さくらのVPSとは何か? †
- 概要
- Virtual Private Server: 仮想専用サーバー
- ツール
- ターミナル / SSH2
- ファイル転送ツール(Cyberduck)
- hosts編集ツール(hoster)
設定の流れを確認していこう †
- さくらのVPSの申し込み
- 接続と初期設定
- 作業用ユーザーの作成&設定
- 鍵認証の設定
- SSHの設定
- Firewallの設定
- Webサーバーの設定
- VirtualHostの設定
- PHPの設定
- MySQLの設定
- Ruby & Ruby on Railsの設定
- Pythonの設定
- MongoDBの設定
さくらのVPSを起動しよう †
- 公式サイトより1Gプランの2週間お試し申し込みを実施
- 自動返信メール×1通
- 仮登録完了メール×1通(10〜20分後)
- IPアドレス、rootのパスワード、コントロールパネルURLが記載
- コントロールパネルからログイン後、仮想サーバを起動
さくらのVPSへ接続してみよう †
$ ssh root@133.242.129.64
The authenticity of host '133.242.129.64 (133.242.129.64)' can't be established.
RSA key fingerprint is 3a:75:43:78:fc:bb:88:46:f6:07:d1:9c:24:d9:12:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '133.242.129.64' (RSA) to the list of known hosts.
root@133.242.129.64's password:
SAKURA Internet [Virtual Private Server SERVICE]
[root@www1290ui ~]
# yum update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink | 5.5 kB 00:00
* base: ftp.iij.ad.jp
* epel: ftp.iij.ad.jp
* extras: ftp.iij.ad.jp
* updates: centosx4.centos.org
epel | 4.2 kB 00:00
epel/primary_db | 5.4 MB 00:00
Setting up Update Process
No Packages marked for Update
- vimを日本語化(「LANG="C"」を「LANG="ja_JP.UTF-8"」に変更)
# vim /etc/sysconfig/i18n
LANG="ja_JP.UTF-8"
SYSFONT="latarcyrheb-sun16"
# exit
logout
Connection to 133.242.129.64 closed.
$ ssh root@133.242.129.64
root@133.242.129.64's password:
Last login: Thu Aug 8 22:33:28 2013 from 156227014222.ppp-oct.au-hikari.ne.jp
SAKURA Internet [Virtual Private Server SERVICE]
# date
2013年 8月 8日 木曜日 22:42:58 JST
作業用ユーザーを設定しよう †
# useradd yuji
# passwd yuji
ユーザー yuji のパスワードを変更。
新しいパスワード:
新しいパスワードを再入力してください:
passwd: 全ての認証トークンが正しく更新できました。
# usermod -G wheel yuji
# visudo
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
$ ssh yuji@133.242.129.64
yuji@133.242.129.64's password:
SAKURA Internet [Virtual Private Server SERVICE]
[yuji@www1290ui ~]$
鍵認証を設定しよう †
- VPS側で公開鍵の保管場所を作る
- Mac側で鍵のペアを生成(秘密鍵、公開鍵)
- 公開鍵をVPSに転送
- Mac側で秘密鍵を使ってログイン
[yuji@www1290ui ~]$ pwd
/home/yuji
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
yuji-macbook:~ yujishimojo$ ssh-keygen -t rsa -v
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/yujishimojo/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/yujishimojo/.ssh/id_rsa.
Your public key has been saved in /Users/yujishimojo/.ssh/id_rsa.pub.
The key fingerprint is:
dc:83:8e:21:58:b5:2b:16:46:1f:0f:3e:ff:e1:bb:ec yujishimojo@yuji-macbook.local
The key's randomart image is:
+--[ RSA 2048]----+
| . + |
| . + = |
| + = . |
| + . = o |
| . + o S + |
| . o + o o |
| . . o |
| . . |
| .E. |
+-----------------+
$ ls -la .ssh
total 32
drwx------ 5 yujishimojo staff 170 Aug 8 23:08 .
drwx------+ 54 yujishimojo staff 1904 Aug 8 22:10 ..
-rw------- 1 yujishimojo staff 1671 Aug 8 23:08 id_rsa
-rw-r--r-- 1 yujishimojo staff 412 Aug 8 23:08 id_rsa.pub
$ scp ~/.ssh/id_rsa.pub yuji@133.242.129.64:~/.ssh/authorized_keys
yuji@133.242.129.64's password: id_rsa.pub 100% 412 0.4KB/s 00:00
$ ls -la .ssh
合計 12
drwx------ 2 yuji yuji 4096 8月 8 23:12 2013 .
drwx------ 3 yuji yuji 4096 8月 8 23:05 2013 ..
