.o \ objs/src/core/ngx_list.o \ objs/src/core/ngx_hash.o \ objs/src/core/ngx_buf.o \ objs/src/core/ngx_queue.o \ objs/src/core/ngx_output_chain.o \ objs/src/core/ngx_string.o \ objs/src/core/ngx_parse.o \ objs/src/core/ngx_inet.o \ objs/src/core/ngx_file.o \ objs/src/core/ngx_crc32.o \ objs/src/core/ngx_rbtree.o \ objs/src/core/ngx_radix_tree.o \ objs/src/core/ngx_slab.o \ objs/src/core/ngx_times.o \ objs/src/core/ngx_shmtx.o \ objs/src/core/ngx_connection.o \ objs/src/core/ngx_cycle.o \ objs/src/core/ngx_spinlock.o \ objs/src/core/ngx_cpuinfo.o \ objs/src/core/ngx_conf_file.o \ objs/src/core/ngx_resolver.o \ objs/src/core/ngx_open_file_cache.o \ objs/src/event/ngx_event.o \ objs/src/event/ngx_event_timer.o \ objs/src/event/ngx_event_posted.o \ objs/src/event/ngx_event_busy_lock.o \ objs/src/event/ngx_event_accept.o \ objs/src/event/ngx_event_connect.o \ objs/src/event/ngx_event_pipe.o \ objs/src/os/unix/ngx_time.o \ objs/src/os/unix/ngx_errno.o \ objs/src/os/unix/ngx_alloc.o \ objs/src/os/unix/ngx_files.o \ objs/src/os/unix/ngx_socket.o \ objs/src/os/unix/ngx_recv.o \ objs/src/os/unix/ngx_readv_chain.o \ objs/src/os/unix/ngx_udp_recv.o \ objs/src/os/unix/ngx_send.o \ objs/src/os/unix/ngx_writev_chain.o \ objs/src/os/unix/ngx_channel.o \ objs/src/os/unix/ngx_shmem.o \ objs/src/os/unix/ngx_process.o \ objs/src/os/unix/ngx_daemon.o \ objs/src/os/unix/ngx_setproctitle.o \ objs/src/os/unix/ngx_posix_init.o \ objs/src/os/unix/ngx_user.o \ objs/src/os/unix/ngx_process_cycle.o \ objs/src/os/unix/ngx_linux_init.o \ objs/src/event/modules/ngx_epoll_module.o \ objs/src/os/unix/ngx_linux_sendfile_chain.o \ objs/src/event/ngx_event_openssl.o \ objs/src/core/ngx_regex.o \ objs/src/http/ngx_http.o \ objs/src/http/ngx_http_core_module.o \ objs/src/http/ngx_http_special_response.o \ objs/src/http/ngx_http_request.o \ objs/src/http/ngx_http_parse.o \ objs/src/http/ngx_http_header_filter_module.o \ objs/src/http/ngx_http_write_filter_module.o \ objs/src/http/ngx_http_copy_filter_module.o \ objs/src/http/modules/ngx_http_log_module.o \ objs/src/http/ngx_http_request_body.o \ objs/src/http/ngx_http_variables.o \ objs/src/http/ngx_http_script.o \ objs/src/http/ngx_http_upstream.o \ objs/src/http/ngx_http_upstream_round_robin.o \ objs/src/http/ngx_http_parse_time.o \ objs/src/http/modules/ngx_http_static_module.o \ objs/src/http/modules/ngx_http_index_module.o \ objs/src/http/modules/ngx_http_chunked_filter_module.o \ objs/src/http/modules/ngx_http_range_filter_module.o \ objs/src/http/modules/ngx_http_headers_filter_module.o \ objs/src/http/modules/ngx_http_not_modified_filter_module.o \ objs/src/http/ngx_http_busy_lock.o \ objs/src/http/ngx_http_file_cache.o \ objs/src/http/modules/ngx_http_gzip_filter_module.o \ objs/src/http/ngx_http_postpone_filter_module.o \ objs/src/http/modules/ngx_http_charset_filter_module.o \ objs/src/http/modules/ngx_http_ssi_filter_module.o \ objs/src/http/modules/ngx_http_userid_filter_module.o \ objs/src/http/modules/ngx_http_gzip_static_module.o \ objs/src/http/modules/ngx_http_dav_module.o \ objs/src/http/modules/ngx_http_autoindex_module.o \ objs/src/http/modules/ngx_http_auth_basic_module.o \ objs/src/http/modules/ngx_http_access_module.o \ objs/src/http/modules/ngx_http_limit_zone_module.o \ objs/src/http/modules/ngx_http_limit_req_module.o \ objs/src/http/modules/ngx_http_realip_module.o \ objs/src/http/modules/ngx_http_geo_module.o \ objs/src/http/modules/ngx_http_map_module.o \ objs/src/http/modules/ngx_http_referer_module.o \ objs/src/http/modules/ngx_http_rewrite_module.o \ objs/src/http/modules/ngx_http_ssl_module.o \ objs/src/http/modules/ngx_http_proxy_module.o \ objs/src/http/modules/ngx_http_fastcgi_module.o \ objs/src/http/modules/ngx_http_memcached_module.o \ objs/src/http/modules/ngx_http_empty_gif_module.o \ objs/src/http/modules/ngx_http_browser_module.o \ objs/src/http/modules/ngx_http_flv_module.o \ objs/src/http/modules/ngx_http_upstream_ip_hash_module.o \ objs/src/http/modules/ngx_http_stub_status_module.o \ objs/src/mail/ngx_mail.o \ objs/src/mail/ngx_mail_core_module.o \ objs/src/mail/ngx_mail_handler.o \ objs/src/mail/ngx_mail_parse.o \ objs/src/mail/ngx_mail_ssl_module.o \ objs/src/mail/ngx_mail_pop3_module.o \ objs/src/mail/ngx_mail_pop3_handler.o \ objs/src/mail/ngx_mail_imap_module.o \ objs/src/mail/ngx_mail_imap_handler.o \ objs/src/mail/ngx_mail_smtp_module.o \ objs/src/mail/ngx_mail_smtp_handler.o \ objs/src/mail/ngx_mail_auth_http_module.o \ objs/src/mail/ngx_mail_proxy_module.o \ objs/addon/nginx-upstream-fair/ngx_http_upstream_fair_module.o \ objs/addon/anomalizer-ngx_aws_auth-37adfc3/ngx_http_aws_auth.o \ objs/ngx_modules.o \ -lcrypt -lssl -lpcre -lssl -lcrypto -lz ...
debパッケージをインストール
$ cd .. $ sudo dpkg -i nginx_0.7.65-1ubuntu2.3_amd64.deb
サーãƒãƒ¼å†èµ·å‹•
$sudo service nginx restart
éžå¸¸ã«ç°¡å˜ã§ã™ã€‚
å‚考ã«ã—ãŸã‚µã‚¤ãƒˆ:
Nginx AWS auth on Ubuntu 10.04
S3ã«ä¿å˜ã•ã‚ŒãŸãƒ•ã‚¡ã‚¤ãƒ«ã‚’直接S3ã«ã‚¢ã‚¯ã‚»ã‚¹ã•ã›ãŸããªã„å ´åˆã®Nginxã®è¨å®šã§ã™ã€‚
通常ã¯ã€ç´ ç›´ã«ã‚¯ãƒ©ã‚¦ãƒ‰ãƒ•ãƒãƒ³ãƒˆã‚’利用ã™ã‚Œã°ã„ã„よã†ãªæ°—ã‚‚ã—ã¾ã™ãŒã€èª¿ã¹ã¦ã¿ãŸã®ã§ãƒ¡ãƒ¢ã—ã¦ãŠãã¾ã™ã€‚
Nginxã‹ã‚‰èªè¨¼ä»˜ãã§S3ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹ã«ã¯ã‚µãƒ¼ãƒ‰ãƒ‘ーティã®ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«AWS Authを利用ã—ã¾ã™ã€‚
