さくらのVPSとは何か?

設定の流れを確認していこう

  1. さくらのVPSの申し込み
  2. 接続と初期設定
  3. 作業用ユーザーの作成&設定
  4. 鍵認証の設定
  5. SSHの設定
  6. Firewallの設定
  7. Webサーバーの設定
  8. VirtualHostの設定
  9. PHPの設定
  10. MySQLの設定
  11. Ruby & Ruby on Railsの設定
  12. Pythonの設定
  13. MongoDBの設定

さくらのVPSを起動しよう

  1. 公式サイトより1Gプランの2週間お試し申し込みを実施
  2. 自動返信メール×1通
  3. 仮登録完了メール×1通(10〜20分後)
  1. コントロールパネルからログイン後、仮想サーバを起動

さくらのVPSへ接続してみよう 

$ ssh root@133.242.129.64
The authenticity of host '133.242.129.64 (133.242.129.64)' can't be established.
RSA key fingerprint is 3a:75:43:78:fc:bb:88:46:f6:07:d1:9c:24:d9:12:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '133.242.129.64' (RSA) to the list of known hosts.
root@133.242.129.64's password: 

SAKURA Internet [Virtual Private Server SERVICE]

[root@www1290ui ~]
# yum update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink                                            | 5.5 kB     00:00     
 * base: ftp.iij.ad.jp
 * epel: ftp.iij.ad.jp
 * extras: ftp.iij.ad.jp
 * updates: centosx4.centos.org
epel                                                     | 4.2 kB     00:00     
epel/primary_db                                          | 5.4 MB     00:00     
Setting up Update Process
No Packages marked for Update
# vim /etc/sysconfig/i18n

LANG="ja_JP.UTF-8"
SYSFONT="latarcyrheb-sun16"

# exit
logout
Connection to 133.242.129.64 closed.
$ ssh root@133.242.129.64
root@133.242.129.64's password: 
Last login: Thu Aug  8 22:33:28 2013 from 156227014222.ppp-oct.au-hikari.ne.jp

SAKURA Internet [Virtual Private Server SERVICE]

# date
2013年  8月  8日 木曜日 22:42:58 JST

作業用ユーザーを設定しよう 

# useradd yuji
# passwd yuji
ユーザー yuji のパスワードを変更。
新しいパスワード:
新しいパスワードを再入力してください:
passwd: 全ての認証トークンが正しく更新できました。
# usermod -G wheel yuji
# visudo
## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL
$ ssh yuji@133.242.129.64
yuji@133.242.129.64's password: 

SAKURA Internet [Virtual Private Server SERVICE]

[yuji@www1290ui ~]$

鍵認証を設定しよう

  1. VPS側で公開鍵の保管場所を作る
  2. Mac側で鍵のペアを生成(秘密鍵、公開鍵)
  3. 公開鍵をVPSに転送
  4. Mac側で秘密鍵を使ってログイン
[yuji@www1290ui ~]$ pwd
/home/yuji
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh
yuji-macbook:~ yujishimojo$ ssh-keygen -t rsa -v
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/yujishimojo/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/yujishimojo/.ssh/id_rsa.
Your public key has been saved in /Users/yujishimojo/.ssh/id_rsa.pub.
The key fingerprint is:
dc:83:8e:21:58:b5:2b:16:46:1f:0f:3e:ff:e1:bb:ec yujishimojo@yuji-macbook.local
The key's randomart image is:
+--[ RSA 2048]----+
|    . +          |
|   . + =         |
|    + = .        |
|   + . = o       |
|  . + o S +      |
|   . o + o o     |
|      . . o      |
|         . .     |
|         .E.     |
+-----------------+
$ ls -la .ssh
total 32
drwx------   5 yujishimojo  staff   170 Aug  8 23:08 .
drwx------+ 54 yujishimojo  staff  1904 Aug  8 22:10 ..
-rw-------   1 yujishimojo  staff  1671 Aug  8 23:08 id_rsa
-rw-r--r--   1 yujishimojo  staff   412 Aug  8 23:08 id_rsa.pub
$ scp ~/.ssh/id_rsa.pub yuji@133.242.129.64:~/.ssh/authorized_keys
yuji@133.242.129.64's password: id_rsa.pub                                    100%  412     0.4KB/s   00:00
$ ls -la .ssh
合計 12
drwx------ 2 yuji yuji 4096  8月  8 23:12 2013 .
drwx------ 3 yuji yuji 4096  8月  8 23:05 2013 ..
-rw------- 1 yuji yuji  412  8月  8 23:12 2013 authorized_keys
$ ssh -i ~/.ssh/id_rsa yuji@133.242.129.64
Last login: Thu Aug  8 22:56:50 2013 from 156227014222.ppp-oct.au-hikari.ne.jp

