- user1 ユーザを id 3000 で追加
$ sudo adduser --uid 3000 user1
- user1 ユーザを sudo グループに追加
$ sudo gpasswd -a user1 sudo
- user1 ユーザを www-data グループに追加
$ sudo gpasswd -a user1 www-data
$ sudo adduser --uid 3000 user1
$ sudo gpasswd -a user1 sudo
$ sudo gpasswd -a user1 www-data
参考
設定
$ sudo iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
$ sudo iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
$ sudo iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
$ sudo iptables -A INPUT -i lo -j ACCEPT
$ sudo iptables -A INPUT -p icmp -j ACCEPT
$ sudo iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$ sudo iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
$ sudo iptables -A INPUT -p tcp -m tcp --dport 50022 -j ACCEPT
$ sudo iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -P INPUT DROP
$ sudo iptables -P OUTPUT ACCEPT
$ sudo apt-get install iptables-persistent
$ sudo /etc/init.d/iptables-persistent save (restore)
参考
設定
$ sudo vi /etc/sysctl.conf
※ 以下を追記
net.ipv4.tcp_fin_timeout=20
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_max_syn_backlog=1024
net.ipv4.tcp_keepalive_probes=5
net.core.somaxconn=65535
$ sudo sysctl -p
$ curl http://nginx.org/keys/nginx_signing.key | sudo apt-key add -
$ sudo sh -c "echo 'deb http://nginx.org/packages/ubuntu/ trusty nginx' >> /etc/apt/sources.list.d/nginx.list"
$ sudo sh -c "echo 'deb-src http://nginx.org/packages/ubuntu/ trusty nginx' >> /etc/apt/sources.list.d/nginx.list"
$ sudo apt-get update
$ sudo apt-get install nginx
worker_processes auto;
events {
worker_connections 1024;
use epoll;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $request_time';
log_format ltsv 'domain:$host\t'
'host:$remote_addr\t'
'user:$remote_user\t'
'time:$time_local\t'
'method:$request_method\t'
'path:$request_uri\t'
'protocol:$server_protocol\t'
'status:$status\t'
'size:$body_bytes_sent\t'
'referer:$http_referer\t'
'agent:$http_user_agent\t'
'response_time:$request_time\t'
'cookie:$http_cookie\t'
'set_cookie:$sent_http_set_cookie\t'
'forwarded_for:$http_x_forwarded_for\t'
'upstream_addr:$upstream_addr\t'
'upstream_cache_status:$upstream_cache_status\t'
'upstream_response_time:$upstream_response_time';
access_log /var/log/nginx/access.log ltsv;
sendfile on;
#tcp_nopush on;
server_tokens off;
keepalive_timeout 2;
keepalive_requests 64;
client_header_timeout 10;
client_body_timeout 10;
#send_timeout 10;
#reset_timedout_connection on;
#gzip on;
# 参考)https://worklog.be/archives/3222
#gzip_http_version 1.0;
#gzip_types text/plain
#text/xml
#text/css
#text/javascript
#application/xml
#application/xhtml+xml
#application/rss+xml
#application/atom_xml
#application/javascript
#application/x-javascript
#application/x-httpd-php;
#gzip_disable "MSIE [1-6]\.";
#gzip_disable "Mozilla/4";
#gzip_comp_level 1;
#gzip_buffers 4 8k;
#gzip_min_length 1100;
#fastcgi_buffers 8 64k;
#fastcgi_buffer_size 64k;
#fastcgi_connect_timeout 10;
#fastcgi_read_timeout 10;
#fastcgi_send_timeout 10;
#proxy_connect_timeout 60;
#proxy_send_timeout 60;
#proxy_read_timeout 60;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-Host $host;
#proxy_set_header X-Forwarded-Server $host;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_temp_path /home/www/tmp;
include /etc/nginx/conf.d/*.conf;
}
upstream www.example.jp.7701 {
server unix:/var/www/www.example.jp/htdocs/tmp/sockets/unicorn.sock fail_timeout=0;
}
server {
listen 80;
server_name example.jp www.example.jp;
root /var/www/www.example.jp/htdocs/public;
access_log /var/log/nginx/www.example.jp/access.log ltsv;
error_log /var/log/nginx/www.example.jp/error.log;
location / {
try_files $uri/index.html $uri.html $uri @unicorn;
}
location @unicorn {
proxy_set_header Host $http_host;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_pass http://www.example.jp.7701;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.jp www.example.jp;
root /var/www/www.example.jp/htdocs/public;
access_log /var/log/nginx/www.example.jp/ssl_access.log ltsv;
error_log /var/log/nginx/www.example.jp/ssl_error.log;
ssl_certificate /etc/letsencrypt/live/example.jp/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.jp/privkey.pem;
ssl_dhparam cert.d/www.example.jp/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE+RSAGCM:ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!aNULL!eNull:!EXPORT:!DES:!3DES:!MD5:!DSS;
#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;';
add_header Strict-Transport-Security 'max-age=31536000;';
location / {
try_files $uri/index.html $uri.html $uri @unicorn;
}
location @unicorn {
proxy_set_header Host $http_host;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://www.example.jp.7701;
}
}
server {
listen 80;
server_name wp.example.jp;
root /var/www/wp.example.jp/htdocs;
access_log /var/log/nginx/wp.example.jp/access.log main;
error_log /var/log/nginx/wp.example.jp/error.log;
proxy_set_header Host $http_host;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
# 参考)https://worklog.be/archives/3222
# http://anopara.matrix.jp/2014/10/01/10-min-nginx-wordpress/
# https://yamaken.jp/2014/05/09/88/
location ~* /wp-config.php {
deny all;
}
index index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
##fastcgi_no_cache $do_not_cache;
##fastcgi_cache_bypass $do_not_cache;
##fastcgi_cache_key $is_mobile$scheme://$host$request_uri;
#fastcgi_cache_valid 200 2h;
#fastcgi_cache_valid 301 302 1h;
#fastcgi_cache_valid 404 1m;
#fastcgi_cache_valid 500 1s;
#fastcgi_cache_valid any 5m;
fastcgi_param PHP_VALUE "max_execution_time=300
memory_limit=128M
post_max_size=16M
upload_max_filesize=2M
max_input_time=300
always_populate_raw_post_data=-1
date.timezone=Asia/Tokyo";
}
}
$ sudo apt-get install ntp
$ sudo vi /etc/ntp.conf
##server 0.ubuntu.pool.ntp.org
#server 1.ubuntu.pool.ntp.org
#server 2.ubuntu.pool.ntp.org
#server 3.ubuntu.pool.ntp.org
#server ubuntu.pool.ntp.org
server ntp1.jst.mfeed.ad.jp
server ntp2.jst.mfeed.ad.jp
server ntp3.jst.mfeed.ad.jp
$ sudo service ntp restart
$ ntpq -p
Ubuntu 14.04 LTS でのサーバ設定方法