モジュールã¯ä»¥ä¸‹ã®ãƒªãƒ³ã‚¯ã‹ã‚‰ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã§ãã¾ã™ã€‚
http://wiki.nginx.org/3rdPartyModulesJa
インストール
ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã‚’è¿½åŠ ã—ã¦Nginxをコンパイルã™ã‚‹ãŸã‚ã«å¿…è¦ãª
unzipã¨gccã‚’å«ã‚€build-essentialã‚’ã‚らã‹ã˜ã‚インストールã—ã¦ãŠãã¾ã™ã€‚
$ sudo apt-get update
2012.11.03ç¾åœ¨ã§ã¯ã€apt-get updateã—ã¦ãŠã‹ãªã„ã¨ãƒªãƒã‚¸ãƒˆãƒªã®ãƒ‘スãŒå¤‰ã‚ã£ã¦ã„ã¦gccã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã«å¤±æ•—ã—ã¾ã™
$ sudo apt-get install unzip gcc build-essential $ sudo apt-get install libpcre3 libpcre3-dev $ sudo apt-get install zlib1g-dev $ sudo apt-get install openssl libssl-dev
Nginxã®ã‚½ãƒ¼ã‚¹ã‚’ダウンãƒãƒ¼ãƒ‰ã—ã¦è§£å‡ã—ã¦ãŠãã¾ã™ã€‚
$ wget http://nginx.org/download/nginx-1.2.4.tar.gz $ tar xvfz nginx-1.2.4.tar.gz $ cd nginx-1.2.4
次ã«AWS Authモジュールをダウンãƒãƒ¼ãƒ‰ã—ã¾ã™ã€‚
$ wget https://github.com/anomalizer/ngx_aws_auth/zipball/master $ mv master aws-auth.zip $ unzip aws-auth.zip
configureã—ã¦make
$./configure --sbin-path=/usr/sbin \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--with-debug \
--with-http_stub_status_module \
--with-http_flv_module \
--with-http_ssl_module \
--with-http_dav_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-mail \
--with-mail_ssl_module \
--with-ipv6 \
--add-module=./anomalizer-ngx_aws_auth-37adfc3
...
configuring additional modules
adding module in ./anomalizer-ngx_aws_auth-37adfc3/
+ ngx_http_aws_auth was configured
checking for PCRE library ... found
checking for PCRE JIT support ... not found
checking for system md library ... not found
checking for system md5 library ... not found
checking for OpenSSL md5 crypto library ... not found
checking for sha1 in system md library ... not found
checking for OpenSSL sha1 crypto library ... not found
checking for zlib library ... found
creating objs/Makefile
Configuration summary
+ using system PCRE library
+ using system OpenSSL library
+ md5: using OpenSSL library
+ sha1: using OpenSSL library
+ using system zlib library
nginx path prefix: "/usr/local/nginx"
nginx binary file: "/usr/sbin"
nginx configuration prefix: "/etc/nginx"
nginx configuration file: "/etc/nginx/nginx.conf"
nginx pid file: "/var/run/nginx.pid"
nginx error log file: "/var/log/nginx/error.log"
nginx http access log file: "/var/log/nginx/access.log"
nginx http client request body temporary files: "/var/lib/nginx/body"
nginx http proxy temporary files: "/var/lib/nginx/proxy"
nginx http fastcgi temporary files: "/var/lib/nginx/fastcgi"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
$ make
...
objs/src/http/modules/ngx_http_browser_module.o \
objs/src/http/modules/ngx_http_upstream_ip_hash_module.o \
objs/src/http/modules/ngx_http_upstream_least_conn_module.o \
objs/src/http/modules/ngx_http_upstream_keepalive_module.o \
objs/addon/anomalizer-ngx_aws_auth-37adfc3/ngx_http_aws_auth.o \
objs/ngx_modules.o \
-lpthread -lcrypt -lssl -lpcre -lcrypto -lcrypto -lz
make[1]: Leaving directory `/home/hrendoh/nginx-1.2.2'
make -f objs/Makefile manpage
make[1]: Entering directory `/home/hrendoh/nginx-1.2.2'
sed -e "s|%%PREFIX%%|/usr/local/nginx|" \
-e "s|%%PID_PATH%%|/var/run/nginx.pid|" \
-e "s|%%CONF_PATH%%|/etc/nginx/nginx.conf|" \
-e "s|%%ERROR_LOG_PATH%%|/var/log/nginx/error.log|" \
< man/nginx.8 > objs/nginx.8
make[1]: Leaving directory `/home/hrendoh/nginx-1.2.2'
...
インストール
$ sudo make install
è¨å®š
ã“ã‚“ãªæ„Ÿã˜ã§ã™
location /s/attachment/ {
proxy_pass http://<ãƒã‚±ãƒƒãƒˆå>.s3.amazonaws.com/;
aws_access_key xxxxxxxxxxxxxxxx;
aws_secret_key xxxxxxxxxxxxxxxx
s3_bucket <ãƒã‚±ãƒƒãƒˆå>;
chop_prefix /s/attachment;
proxy_set_header Authorization $s3_auth_token;
proxy_set_header x-amz-date $aws_date;
}
tarを使ã£ã¦ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã”ã¨ãƒ•ã‚¡ã‚¤ãƒ«ã‚’コピー
Macã®å ´åˆã€mvコピー先ã«åŒåã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãŒã‚ã‚‹ã¨-f付ã‘ã¦ã‚‚ã¯ã˜ã‹ã‚Œã‚‹ã®ã§é‡å®ã™ã‚‹ã‹ã‚‚(å¯èƒ½ãªã‚ªãƒ—ションã‚ã‚‹ã‚“ã§ã™ã‹ã?)
カレントディレクトリã®å…¨ã¦ãƒ•ã‚¡ã‚¤ãƒ«ãŠã‚ˆã³ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’ターゲッットディレクトリ(target_dir)ã«ã‚³ãƒ”ー
$ tar cf - * | ( cd /target_dir; tar xfp -)
カレントディレクトリã®æŒ‡å®šã—ãŸãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª(source_dir)をターゲッットディレクトリ(target_dir)ã«ã‚³ãƒ”ー
$ tar cvf - ./source_dir | (cd /target_dir; tar xvfp -)