-rw------- 1 yuji yuji 412 8月 8 23:12 2013 authorized_keys
- Mac側から秘密鍵を使ってSSH接続(2回目以降は鍵部分を省略可)
$ ssh -i ~/.ssh/id_rsa yuji@133.242.129.64
Last login: Thu Aug 8 22:56:50 2013 from 156227014222.ppp-oct.au-hikari.ne.jp
SAKURA Internet [Virtual Private Server SERVICE]
SSHの設定をしよう †
- ポート番号の変更 22 -> 1024〜65535:61203
- パスワードログインの停止
- rootログインの停止
[yuji@www1290ui ~]$ sudo -s
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for yuji:
[root@www1290ui yuji]#
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.org
- 「Port」のコメントを解除し番号を61203に変更
Port 61203
- 「PasswordAuthentication」を「no」に変更
PasswordAuthentication no
- 「PermitRootLogin」のコメントを解除し「no」に変更\
PermitRootLogin no
# service sshd restart
sshd を停止中: [ OK ]
sshd を起動中: [ OK ]
$ ssh yuji@133.242.129.64
ssh: connect to host 133.242.129.64 port 22: Connection refused
$ ssh -p 61203 yuji@133.242.129.64
Last login: Thu Aug 8 23:22:38 2013 from 156227014222.ppp-oct.au-hikari.ne.jp
SAKURA Internet [Virtual Private Server SERVICE]
ファイアーウォールの設定をしよう †
[root@www1290ui yuji]# vim /etc/sysconfig/iptables
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:SERVICES - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 4 -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -j SERVICES
-A INPUT -p udp --sport 53 -j ACCEPT
-A INPUT -p udp --sport 123 --dport 123 -j ACCEPT
-A SERVICES -p tcp --dport 61203 -j ACCEPT
-A SERVICES -p tcp --dport 80 -j ACCEPT
-A SERVICES -p tcp --dport 443 -j ACCEPT
COMMIT
# service iptables start
iptables: ファイアウォールルールを適用中: [ OK ]
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 4
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
SERVICES tcp -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:ntp dpt:ntp
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain SERVICES (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:61203
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
Webサーバーの設定をしよう †
# yum install httpd
# chkconfig httpd on
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.org[root@www1290ui ~]
# vim /etc/httpd/conf/httpd.conf
- 「ServerTokens」の「OS」 -> 「Prod」に変更
- 「ServerSignature」を「off」に変更
- 「Options Index***」を「Options -Index***」
# service httpd configtest
Syntax OK
# service httpd start
httpd を起動中: [ OK ]
# vim /etc/httpd/conf/httpd.conf
- 作業用ユーザーにDocumentRoot配下の編集権減を付与
# chown -R yuji:yuji /var/www/html/
- Cyberduckを起動しブックマークを追加
- SFTP接続設定
- Protocol: SFTP
- Nickname: sakura_vps
- Server: 133.242.129.64
- Username: yuji
- Port: 61203
- Path: /var/www/html
- Use Public Key Authentication
VirtualHostの設定をしよう †
- 1つのIPアドレスで複数のドメインを管理可能
- default --> /var/www/html
- dev.example.com --> /var/www/dev.example.com/public_html/
# mkdir -p /var/www/dev.example.com/public_html/
# chown -R yuji:yuji /var/www/dev.example.com/public_html/
# vim /etc/httpd/conf.d/dev.example.com.conf
<VirtualHost *:80>
ServerName dev.example.com
DocumentRoot "/var/www/dev.example.com/public_html"
DirectoryIndex index.html index.php
ErrorLog /var/log/httpd/dev.example.com_error_log
CustomLog /var/log/httpd/dev.example.com_access_log combined
AddDefaultCharset UTF-8
<Directory "/var/www/dev.example.com/public_html">
AllowOverride All
</Directory>
</VirtualHost>
- 「NameVirtualHost」のコメントを解除しVirtualHostを有効化
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
# service httpd configtest
Syntax OK
# service httpd restart
httpd を停止中: [ OK ]
httpd を起動中: [ OK ]
$ vim /var/www/dev.example.com/public_html/index.html
<html>
hello from dev.example.com
</html>
- Hosterを使い「dev.example.com」ドメインを割当
- ブラウザ経由で「dev.example.com」にアクセス
PHPの設定をしよう †
# yum install php php-devel php-mysql php-gd php-mbstring
# php -v
PHP 5.3.3 (cli) (built: Jul 12 2013 20:35:47)
# cp /etc/php.ini /etc/php.ini.org
# vim /etc/php.ini
- エラーログのコメントを解除し出力先を/var/log/配下に変更
error_log = /var/log/php_errors.log
- 下記コメント解除
- 内部エンコーディングをEUCからUTF-8に変更
- expose_phpをOnからOffに変更
- timezoneを設定
mbstring.language = Japanese
mbstring.internal_encoding = UTF-8
mbstring.http_input = auto
mbstring.detect_order = auto
expose_php = Off
date.timezone = Asia/Tokyo
# service httpd restart
httpd を停止中: [ OK ]
httpd を起動中: [ OK ]
MySQLの設定をしよう †
# yum install mysql-server
# cp /etc/my.cnf /etc/my.cnf.org
# vim /etc/my.cnf
character_set_server=utf8
default-storage-engine=InnoDB
innodb_file_per_table
[mysql]
default-character-set=utf8
[mysqldump]
default-character-set=utf8
# service mysqld start
# mysql_secure_installation
...
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
...
# chkconfig mysqld on
# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.1.69 Source distribution
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> exit
Bye