CentOS使いが、ubuntuでつまずくところを中心にメモする。
1.shellへのProxy設定(必要な環境のみ)
$ vi ~/.bashrc
export https_proxy="http://username:password@your.proxy.address:proxy.port/"
export http_proxy="http://username:password@your.proxy.address:proxy.port/"
export ftp_proxy="http://username:password@your.proxy.address:proxy.port/"2.ネットワークの調査
[18.04] DHCPを自動認識しない場合、
sudo netplan –debug generate <= 確認して、デバイスを見つける
「オリジナル」
$ cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets: {}
version: 2
「変更後」
$ cat /etc/netplan/00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
enp2s0f0: <= デバイス
dhcp4: true
version: 2
------------------------------
「設定反映には」
$ sudo neplan apply
------------------------------
「動作確認」
ip addr
(何か、IP7アドレスが出てきている)
3.ssh サーバー起動設定
インストール時に入れ忘れた時、
sudo apt-get install openssh-server
sudo systemctl start ssh
sudo systemctl enable ssh
4.無線LAN設定
設定ファイルは/etc/netplan/50-cloud-init.yamlというファイル (他にも色々あるらしい)
network:
version: 2
wifis:
wlan0:
access-points:
<SSIDをここに入力>:
password: <パスフレーズを入力>
dhcp4: true---------------------
(設定の反映)
sudo netplan apply
Ubutu GUI 有効/無効
無効化
sudo systemctl set-default multi-user.target
有効化
sudo systemctl set-default graphical.target
Desktop版をサスペンドしないようにする
Desktop版をサーバー用途に使うとき、(まずいないか?)
「/etc/systemd/logind.conf」の「HandleLidSwitch」を「ignore」に設定
sudo systemctl restart systemd-logind
ftpサーバーの設定
今更、FTPですが、母艦とのデータやりとりに利用します。
パッシブモードとかになって、最近面倒(基本、必要なときのみ)
$sudo apt -y install vsftpd
$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.org
$ sudo vi /etc/vsftpd.conf
listen=YES
listen_ipv6=NO
(Uploadするときに必要)
write_enable=YES
# ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
(ディレクトリごと一括での転送有効)
ls_recurse_enable=YES
(passiveモード時に指定する&Firewallも解除)
pasv_min_port=65000
pasv_max_port=65535
------
$ sudo echo tatsuo > /etc/vsftpd.chroot_list
$ sudo systemctl start vsftpd
$ ftp {IPアドレス} で確認する。
Webサーバーを立ち上げる
ステップ1— Apacheのインストール
$sudo apt update$ wget http://localhost/
$ sudo apt install apache2
$ sudo systemctl start apache2.service
(動作確認)
--2021-05-24 14:15:30-- http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... connected.
HTTP request sent, awaiting response... 302 FOUND
Location: http://localhost/login?next=http%3A%2F%2Flocalhost%2F [following]
--2021-05-24 14:15:30-- http://localhost/login?next=http%3A%2F%2Flocalhost%2F
Reusing existing connection to [localhost]:80.
HTTP request sent, awaiting response... 200 OK
Length: 1827 (1.8K) [text/html]
Saving to: ‘index.html’
index.html 100%[=================================================>] 1.78K --.-KB/s in 0s
2021-05-24 14:15:30 (18.6 MB/s) - ‘index.html’ saved [1827/1827]
設定情報
/etc/apache2: Apache設定ディレクトリ。すべてのApache設定ファイルがここにあります。/etc/apache2/apache2.conf:メインApache設定ファイル。これを変更して、Apacheのグローバル設定を変更できます。このファイルは、他の多くのファイルを設定ディレクトリにロードします。/etc/apache2/ports.conf: このファイルは、Apacheがリッスンするポートを指定します。デフォルトでは、Apacheはポート80をリッスンし、SSL機能を提供するモジュールが有効であれば、ポート443もリッスンします。/etc/apache2/sites-available/: サイト内の仮想ホストが保存できるディレクトリ。Apacheは、sites-enabledディレクトリにリンクされない限り、このディレクトリにある設定ファイルを使用しません。通常、すべてのサーバーブロック設定はこのディレクトリで行われ、他のディレクトリにa2ensiteコマンドでリンクすることで有効になります。/etc/apache2/site-abled/: 有効化されたサイト内の仮想ホストが保存されているディレクトリ。 通常、これらはsites-availableディレクトリにある設定ファイルにa2ensiteをリンクすることで作成されます。 Apacheは、このディレクトリの設定ファイルとリンクを読み込み、完全な設定をコンパイルするために起動またはリロードします。/etc/apache2/conf-abvailable/、/etc/apache2/conf-enabled/: これらのディレクトリは、sites-availableディレクトリ、sites-enabledディレクトリと同様のリレーションシップを持っていますが、仮想ホストに属さない設定ファイル類の保存に使用します。conf-availableディレクトリ内のファイルは、a2enconfコマンドで有効に、a2disconfコマンドで無効にできます。/etc/apache2/mods-ableted/、/etc/apache2/mods-ableted/:これらのディレクトリにはそれぞれ、使用可能なモジュール、有効になったモジュールが含まれます。拡張子が.loadのファイルには特定のモジュールをロードするフラグメントが、拡張子が.confのファイルにはそれらのモジュールの設定が含まれます。モジュールは、a2enmod/a2dismodコマンドを使用して、有効/無効にできます。
仮想ホストを設定する ※https化するときに利用する
$ sudo mkdir /var/www/apps.aitake.net
$ sudo chown -R root:root /var/www/apps.aitake.net/
$ sudo chmod -R 755 /var/www/apps.aitake.net/
$ sudo vi /var/www/apps.aitake.net/index.html
<html>
<head><title>Welcome to apps.aitake.net!</title> </head>
<body> <h1>Success! The apps.aitake.net virtual host is working!</h1> </body>
</html>$ sudo vi /etc/apache2/sites-available/apps.aitake.net.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName apps.aitake.net
ServerAlias apps.aitake.net
DocumentRoot /var/www/apps.aitake.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
$ sudo a2ensite apps.aitake.net.conf
$ sudo a2dissite 000-default.conf
AH00558エラー対応
$ sudo vi /etc/apache2/conf-available/fqdn.conf