ニフティクラウドã§rsyncを利用ã—ãŸãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã‚’è¡Œã£ãŸå ´åˆ Disk200ã¨Disk40ã©ã¡ã‚‰ã‚’使ã†ã¹ãã‹ï¼Ÿ
クラウド上ã§ã‚µãƒ¼ãƒ“スをæä¾›ã™ã‚‹å ´åˆãƒ‡ãƒ¼ã‚¿ã®å®‰å…¨æ€§ã«ã¤ã„ã¦ã¯ã€ãƒãƒ¼ãƒ‰é¢ã®HAã¯ã‚µãƒ¼ãƒ“スãŒæä¾›ã—ã¦ã„ã‚‹ãŸã‚*1ã€ã‚¢ãƒ—リケーションã®éšœå®³ã‚„人為的ミスã«ã‚ˆã‚‹ãƒ‡ãƒ¼ã‚¿æå‚·ã«å¯¾å¿œã™ã‚‹ãŸã‚ã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ãŒæœ€ä½Žé™å¿…è¦ã«ãªã‚Šã¾ã™ã€‚
co-meetingã¯ã€ãƒ‡ãƒ¼ã‚¿ãƒ™ãƒ¼ã‚¹ä»¥å¤–ã®ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã¯ã€ã‚·ãƒ³ãƒ—ルã«è¿½åŠ ディスクã«rsyncã§å·®åˆ†ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—を数日間ä¿æŒã—ã¦ã„ã¾ã™ã€‚
co-meetingã¯ã€ãƒ‹ãƒ•ãƒ†ã‚£ã‚¯ãƒ©ã‚¦ãƒ‰ä¸Šã§ã‚µãƒ¼ãƒ“スをæä¾›ã—ã¦ã„ã¾ã™ãŒã€ãƒ‹ãƒ•ãƒ†ã‚£ã‚¯ãƒ©ã‚¦ãƒ‰ã¯ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ã«3x3é‡ã®å†—長性をæŒãŸã›ã¦ã„ã‚‹ã®ã§ãã“ã¯ä¿¡é ¼ã—ã¦ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ファイルをS3ãªã©å¤–部サービスã«ä¿å˜ã™ã‚‹ã“ã¨ã¯è¡Œã£ã¦ã„ã¾ã›ã‚“*2。
ã¾ãŸã€ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã®ä»•çµ„ã¿ã«ã¯LVMã®ã‚¹ãƒŠãƒƒãƒ—ショットも検討ã—ã¦ã„ã¾ã™ãŒã€LVMã®é‹ç”¨çµŒé¨“ãŒç„¡ã„ãŸã‚ã€ä»Šã®ã¨ã“ã‚復旧ãŒã‚ˆã‚Šã‚·ãƒ³ãƒ—ルã§ç¢ºå®Ÿãªrsyncを採用ã—ã¦ã„ã¾ã™*3
ã§ã¯ã€æœ¬é¡Œã€‚
ニフティクラウドã§åˆ©ç”¨å¯èƒ½ãªã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ã¯ä»¥ä¸‹ã®ç‰©ãŒã‚ã‚Šã¾ã™ã€‚
- ãƒãƒ¼ã‚«ãƒ«ãƒ‡ã‚£ã‚¹ã‚¯
- Disk200
- Disk40
- ニフティクラウドストレージ
rsyncã¯ã€æ¯Žæ™‚cronã§å®Ÿè¡Œã—ã¦ã„ã¾ã™ãŒã€å·®åˆ†ã®ã¿ã®ã‚³ãƒ”ーã¨ã¯ã„ãˆã‚³ãƒžãƒ³ãƒ‰ã®å®Ÿè¡Œæ™‚é–“ãŒçŸã„ã«è¶…ã—ãŸã“ã¨ã¯ã‚ã‚Šã¾ã›ã‚“。
コストを考ãˆãªã‘ã‚Œã°ã€Disk200ã‚’è¿·ã‚ãšé¸ã³ã¾ã—ょã†ã€‚
ãŸã ã€Disk200ã¯10500円/100Gbytesã¨çµæ§‹ã„ã„ãŠå€¤æ®µãŒã—ã¾ã™ã€‚
ãã‚Œã«å¯¾ã—ã¦ã€Disk40ã¯4100円/100Gbytesã¨ãŠæ‰‹é ƒä¾¡æ ¼ã§ã™ã€‚
コマンドã®å®Ÿè¡Œã¯ã€CPUã€ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒª/ファイルã®æ§‹é€ ã«ã‚‚影響ã•ã‚Œã‚‹ã®ã§å˜ç´”ã«ãƒ‡ã‚£ã‚¹ã‚¯ã®ã‚¹ãƒ”ードã ã‘ã§ã¯æ¯”較ã§ãã¾ã›ã‚“。
ãã“ã§ã€å„ストレージã«å¯¾ã—ã¦ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¦è¨ˆæ¸¬ã—ã¦ã¿ã¾ã—ãŸã€‚
*1:復旧ã§ããªã„レベルã®ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸éšœå®³ã‚’èµ·ã“ã—ãŸã‚µãƒ¼ãƒ“スもã„ãã¤ã‹ã‚ã‚‹ã®ã§ä»–ã®ã‚¯ãƒ©ã‚¦ãƒ‰ã«ã‚‚データã¯ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã—ãŸã„ã¨ã“ã‚ã§ã™ãŒã€ãã‚Œã¯ã‚³ã‚¹ãƒˆã¨ã®å…¼ãåˆã„ã«ãªã‚Šã¾ã™
*2:元々ã¯s3syncを使ã£ã¦ã„ã¾ã—ãŸãŒãƒ‡ãƒ¼ã‚¿é‡ãŒå¢—ãˆã¦æ¥ãŸãŸã‚厳ã—ããªã£ã¦ãã¾ã—ãŸã€Enterprise版ã¯å†åº¦æ¤œè¨Žã™ã‚‹äºˆå®šã§ã™
*3:ニフティクラウドãŒã€ãƒ‡ã‚£ã‚¹ã‚¯ã®ã‚¹ãƒŠãƒƒãƒ—ショット機能をæä¾›ã—ã¦ãれれã°ã“れらã®ä»•çµ„ã¿ã‚‚å¿…è¦ãªããªã‚Šã¾ã™ãŒã€è¿½åŠ ディスクã„ã¤ã„ã¦ã¯åŽ³ã—ãã†ã§ã™ã‹ã
SSH越ã—ã®ãƒ•ã‚¡ã‚¤ãƒ«æ“作ã¾ã¨ã‚
サーãƒãƒ¼é–“ã§ãƒ•ã‚¡ã‚¤ãƒ«ã‚’ã‚„ã‚Šå–ã‚Šã—ãŸã„å ´åˆã«ã„ã¤ã‚‚コマンドを検索ã—ãªãŠã—ã¦ã—ã¾ã†ã®ã§ssh越ã—ã«ãƒ•ã‚¡ã‚¤ãƒ«ã‚’コピーã™ã‚‹ã‚³ãƒžãƒ³ãƒ‰ã‚’ã¾ã¨ã‚ã¦ã¿ã¾ã—ãŸã€‚
ã¾ãŸã€ã“ã®è¨˜äº‹ã‚’書ã„ã¦ã„る途ä¸ã«åŒæ§˜ã®å†…容をã¾ã¨ã‚ã¦ã„るブãƒã‚°ã‚’見ã¤ã‘ãŸã®ã§ãƒªãƒ³ã‚¯ã‚’è²¼ã£ã¦ãŠãã¾ã™ã€‚
å‰æº–å‚™
ã‚ーファイルã®æ¨©é™å¤‰æ›´
コピー後ã¯æ¨©é™ã‚’è¨å®šã—ç›´ã—ã¦ãŠã
$ chmod 600 keyfile.pem
パスワード無ã—ã®ã‚ーファイルを作æˆã—ã¦ãŠã
ã“ã“ã§ç´¹ä»‹ã™ã‚‹ã‚³ãƒžãƒ³ãƒ‰ã‚’使用ã™ã‚‹ã‚·ã‚§ãƒ«ã‚’cronã«ç™»éŒ²ã™ã‚‹å ´åˆã¯ãƒ‘スフレーズ無ã—ã®ã‚ーファイルを用æ„ã—ã¦ãŠãå¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
$ openssl rsa -in keyfile.pem > keyfile-nopass.pem Enter pass phrase for keyfile.pem: writing RSA key
cronã§ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€ä»¥ä¸‹ã«ç´¹ä»‹ã™ã‚‹ã‚³ãƒžãƒ³ãƒ‰ã®keyfileã‚’keyfile-nopass.pemã«ç½®ãæ›ãˆã¦ãã ã•ã„。
å„コマンドã®ç¢ºèªã¯ã€ubuntu10.04ã§è¡Œã£ã¦ã„ã¾ã™ã€‚
WebSocket(node + socket.io)ã‚’stunnel + HAProxyã§ãƒ—ãƒã‚ã‚·ã™ã‚‹ - ãã®3 - stunnelã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—
以下ã®å›³ã®ã‚ˆã†ãªã€stunnelã¨HAProxyを使ã£ã¦node.jsã¨nginxã‚’1ã¤ã«ã¾ã¨ã‚る構æˆã®ã‚µãƒ¼ãƒãƒ¼æ§‹ç¯‰æ‰‹é †ã‚’ã¾ã¨ã‚ã¦ã„ã¾ã™ã€‚
その1ã§ã¯HAProxyã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã€その2ã§ã¯ãƒ—ãƒã‚ã‚·ã®è¨å®šä¾‹ã«ã¤ã„ã¦ã¾ã¨ã‚ã¾ã—ãŸã€‚
OSã«ä¾å˜ã™ã‚‹ç®‡æ‰€ã¯Ubuntu 10.04を例ã«èª¬æ˜Žã—ã¦ã„ã¾ã™ã€‚
今回ã¯ã€æœ€å¾Œã«HAProxyã®å‰ã«stunnelを建ã¦ã¦SSLã§Webサービスã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãるよã†ã«ã—ã¦è¡Œãã¾ã™ã€‚
stunnelã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ« (パッケージインストール)
stunnelã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«æ‰‹é †ã«ã¤ã„ã¦ã¯ã€ä¸»ã«ä»¥ä¸‹ã®ãƒ–ãƒã‚°ã‚’å‚考ã«ã—ã¾ã—ãŸ:
https://www.siamnet.org/Wiki/Ubuntu-SettingUpStunnel
stunnelã¯aptã§ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã§ãã¾ã™*1。
$ sudo apt-get install stunnel4
/etc/default/stunnel4ã®ã€ŒENABLEDã€ã®å€¤ã‚’「0ã€ã‹ã‚‰ã€Œ1ã€ã«å¤‰æ›´ã—ã¾ã™ã€‚
#ENABLED=0 ENABLED=1
*1:クライアントIPアドレスをã€X-Forwareded-ForヘッダをHAProxyã‹ã‚‰ã‚¢ãƒ—リケーションã«é€ä¿¡ã™ã‚‹å ´åˆã¯ã€HAPorxyプãƒã‚¸ã‚§ã‚¯ãƒˆãŒç”¨æ„ã—ã¦ã„るパッãƒã‚’ã‚ã¦ã¦ã‚½ãƒ¼ã‚¹ã‹ã‚‰ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™
WebSocket(node + socket.io)ã‚’stunnel + HAProxyã§ãƒ—ãƒã‚ã‚·ã™ã‚‹ - ãã®2 - HAProxyã®è¨å®š
Nginxã¨node.jsã‚’HAProxy+stunnelã§ã¾ã¨ã‚る方法ã«ã¤ã„ã¦ã¾ã¨ã‚ã¦ã„ã¾ã™ã€‚
サーãƒãƒ¼ã®æ§‹æˆã¯ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚
å‰å›žã®è¨˜äº‹ã¯HAProxyã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã¾ã§ç´¹ä»‹ã—ã¾ã—ãŸã€‚
http://d.hatena.ne.jp/hrendoh/20120328/1332917793
今回ã¯ã€HAProxyã§Nginxã¨node.jsã®ã‚µãƒ¼ãƒãƒ¼ã«æŒ¯ã‚Šåˆ†ã‘ã‚‹è¨å®šæ–¹æ³•ã¨ã€å„種パラメータã«ã¤ã„ã¦å®Ÿéš›ã®è¨å®šä¾‹ã‚’基ã«ã¾ã¨ã‚ã¦ã¿ã¾ã™ã€‚
è¨å®šã®ãƒªãƒ•ã‚¡ãƒ¬ãƒ³ã‚¹ã¯ã€å…¬å¼ã‚µã‚¤ãƒˆã®Documentページã«ãƒªãƒ³ã‚¯ãŒã‚るテã‚ストã®ã‚‚ã®ã¨ã€Google codeã«ã‚‚åŒã˜å†…容ã®ã‚‚ã®ãŒã¾ã¨ã¾ã£ã¦ã„ã¾ã™ã€‚
Google codeã®ãƒ‰ã‚ュメントã®æ–¹ãŒè¦‹ã‚„ã™ã„ã®ã§ãŠè–¦ã‚ã§ã™ã€‚
haproxy.cfgã®è¨å®š
HAProxyã®è¨å®šã¯ /etc/haproxy/haproxy.cfg ã«è¨˜è¿°ã—ã¾ã™ã€‚
今回ã®ä¾‹ã¯ã€ä»¥ä¸‹ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚
