My Blog
日々の生活を好き勝手につづったブログ(My blog is written by inoshita.jp)
メニュー
運用設定(基本的な設定)
DNS
/etc/network/interfaces(デフォルト)
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
# This is an autoconfigured IPv6 interface
iface eth0 inet6 auto
/sbin/resolvconfの自動実行で/etc/resolv.conf(/run/resolvconf/resolv.conf)が作成される
static(例)
auto eth0
iface eth0 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 192.168.0.1.22 192.168.0.8
dns-search example.org
atpitude
FILES: /etc/apt/sources.list
NTP
$ sudo aptitude install ntp
・・・
$ sudo service ntp restart
* Stopping NTP server ntpd [ OK ]
* Starting NTP server ntpd [ OK ]
$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
laika.paina.jp 133.243.238.163 2 u 2 64 1 23.726 1.268 0.000
kazunoko.kuee.k 210.173.160.57 3 u 1 64 1 19.100 1.414 0.000
122x215x240x75. 133.243.238.163 2 u - 64 1 24.861 2.238 0.000
ns3.khresear.ch .INIT. 16 u - 64 0 0.000 0.000 0.000
europium.canoni .INIT. 16 u - 64 0 0.000 0.000 0.000
$
FILES: /etc/ntp.conf
ddclient
未設定
DNS
$ sudo aptitude install bind9
・・・
代替設定
FILES: /etc/bind/*
Samba
パッケージはOSインストール時に選択
$ sudo vi /etc/samba/smb.conf
[global]
unix charset = UTF-8
dos charset = CP932
workgroup = XXXXXXXX
server string = %h home server (Samba, Ubuntu)
(接続元の制限)
#### Networking ####
interfaces = 127.0.0.0/8 eth0 192.168.0.0/24
bind interfaces only = yes
(認証なしにする)
### Authentication ####
security = share
(末尾に追加)
[share]
path = /xxx/xxxxx
public = yes
writeable = yes
create mode = 0666
directory mode = 0777
samba再起動
$ sudo service smbd restart
※)sambaはupstartで行っている
Apache2
パッケージはOSインストール時に選択
サーバ情報の非表示などセキュリティ設定
$ sudo vi /etc/apache2/conf.d/security
ServerTokens Prod
ServerSignature Off
MIMEタイプの設定
$ sudo vi /etc/apache2/mods-available/mime.conf
AddHandler cgi-script .cgi .pl
公開ドキュメント等の設定
$ sudo vi /etc/apache2/sites-available/default
ServerName local
ServerAdmin webmaster@localhost
DocumentRoot /var/www
Options FollowSymLinks ExecCGI
perlをlocal/binでも動作するようにしておく
$ sudo ln -s /usr/bin/perl /usr/local/bin/perl
apache2再起動
$ sudo service apache2 restart
* Restarting web server apache2
apache2: Could not reliably determine the server's fully qualified domain name,
using 127.0.1.1 for ServerName
... waiting apache2: Could not reliably determine the server's fully qualified
domain name, using 127.0.1.1 for ServerName
エラーが気になるので/etc/hostsの127.0.1.1にServerNameを追加する(最初に追加しないと同様となる)
$ sudo vi /etc/hosts
127.0.1.1 local xxxxxxxx
$ sudo service apache2 restart
* Restarting web server apache2
... waiting [ OK ]
本来は/etc/apache2/sites-available/defaultを編集するのではなく新規に定義ファイルを作成して以下のようにして切り替える
defaultファイルへの無効化
$ a2dissite default
定義ファイルの有効化(/etc/apache2/sites-enabledからリンク)
$ a2ensite local-server
php5
パッケージはOSインストール時に選択
Apache2で.phpを実行させるためのmime設定
$ sudo vi /etc/apache2/mods-enabled/mime.conf
AddHandler php5-script .php
定義ファイル設定
$ sudo vi /etc/php5/apache2/php.ini
(PHPのバージョンを隠す)
expose_php = Off
(ログに記録するレベルを指定、E_STRICTはPHP5で推奨されていない関数が使用された場合などに警告を出す)
error_reporting = E_ALL & ~E_NOTICE | E_STRICT
(エラーをHTMLで表示しないようにする)
display_errors = Off(確認)
(phpのエラーをログに記録する)
log_errors = On(確認)
(ログに記録するサイズを増やす)
log_errors_max_len = 4096
(記録するログのファイルを指定)
error_log = /var/log/php/php_error_log
($HTTP_*_VARS のような古くて長い変数は使用しない)
register_long_arrays = Off(確認)
(Webアプリケーションではargcやargvは不要)
register_argc_argv = Off(確認)
(PHP6で削除される機能)
magic_quotes_gpc = Off(確認)
(デフォルトの文字コードを指定)
default_charset = "UTF-8"
(require()やinclude()するファイルのディレクトリを指定)
include_path = ".:/usr/share/php:/usr/share/pear"
(動的モジュールのロードをオフにする)
enable_dl = Off(確認)
(ファイルアップロードを使わない)
file_uploads = Off
(URIをファイルとして扱わないようにする)
allow_url_fopen = Off
(JavaScriptでセッションIDを使用しない)
session.cookie_httponly = 1
session.entropy_length = 32
(セッションIDを作成する際の外部リソースへのパスとバイト数)
session.entropy_file = /dev/urandom
(SHA-1の指定に変更)
session.hash_function = 1
[mbstring]
(言語環境を日本語に設定)
mbstring.language = Japanese
(default_charsetと同じ文字コードを指定)
mbstring.internal_encoding = UTF-8
エラーログディレクトリとファイルの作成
$ sudo mkdir /var/log/php
$ sudo touch /var/log/php/php_error_log
ユーザ・グループ・パーミッションはApache2に合わせておく
MySQL
パッケージはOSインストール時に選択(rootのパスワードは既に設定)
管理用にroot以外の一般ユーザ作成
$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 37
Server version: 5.5.31-0ubuntu0.12.04.1 (Ubuntu)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.01 sec)
mysql> grant all privileges on *.* to xxxxxxxx@localhost identified by 'xxxxxxxx';
Query OK, 0 rows affected (0.00 sec)
mysql> select user from mysql.user where user='xxxxxxxx';
+----------+
| user |
+----------+
| xxxxxxxx |
+----------+
1 row in set (0.00 sec)
mysql> show variables like 'character\_set\_%';
+--------------------------+--------+
| Variable_name | Value |
+--------------------------+--------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | latin1 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | latin1 |
| character_set_system | utf8 |
+--------------------------+--------+
7 rows in set (0.00 sec)
mysql> quit
Bye
$
文字コード設定(UTF-8)
(*)は後から追加
$ mysql --help
mysql Ver 14.14 Distrib 5.5.31, for debian-linux-gnu (x86_64) using readline 6.2
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
・・・
Default options are read from the following files in the given order:
/etc/my.cnf /etc/mysql/my.cnf /usr/etc/my.cnf ~/.my.cnf
・・・
$ locate my.cnf
/etc/mysql/my.cnf
(編集)
$ vi /etc/mysql/my.cnf
[client]
default-character-set = utf8
[mysqld]
skip-character-set-client-handshake
character-set-server = utf8
collation-server = utf8_general_ci
# * Fine Tuning
#
skip-innodb(*)
wait_timeout = 60(*)
[mysqldump]
default-character-set = utf8
[mysql]
default-character-set = utf8
(再起動して確認)
$ sudo service mysql restart
mysql stop/waiting
mysql start/running, process 10855
$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 35
Server version: 5.1.63-0+squeeze1 (Debian)
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show variables like 'character\_set\_%';
+--------------------------+--------+
| Variable_name | Value |
+--------------------------+--------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
+--------------------------+--------+
7 rows in set (0.00 sec)
mysql> quit
Bye
$
phpmyadminを導入
$ sudo aptitude install phpmyadmin
・・・
(httpdを求めてくるのでapache2を選択)
(dbconfig-commonは「いいえ」を選択)
・・・
$ vi /etc/apache2/conf.d/phpmyadmin.conf
(アクセス制限を追加)
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
</IfModule>
Deny from All
Allow from 192.168.XX.XX/24
</Directory>
・・・
$ sudo service apache2 restart
* Restarting web server apache2 ... waiting [ OK ]
$
http://(ホスト名)/phpmyadmin/ でアクセス可能か確認
チューニング
$ sudo aptitude install mysqltuner
・・・
$ mysqltuner
>> MySQLTuner 1.0.1 - Major Hayden <major@mhtx.net>
>> Bug reports, feature requests, and downloads at http://mysqltuner.com/
>> Run with '--help' for additional options and output filtering
Please enter your MySQL administrative login: root
Please enter your MySQL administrative password:
-------- General Statistics --------------------------------------------------
[--] Skipped version check for MySQLTuner script
[OK] Currently running supported MySQL version 5.5.31-0ubuntu0.12.04.1
[OK] Operating on 64-bit architecture
-------- Storage Engine Statistics -------------------------------------------
[--] Status: -Archive -BDB -Federated +InnoDB -ISAM -NDBCluster
[--] Data in PERFORMANCE_SCHEMA tables: 0B (Tables: 17)
[!!] InnoDB is enabled but isn't being used
[OK] Total fragmented tables: 0
-------- Performance Metrics -------------------------------------------------
[--] Up for: 2h 21m 42s (112 q [0.013 qps], 41 conn, TX: 19K, RX: 7K)
[--] Reads / Writes: 100% / 0%
[--] Total buffers: 192.0M global + 2.7M per thread (151 max threads)
[OK] Maximum possible memory usage: 597.8M (15% of installed RAM)
[OK] Slow queries: 0% (0/112)
[OK] Highest usage of available connections: 0% (1/151)
[OK] Key buffer size / total MyISAM indexes: 16.0M/99.0K
[!!] Query cache efficiency: 0.0% (0 cached / 71 selects)
[OK] Query cache prunes per day: 0
[OK] Temporary tables created on disk: 20% (54 on disk / 267 total)
[OK] Thread cache hit rate: 97% (1 created / 41 connections)
[OK] Table cache hit rate: 23% (41 open / 171 opened)
[OK] Open file limit used: 4% (48/1K)
[OK] Table locks acquired immediately: 100% (62 immediate / 62 locks)
-------- Recommendations -----------------------------------------------------
General recommendations:
Add skip-innodb to MySQL configuration to disable InnoDB
MySQL started within last 24 hours - recommendations may be inaccurate
Enable the slow query log to troubleshoot bad queries
Variables to adjust:
query_cache_limit (> 1M, or use smaller result sets)
$
ログローテーション
パッケージはOSインストール時に自動インストール
全体設定(/etc/logrotate.conf)
weekly を monthly に変更(週から月へ)
rotate 4 を rotate 60 に変更(月単位なら5年分)
各種設定(/etc/logrotate.d/*)
・apache2
/var/log/apache2/*.log {
monthly # was weekly
missingok
rotate 60 # was 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi; \
endscript
}
・php(新規)
/var/log/php/php_error_log {
monthly
missingok
notifempty
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}
・syslog(/etc/logrotate.d/rsyslog)
/var/log/syslog
{
rotate 6 # was 7
monthly # was daily
missingok
notifempty
delaycompress
compress
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 6 # was 4
monthly # was weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
reload rsyslog >/dev/null 2>&1 || true
endscript
}