ServerName apps.aitake.net
$ sudo a2enconf fqdn
$ sudo apache2ctl configtest
Syntax OK
$ sudo systemctl start apache2
lets encript をインストール
sudo apt install certbot python3-certbot-apache登録作業 ※事前にDNS設定が必要で、終わったあとに実行すること
$ sudo certbot –apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): koumokuten@aitake.net
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(A)gree/(C)ancel: A
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y
Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: apps.aitake.net
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for apps.aitake.net
Enabled Apache rewrite module
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/apps.aitake.net-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/apps.aitake.net-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/apps.aitake.net-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 1
Future versions of Certbot will automatically configure the webserver so that all requests redirect to secure HTTPS access. You can control this behavior and disable this warning with the –redirect and –no-redirect flags.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://apps.aitake.net
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=apps.aitake.net
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/apps.aitake.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/apps.aitake.net/privkey.pem
Your cert will expire on 2022-07-29. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew *all* of
your certificates, run “certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): Email@*****
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: apps.aitake.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):
Requesting a certificate for apps.aitake.net
Performing the following challenges:
http-01 challenge for apps.aitake.net
Waiting for verification...
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/apps.aitake.net-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/apps.aitake.net-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/apps.aitake.net-le-ssl.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://apps.aitake.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Subscribe to the EFF mailing list (email: koumokuten@aitake.net).
We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/apps.aitake.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/apps.aitake.net/privkey.pem
Your certificate will expire on 2021-08-22. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again with the "certonly" option. To non-interactively
renew *all* of your certificates, run "certbot renew"
- Some rewrite rules copied from
/etc/apache2/sites-enabled/apps.aitake.net.conf were disabled in
the vhost for your HTTPS site located at
/etc/apache2/sites-available/apps.aitake.net-le-ssl.conf because
they have the potential to create redirection loops.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
証明書の自動更新の設定
/etc/cron.d/letsencript
# Let's encript の自動更新
# 【注意】
# cronの設定でPATHを指定しないと、
# 「HookCommandNotFound: Unable to find post-hook command service in the PATH」
# というエラーになる場合があるので注意です。
# 実行前に、httpsを起動しているサーバーは停止する必要がある 2019/01/19
#
PATH=/sbin:/bin:/usr/bin
50 3 * * 0 root certbot renew --pre-hook "service apache2 stop" --post-hook "service apache2 start"
一応、mod_rewrite を有効(不要かも)
$ sudo a2enmod rewrite
Dockerの8080ポートをトップページにする
ProxyPass を有効にする
$ sudo a2enmod proxy_http
Considering dependency proxy for proxy_http:
Enabling module proxy.
Enabling module proxy_http.
To activate the new configuration, you need to run:
systemctl restart apache2
$ sudo vi /etc/apache2/sites-available/proxypass.conf
<Location / >
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080/
</Location>
$ sudo ln -s /etc/apache2/sites-available/proxypass.conf /etc/apache2/sites-enabled/
$ sudo systemctl restart apache2
Swapを利用する ※あくまでも、試験用やオレオレサーバー用
メモリ節約のため、今更ながらswapを使って、メモリを増やします。
ディスクは、SSH必須かと思います。
$ sudo dd if=/dev/zero of=/swapfile bs=1M count=4096
$ sudo mkswap /swapfile
mkswap: /swapfile: insecure permissions 0644, 0600 suggested.
Setting up swapspace version 1, size = 4 GiB (4294963200 bytes)
no label, UUID=033e20bc-6b98-4cd3-b5df-6c981ef01d57
$ sudo chmod 600 /swapfile
$ swapon /swapfile
$ free
total used free shared buff/cache available
Mem: 1002104 143992 70632 780 787480 695436
Swap: 4194300 0 4194300
永続的に利用するように、/etc/fstab に追記する
-------------------------------------
/swapfile swap swap defaults 0 0