SAKURA Internet [Virtual Private Server SERVICE]

SSHの設定をしよう

  1. ポート番号の変更 22 -> 1024〜65535:61203
  2. パスワードログインの停止
  3. rootログインの停止
[yuji@www1290ui ~]$ sudo -s

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for yuji: 
[root@www1290ui yuji]#
# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.org
Port 61203
PasswordAuthentication no
PermitRootLogin no
# service sshd restart
sshd を停止中:                                             [  OK  ]
sshd を起動中:                                             [  OK  ]
$ ssh yuji@133.242.129.64
ssh: connect to host 133.242.129.64 port 22: Connection refused
$ ssh -p 61203 yuji@133.242.129.64
Last login: Thu Aug  8 23:22:38 2013 from 156227014222.ppp-oct.au-hikari.ne.jp

SAKURA Internet [Virtual Private Server SERVICE]

ファイアーウォールの設定をしよう 

[root@www1290ui yuji]# vim /etc/sysconfig/iptables
*filter
:INPUT    DROP    [0:0]
:FORWARD  DROP    [0:0]
:OUTPUT   ACCEPT  [0:0]
:SERVICES -       [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 4 -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -j SERVICES
-A INPUT -p udp --sport 53 -j ACCEPT
-A INPUT -p udp --sport 123 --dport 123 -j ACCEPT
-A SERVICES -p tcp --dport 61203 -j ACCEPT
-A SERVICES -p tcp --dport 80 -j ACCEPT
-A SERVICES -p tcp --dport 443 -j ACCEPT
COMMIT
# service iptables start
iptables: ファイアウォールルールを適用中:                  [  OK  ]
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request limit: avg 1/sec burst 4 
ACCEPT     tcp  --  anywhere             anywhere            state RELATED,ESTABLISHED 
SERVICES   tcp  --  anywhere             anywhere            state NEW 
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp spt:ntp dpt:ntp 

Chain FORWARD (policy DROP)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain SERVICES (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:61203 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https

Webサーバーの設定をしよう 

# yum install httpd
# chkconfig httpd on
# cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.org[root@www1290ui ~]
# vim /etc/httpd/conf/httpd.conf
# service httpd configtest
Syntax OK
# service httpd start
httpd を起動中:                                            [  OK  ]
# vim /etc/httpd/conf/httpd.conf
# chown -R yuji:yuji /var/www/html/

VirtualHostの設定をしよう 

# mkdir -p /var/www/dev.example.com/public_html/
# chown -R yuji:yuji /var/www/dev.example.com/public_html/

# vim /etc/httpd/conf.d/dev.example.com.conf

<VirtualHost *:80>
  ServerName dev.example.com
  DocumentRoot "/var/www/dev.example.com/public_html"
  DirectoryIndex index.html index.php
  ErrorLog /var/log/httpd/dev.example.com_error_log
  CustomLog /var/log/httpd/dev.example.com_access_log combined
  AddDefaultCharset UTF-8
  <Directory "/var/www/dev.example.com/public_html">
    AllowOverride All
  </Directory>
</VirtualHost>
# vim /etc/httpd/conf/httpd.conf
NameVirtualHost *:80
# service httpd configtest
Syntax OK
# service httpd restart
httpd を停止中:                                            [  OK  ]
httpd を起動中:                                            [  OK  ]
$ vim /var/www/dev.example.com/public_html/index.html
<html>
hello from dev.example.com
</html>

PHPの設定をしよう 

# yum install php php-devel php-mysql php-gd php-mbstring
# php -v
PHP 5.3.3 (cli) (built: Jul 12 2013 20:35:47)
# cp /etc/php.ini /etc/php.ini.org
# vim /etc/php.ini
error_log = /var/log/php_errors.log
mbstring.language = Japanese
mbstring.internal_encoding = UTF-8
mbstring.http_input = auto
mbstring.detect_order = auto
expose_php = Off
date.timezone = Asia/Tokyo
# service httpd restart
httpd を停止中:                                            [  OK  ]
httpd を起動中:                                            [  OK  ]

MySQLの設定をしよう 

# yum install mysql-server
# cp /etc/my.cnf /etc/my.cnf.org
# vim /etc/my.cnf
character_set_server=utf8
default-storage-engine=InnoDB
innodb_file_per_table
[mysql]
default-character-set=utf8
[mysqldump]
default-character-set=utf8
# service mysqld start
# mysql_secure_installation
...
Set root password? [Y/n] Y

New password: Re-enter new password: Password updated successfully! Reloading privilege tables..

... Success!
...
# chkconfig mysqld on
# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.1.69 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> exit
Bye
トップ   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS