初めに
- 今回使用するGCPのサービスは、「GCE」、「Cloud DNS」、「VPCネットワークの静的IP」、「ファイアウォール」となります。
- インスタンスはAlwaysFreeを想定しています(が、DNSや静的IPなど、完全無料とはならない場合があります)
構成
- ディストリビューションセットアップ編
- Webアプリ環境セットアップ編
- アプリインストール編
手順
インスタンスセットアップ編
GCEインスタンスの作成
- 作成前にまずプロジェクトを作成します
プロジェクトの作成
- プロジェクト作成直後はインスタンスが作成できないため、少々待ちましょう
- 数分後には作成できる様になります
請求情報の設定
既存のプロジェクトがある場合、その設定から引き継ぐことができます。
また、AlwaysFreeの対象としたい場合、請求情報が必要となります。
インスタンスの作成
- 作成ボタンを押下し作成画面で設定します
デフォルトでは10GBとなっているため、AlwaysFree枠の30GBに設定しておきます
ポートの80,443を開放し、HTTPアクセスを許可します
- デフォルトのインスタンスはネットワークインターフェースの内部・外部IP共にエフェメラルの状態です
- エフェメラルのままにしておくと、インスタンスが立ち上がるたびに違うIPアドレスとなり、DNSレコードの再設定が必要になるなど面倒なため、固定IPを取得します
作成が完了しました
| 項目 | 設定値 | 備考 |
|---|---|---|
| 名前 | web-app-1 | - |
| ラベル | - | - |
| リージョン | us-west1(オレゴン) | - |
| ゾーン | us-west1-b | オレゴンを選択した際の初期値 |
| マシンファミリー | 汎用 | - |
| シリーズ | N1 | - |
| マシンタイプ | f1-micro (1 vCPU、614MB メモリ) | AlwaysFree対象 |
| ブートディスク | Debian GNU/Linux 9 (stretch) 標準の永続ディスク 30GB |
Debian GNU/Linux 10 (buster) 10GBが初期値となっているので、どちらでも良い |
| サービスアカウント | Compute Engine default service account | 初期値 |
| アクセススコープ | デフォルトのアクセス権を許可 | 初期値 |
| ファイアウォール | HTTPトラフィックを許可する HTTPSトラフィックを許可する |
webアプリ用のインスタンスのため、許可しておく(ファイアウォール設定も含まれるため) |
| 管理 | 削除からの保護の有効化 | 他初期値 |
| セキュリティ | セキュアブートをオンにする vTPMをオンにする 整合性モニタリングを有効にする |
SSH認証鍵については後ほど追加します |
| ディスク | - | 初期値 |
| ネットワーキング | 外部IP:作成 | 他初期値 |
| 単一テナンシー | - | 初期値 |
ディストリビューションセットアップ編
SSH接続ポートを変更
- well-knownポートの22番へのポートスキャンがある事やブルートフォースへの脆弱性にもなることから、ポートを変更します
ファイアウォールルールを作成 (allow)
VMインスタンスの画面下部のファイアウォールルールの設定を押下します
以下の内容で設定します
| 項目 | 設定値 | 備考 |
|---|---|---|
| 名前 | custom-allow-ssh | - |
| 説明 | 具体的に何のルールかを記載する | - |
| ログ | オフ | Stackdriverコストが増える可能性がある為、オフ |
| ネットワーク | default | - |
| 優先度 | 1000 | インスタンス作成時に設定されたルールの優先度よりも低い数値を指定する |
| トラフィックの方向 | 上り | 上り:受信トラフィック、下り:送信トラフィック |
| 一致したときのアクション | 許可 | - |
| ターゲット | allow%port_number%-ssh | - |
| ソースフィルタ | IP範囲 | - |
| ソースIPの範囲 | 0.0.0.0/0 | 全て対象 |
| 2番目のソースフィルタ | なし | - |
| プロトコルとポート | 指定したプロトコルとポート tcp:%port_number% |
- |
ターゲットタグはallowかdisallowかを接頭辞に指定した上、ポートとプロトコルを指定しています
Cloud Shellアクセス
Terminal
Connected, host fingerprint: ssh-rsa 0 DB:*****
Linux web-app-1 4.9.0-12-amd64 #1 SMP Debian 4.9.210-1+deb9u1 (2020-06-07) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
sshd_configのポート番号を変更する
Terminal
administrator@web-app-1:~$ sudo su -
root@web-app-1:~# grep Port /etc/ssh/sshd_config
# Port 22
# GatewayPorts no
root@web-app-1:~# vi /etc/ssh/sshd_config
Port %port_number%
root@web-app-1:~# grep Port /etc/ssh/sshd_config
# Port 22
Port %port_number%
# GatewayPorts no
root@web-app-1:~# systemctl restart sshd
ファイアウォールルールを作成 (disallow)
| 項目 | 設定値 | 備考 |
|---|---|---|
| 名前 | custom-disallow-ssh | - |
| 説明 | 具体的に何のルールかを記載する | - |
| ログ | オフ | Stackdriverコストが増える可能性がある為、オフ |
| ネットワーク | default | - |
| 優先度 | 1000 | インスタンス作成時に設定されたルールの優先度よりも低い数値を指定する |
| トラフィックの方向 | 上り | 上り:受信トラフィック、下り:送信トラフィック |
| 一致したときのアクション | 拒否 | - |
| ターゲット | disallow22-ssh | - |
| ソースフィルタ | IP範囲 | - |
| ソースIPの範囲 | 0.0.0.0/0 | 全て対象 |
| 2番目のソースフィルタ | なし | - |
| プロトコルとポート | 指定したプロトコルとポート tcp:22 |
- |
ターゲットタグはallowかdisallowかを接頭辞に指定した上、ポートとプロトコルを指定しています
公開鍵認証設定
- インスタンス作成後、Cloud Shellでインスタンスにアクセスできますが、それだと管理コンソールからのアクセスで面倒なので公開鍵認証を設定して、ローカルマシンからアクセスできる様にします
公開鍵生成
Terminal
$ ssh-keygen -t rsa -f ~/.ssh/gcp_key
$ chmod 400 ~/.ssh/gcp_key
$ cat ~/.ssh/gcp_key.pub
VMインスタンスのSSH鍵認証設定
sshアクセスを試行する
Terminal
$ ssh %user%@%static_ip% -p %port_number% -i ~/.ssh/gcp_key
Rootログインの無効化
- 最新のインスタンスでは初期値がnoになっています
Terminal
root@web-app-1:~$ grep -E "PermitRootLogin|PasswordAuthentication|ChallengeResponseAuthentication" /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
パスワード認証の無効化
- 最新のインスタンスでは初期値がnoになっています
Terminal
root@web-app-1:~$ grep -E "PermitRootLogin|PasswordAuthentication|ChallengeResponseAuthentication" /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
SSHのプロトコルバージョンを変更
認証の試行回数を指定
Terminal
root@web-app-1:~# grep -E "Protocol|MaxAuthTries" /etc/ssh/sshd_config
Protocol 1
# MaxAuthTries 6
root@web-app-1:~# vi /etc/ssh/sshd_config
root@web-app-1:~# grep -E "Protocol|MaxAuthTries" /etc/ssh/sshd_config
Protocol 2
# MaxAuthTries 6
MaxAuthTries 5
root@web-app-1:~# systemctl restart sshd
22番ポートを拒否する
VMインスタンスのネットワークタグにターゲットで指定した名称(タグ)を指定します
Webアプリ環境セットアップ編
Nginxの設定
パッケージマネージャのパッケージ一覧を最新化
Terminal
root@web-app-1:~# apt update
Get:1 http://security.debian.org stretch/updates InRelease [53.0 kB]
Ign:2 http://deb.debian.org/debian stretch InRelease
Get:3 http://deb.debian.org/debian stretch-updates InRelease [93.6 kB]
Get:4 http://deb.debian.org/debian stretch-backports InRelease [91.8 kB]
Get:5 http://deb.debian.org/debian stretch Release [118 kB]
Get:6 http://deb.debian.org/debian stretch Release.gpg [2,410 B]
Get:7 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease [6,389 B]
Get:8 http://security.debian.org stretch/updates/main Sources [219 kB]
Get:9 http://security.debian.org stretch/updates/main amd64 Packages [534 kB]
Get:10 http://packages.cloud.google.com/apt google-compute-engine-stretch-stable InRelease [3,843 B]
Get:11 http://security.debian.org stretch/updates/main Translation-en [235 kB]
Get:12 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-stretch InRelease [3,876 B]
Get:13 http://deb.debian.org/debian stretch-updates/main Sources.diff/Index [14.5 kB]
Get:14 http://deb.debian.org/debian stretch-updates/main amd64 Packages.diff/Index [14.5 kB]
Get:15 http://deb.debian.org/debian stretch-updates/main Translation-en.diff/Index [8,116 B]
Get:16 http://deb.debian.org/debian stretch-updates/main Sources 2020-07-16-2008.14.pdiff [28 B]
Get:17 http://deb.debian.org/debian stretch-updates/main amd64 Packages 2020-07-16-2008.14.pdiff [30 B]
Get:16 http://deb.debian.org/debian stretch-updates/main Sources 2020-07-16-2008.14.pdiff [28 B]
Get:17 http://deb.debian.org/debian stretch-updates/main amd64 Packages 2020-07-16-2008.14.pdiff [30 B]
Get:18 http://deb.debian.org/debian stretch-updates/main Translation-en 2020-07-16-2008.14.pdiff [30 B]
Get:18 http://deb.debian.org/debian stretch-updates/main Translation-en 2020-07-16-2008.14.pdiff [30 B]
Get:19 http://deb.debian.org/debian stretch/main Sources [6,736 kB]
Get:20 http://deb.debian.org/debian stretch/main amd64 Packages [7,080 kB]
Get:21 http://deb.debian.org/debian stretch/main Translation-en [5,377 kB]
Fetched 20.6 MB in 4s (4,886 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
9 packages can be upgraded. Run 'apt list --upgradable' to see them.
Nginxのインストール
Terminal
root@web-app-1:~# apt install nginx
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
fontconfig-config fonts-dejavu-core geoip-database libfontconfig1 libgd3 libgeoip1 libicu57 libjbig0
libjpeg62-turbo libnginx-mod-http-auth-pam libnginx-mod-http-dav-ext libnginx-mod-http-echo
libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-subs-filter
libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libtiff5
libwebp6 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxml2 libxpm4 libxslt1.1 nginx-common nginx-full
user www-data;
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
# }
バージョン情報の秘匿化
Terminal
root@web-app-1:~# grep server_tokens /etc/nginx/nginx.conf
# server_tokens off;
root@web-app-1:~# vi /etc/nginx/nginx.conf
root@web-app-1:~# grep server_tokens /etc/nginx/nginx.conf
server_tokens off;
リバースプロキシ設定
Terminal
root@web-app-1:~# grep -E "listen|server_name|location" /etc/nginx/sites-enabled/default
listen 80 default_server;
listen [::]:80 default_server;
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
server_name _;
# This file will automatically load configuration files provided by other
location / {
#location ~ \.php$ {
#location ~ /\.ht {
# listen 80;
# listen [::]:80;
# server_name example.com;
# location / {
root@web-app-1:~# vi /etc/nginx/sites-enabled/default
root@web-app-1:~# grep -E "listen|server_name|location|proxy_pass" /etc/nginx/sites-enabled/default
listen 80 default_server;
listen [::]:80 default_server;
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
# server_name _;
server_name %domain_name%;
location / {
proxy_pass http://0.0.0.0:3000;
#location ~ \.php$ {
#location ~ /\.ht {
# listen 80;
# listen [::]:80;
# server_name example.com;
# location / {
root@web-app-1:~# systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) (Result: exit-code) since Sat 2020-07-18 20:48:07 UTC; 12min ago
Docs: man:nginx(8)
Process: 2294 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=
1/FAILURE)
Process: 2272 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 2270 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 2274 (nginx)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/nginx.service
├─2274 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─2275 nginx: worker process
Jul 18 20:57:54 web-app-1 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jul 18 20:57:54 web-app-1 systemd[1]: Reload failed for A high performance web server and a reverse proxy s
erver.
root@web-app-1:~# systemctl reload nginx
root@web-app-1:~# systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) (Result: exit-code) since Sat 2020-07-18 20:48:07 UTC; 12min ago
Docs: man:nginx(8)
Process: 2307 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=0/SUCCES
S)
Process: 2272 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 2270 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 2274 (nginx)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/nginx.service
├─2274 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─2308 nginx: worker process
Jul 18 20:57:54 web-app-1 systemd[1]: nginx.service: Control process exited, code=exited status=1
Jul 18 20:57:54 web-app-1 systemd[1]: Reload failed for A high performance web server and a reverse proxy s
erver.
Jul 18 21:00:55 web-app-1 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Jul 18 21:00:55 web-app-1 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
起動しない場合 (nginx.service failedとなる場合)
Terminal
root@web-app-1:~# systemctl reload nginx
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xe" for details.
root@web-app-1:~# systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) (Result: exit-code) since Sat 2020-07-18 20:48:07 UTC; 10min ago
Docs: man:nginx(8)
Process: 2294 ExecReload=/usr/sbin/nginx -g daemon on; master_process on; -s reload (code=exited, status=
1/FAILURE)
Process: 2272 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 2270 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 2274 (nginx)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/nginx.service
├─2274 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─2275 nginx: worker process
Jul 18 20:57:54 web-app-1 nginx[2294]: nginx: [emerg] directive "server_name" is not terminated by ";" in /etc/ngin
x/sites-enabled/default:50
上記の様にstatusコマンドで確認するとエラーログが表示されます
Terminal
root@web-app-1:~# grep error_log /etc/nginx/nginx.conf
error_log /var/log/nginx/error.log;
root@web-app-1:~# tail -f /var/log/nginx/error.log
2020/07/18 20:57:54 [emerg] 2294#2294: directive "server_name" is not terminated by ";" in /etc/nginx/sites-enabled/default:50
^C
また、error_logの出力先にも同様のログが出力されますので、内容を確認しましょう
上記の場合は、文法エラー(EOL未指定)であることがわかります
Terminal
root@web-app-1:~# grep -E "listen|server_name|location" /etc/nginx/sites-enabled/default
listen 80 default_server;
listen [::]:80 default_server;
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
# server_name _;
server_name %domain_name% # この場合、ここに;が指定されていませんでした
location / {
#location ~ \.php$ {
#location ~ /\.ht {
# listen 80;
# listen [::]:80;
# server_name example.com;
# location / {
root@web-app-1:~# vi /etc/nginx/sites-enabled/default
SSLの設定
Debian backports リポジトリの有効化
Terminal
root@web-app-1:~# cd /etc/apt/
root@web-app-1:/etc/apt# grep "ftp.debian.org" sources.list
root@web-app-1:/etc/apt# vi sources.list
root@web-app-1:/etc/apt# apt -y update
Ign:1 http://deb.debian.org/debian stretch InRelease
Get:2 http://security.debian.org stretch/updates InRelease [53.0 kB]
Get:3 http://deb.debian.org/debian stretch-updates InRelease [93.6 kB]
Get:4 http://deb.debian.org/debian stretch-backports InRelease [91.8 kB]
Hit:5 http://deb.debian.org/debian stretch Release
Hit:6 http://packages.cloud.google.com/apt cloud-sdk-stretch InRelease
Get:7 http://packages.cloud.google.com/apt google-compute-engine-stretch-stable InRelease [3,843 B]
Hit:8 http://packages.cloud.google.com/apt google-cloud-packages-archive-keyring-stretch InRelease
Get:9 http://ftp.debian.org/debian stretch-backports InRelease [91.8 kB]
Get:11 http://ftp.debian.org/debian stretch-backports/main amd64 Packages [613 kB]
Get:12 http://ftp.debian.org/debian stretch-backports/main Translation-en [469 kB]
Fetched 1,416 kB in 1s (807 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
Certbotインストール
Terminal
root@web-app-1:/etc/apt# apt -y -t stretch-backports install certbot
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
python-pyicu python3-acme python3-asn1crypto python3-certbot python3-certifi python3-cffi-backend python3-chardet python3-configargparse python3-configobj python3-cryptography
python3-future python3-idna python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-pkg-resources python3-requests python3-requests-toolbelt
python3-rfc3339 python3-setuptools python3-six python3-tz python3-urllib3 python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface
Suggested packages:
python3-certbot-apache python3-certbot-nginx python-certbot-doc python-acme-doc python-configobj-doc python-cryptography-doc python3-cryptography-vectors python-future-doc
python-mock-doc python-openssl-doc python3-openssl-dbg python3-socks python-setuptools-doc
The following NEW packages will be installed:
certbot python-pyicu python3-acme python3-asn1crypto python3-certbot python3-certifi python3-cffi-backend python3-chardet python3-configargparse python3-configobj
python3-cryptography python3-future python3-idna python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-pkg-resources python3-requests
python3-requests-toolbelt python3-rfc3339 python3-setuptools python3-six python3-tz python3-urllib3 python3-zope.component python3-zope.event python3-zope.hookable
python3-zope.interface
0 upgraded, 30 newly installed, 0 to remove and 87 not upgraded.
Need to get 2,527 kB of archives.
After this operation, 12.6 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian stretch/main amd64 python3-cffi-backend amd64 1.9.1-2 [70.1 kB]
Get:2 http://deb.debian.org/debian stretch/main amd64 python3-six all 1.10.0-3 [14.4 kB]
Get:3 http://deb.debian.org/debian stretch/main amd64 python3-openssl all 16.2.0-1 [43.8 kB]
Get:4 http://deb.debian.org/debian stretch/main amd64 python3-pkg-resources all 33.1.1-1 [137 kB]
Get:5 http://deb.debian.org/debian stretch/main amd64 python3-setuptools all 33.1.1-1 [215 kB]
Get:6 http://deb.debian.org/debian stretch/main amd64 python3-mock all 2.0.0-3 [59.9 kB]
Get:7 http://deb.debian.org/debian stretch/main amd64 python3-certifi all 2016.2.28-1 [172 kB]
Get:8 http://deb.debian.org/debian stretch/main amd64 python3-requests-toolbelt all 0.7.0-1 [36.7 kB]
Get:9 http://deb.debian.org/debian stretch/main amd64 python3-tz all 2016.7-0.3 [27.1 kB]
Get:10 http://deb.debian.org/debian stretch/main amd64 python3-rfc3339 all 1.0-4 [6,282 B]
Get:11 http://deb.debian.org/debian stretch/main amd64 python3-configargparse all 0.11.0-1 [22.3 kB]
Get:12 http://deb.debian.org/debian stretch/main amd64 python3-configobj all 5.0.6-2 [35.2 kB]
Get:13 http://deb.debian.org/debian stretch/main amd64 python3-future all 0.15.2-4 [346 kB]
Get:14 http://deb.debian.org/debian stretch/main amd64 python3-zope.hookable amd64 4.0.4-4+b2 [10.3 kB]
Get:15 http://deb.debian.org/debian stretch/main amd64 python3-zope.interface amd64 4.3.2-1 [89.8 kB]
Get:16 http://deb.debian.org/debian stretch/main amd64 python3-zope.event all 4.2.0-1 [8,412 B]
Get:17 http://deb.debian.org/debian stretch/main amd64 python3-zope.component all 4.3.0-1 [43.0 kB]
Get:18 http://deb.debian.org/debian stretch/main amd64 python-pyicu amd64 1.9.5-1 [188 kB]
Get:19 http://ftp.debian.org/debian stretch-backports/main amd64 python3-asn1crypto all 0.24.0-1~bpo9+1 [78.2 kB]
Get:20 http://ftp.debian.org/debian stretch-backports/main amd64 python3-idna all 2.6-1~bpo9+1 [34.3 kB]
Get:21 http://ftp.debian.org/debian stretch-backports/main amd64 python3-cryptography amd64 2.3-1~bpo9+1 [214 kB]
Get:22 http://ftp.debian.org/debian stretch-backports/main amd64 python3-josepy all 1.1.0-2~bpo9+1 [27.8 kB]
Get:23 http://ftp.debian.org/debian stretch-backports/main amd64 python3-pbr all 4.2.0-4~bpo9+2 [56.4 kB]
Get:24 http://ftp.debian.org/debian stretch-backports/main amd64 python3-chardet all 3.0.4-1~bpo9+1 [80.4 kB]
Get:25 http://ftp.debian.org/debian stretch-backports/main amd64 python3-urllib3 all 1.24.1-1~bpo9+1 [97.1 kB]
Get:26 http://ftp.debian.org/debian stretch-backports/main amd64 python3-requests all 2.21.0-1~bpo9+1 [66.9 kB]
Get:27 http://ftp.debian.org/debian stretch-backports/main amd64 python3-acme all 0.28.0-1~bpo9+1 [47.8 kB]
Get:28 http://ftp.debian.org/debian stretch-backports/main amd64 python3-parsedatetime all 2.4-2~bpo9+1 [39.8 kB]
Get:29 http://ftp.debian.org/debian stretch-backports/main amd64 python3-certbot all 0.28.0-1~bpo9+1 [222 kB]
Get:30 http://ftp.debian.org/debian stretch-backports/main amd64 certbot all 0.28.0-1~bpo9+1 [37.3 kB]
Fetched 2,527 kB in 1s (1,886 kB/s)
Selecting previously unselected package python3-asn1crypto.
(Reading database ... 71085 files and directories currently installed.)
Preparing to unpack .../00-python3-asn1crypto_0.24.0-1~bpo9+1_all.deb ...
Unpacking python3-asn1crypto (0.24.0-1~bpo9+1) ...
Selecting previously unselected package python3-cffi-backend.
Preparing to unpack .../01-python3-cffi-backend_1.9.1-2_amd64.deb ...
Unpacking python3-cffi-backend (1.9.1-2) ...
Selecting previously unselected package python3-idna.
Preparing to unpack .../02-python3-idna_2.6-1~bpo9+1_all.deb ...
Unpacking python3-idna (2.6-1~bpo9+1) ...
Selecting previously unselected package python3-six.
Preparing to unpack .../03-python3-six_1.10.0-3_all.deb ...
Unpacking python3-six (1.10.0-3) ...
Selecting previously unselected package python3-cryptography.
Preparing to unpack .../04-python3-cryptography_2.3-1~bpo9+1_amd64.deb ...
Unpacking python3-cryptography (2.3-1~bpo9+1) ...
Selecting previously unselected package python3-openssl.
Preparing to unpack .../05-python3-openssl_16.2.0-1_all.deb ...
Unpacking python3-openssl (16.2.0-1) ...
Selecting previously unselected package python3-pkg-resources.
Preparing to unpack .../06-python3-pkg-resources_33.1.1-1_all.deb ...
Unpacking python3-pkg-resources (33.1.1-1) ...
Selecting previously unselected package python3-josepy.
Preparing to unpack .../07-python3-josepy_1.1.0-2~bpo9+1_all.deb ...
Unpacking python3-josepy (1.1.0-2~bpo9+1) ...
Selecting previously unselected package python3-setuptools.
Preparing to unpack .../08-python3-setuptools_33.1.1-1_all.deb ...
Unpacking python3-setuptools (33.1.1-1) ...
Selecting previously unselected package python3-pbr.
Preparing to unpack .../09-python3-pbr_4.2.0-4~bpo9+2_all.deb ...
Unpacking python3-pbr (4.2.0-4~bpo9+2) ...
Selecting previously unselected package python3-mock.
Preparing to unpack .../10-python3-mock_2.0.0-3_all.deb ...
Unpacking python3-mock (2.0.0-3) ...
Selecting previously unselected package python3-certifi.
Preparing to unpack .../11-python3-certifi_2016.2.28-1_all.deb ...
Unpacking python3-certifi (2016.2.28-1) ...
Selecting previously unselected package python3-chardet.
Preparing to unpack .../12-python3-chardet_3.0.4-1~bpo9+1_all.deb ...
Unpacking python3-chardet (3.0.4-1~bpo9+1) ...
Selecting previously unselected package python3-urllib3.
Preparing to unpack .../13-python3-urllib3_1.24.1-1~bpo9+1_all.deb ...
Unpacking python3-urllib3 (1.24.1-1~bpo9+1) ...
Selecting previously unselected package python3-requests.
Preparing to unpack .../14-python3-requests_2.21.0-1~bpo9+1_all.deb ...
Unpacking python3-requests (2.21.0-1~bpo9+1) ...
Selecting previously unselected package python3-requests-toolbelt.
Preparing to unpack .../15-python3-requests-toolbelt_0.7.0-1_all.deb ...
Unpacking python3-requests-toolbelt (0.7.0-1) ...
Selecting previously unselected package python3-tz.
Preparing to unpack .../16-python3-tz_2016.7-0.3_all.deb ...
Unpacking python3-tz (2016.7-0.3) ...
Selecting previously unselected package python3-rfc3339.
Preparing to unpack .../17-python3-rfc3339_1.0-4_all.deb ...
Unpacking python3-rfc3339 (1.0-4) ...
Selecting previously unselected package python3-acme.
Preparing to unpack .../18-python3-acme_0.28.0-1~bpo9+1_all.deb ...
Unpacking python3-acme (0.28.0-1~bpo9+1) ...
Selecting previously unselected package python3-configargparse.
Preparing to unpack .../19-python3-configargparse_0.11.0-1_all.deb ...
Unpacking python3-configargparse (0.11.0-1) ...
Selecting previously unselected package python3-configobj.
Preparing to unpack .../20-python3-configobj_5.0.6-2_all.deb ...
Unpacking python3-configobj (5.0.6-2) ...
Selecting previously unselected package python3-future.
Preparing to unpack .../21-python3-future_0.15.2-4_all.deb ...
Unpacking python3-future (0.15.2-4) ...
Selecting previously unselected package python3-parsedatetime.
Preparing to unpack .../22-python3-parsedatetime_2.4-2~bpo9+1_all.deb ...
Unpacking python3-parsedatetime (2.4-2~bpo9+1) ...
Selecting previously unselected package python3-zope.hookable.
Preparing to unpack .../23-python3-zope.hookable_4.0.4-4+b2_amd64.deb ...
Unpacking python3-zope.hookable (4.0.4-4+b2) ...
Selecting previously unselected package python3-zope.interface.
Preparing to unpack .../24-python3-zope.interface_4.3.2-1_amd64.deb ...
Unpacking python3-zope.interface (4.3.2-1) ...
Selecting previously unselected package python3-zope.event.
Preparing to unpack .../25-python3-zope.event_4.2.0-1_all.deb ...
Unpacking python3-zope.event (4.2.0-1) ...
Selecting previously unselected package python3-zope.component.
Preparing to unpack .../26-python3-zope.component_4.3.0-1_all.deb ...
Unpacking python3-zope.component (4.3.0-1) ...
Selecting previously unselected package python3-certbot.
Preparing to unpack .../27-python3-certbot_0.28.0-1~bpo9+1_all.deb ...
Unpacking python3-certbot (0.28.0-1~bpo9+1) ...
Selecting previously unselected package certbot.
Preparing to unpack .../28-certbot_0.28.0-1~bpo9+1_all.deb ...
Unpacking certbot (0.28.0-1~bpo9+1) ...
Selecting previously unselected package python-pyicu.
Preparing to unpack .../29-python-pyicu_1.9.5-1_amd64.deb ...
Unpacking python-pyicu (1.9.5-1) ...
Setting up python3-cffi-backend (1.9.1-2) ...
Setting up python3-idna (2.6-1~bpo9+1) ...
Setting up python3-six (1.10.0-3) ...
Setting up python3-certifi (2016.2.28-1) ...
Setting up python3-pkg-resources (33.1.1-1) ...
Setting up python3-asn1crypto (0.24.0-1~bpo9+1) ...
Setting up python3-configargparse (0.11.0-1) ...
Setting up python3-zope.hookable (4.0.4-4+b2) ...
Setting up python3-future (0.15.2-4) ...
update-alternatives: using /usr/bin/python3-futurize to provide /usr/bin/futurize (futurize) in auto mode
update-alternatives: using /usr/bin/python3-pasteurize to provide /usr/bin/pasteurize (pasteurize) in auto mode
Setting up python3-chardet (3.0.4-1~bpo9+1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up python3-urllib3 (1.24.1-1~bpo9+1) ...
Setting up python3-configobj (5.0.6-2) ...
Setting up python3-setuptools (33.1.1-1) ...
Setting up python3-tz (2016.7-0.3) ...
Setting up python-pyicu (1.9.5-1) ...
Setting up python3-parsedatetime (2.4-2~bpo9+1) ...
Setting up python3-cryptography (2.3-1~bpo9+1) ...
Setting up python3-pbr (4.2.0-4~bpo9+2) ...
update-alternatives: using /usr/bin/python3-pbr to provide /usr/bin/pbr (pbr) in auto mode
Setting up python3-rfc3339 (1.0-4) ...
Setting up python3-mock (2.0.0-3) ...
Setting up python3-zope.event (4.2.0-1) ...
Setting up python3-zope.interface (4.3.2-1) ...
Setting up python3-requests (2.21.0-1~bpo9+1) ...
Setting up python3-openssl (16.2.0-1) ...
Setting up python3-josepy (1.1.0-2~bpo9+1) ...
Setting up python3-requests-toolbelt (0.7.0-1) ...
Setting up python3-zope.component (4.3.0-1) ...
Setting up python3-acme (0.28.0-1~bpo9+1) ...
Setting up python3-certbot (0.28.0-1~bpo9+1) ...
Setting up certbot (0.28.0-1~bpo9+1) ...
Created symlink /etc/systemd/system/timers.target.wants/certbot.timer → /lib/systemd/system/certbot.timer.
root@web-app-1:/etc/apt#
Webサーバー停止
- Certbot実行前にWebサーバーを停止する必要があるため、Webサーバーを停止します
Terminal
root@web-app-1:/etc/apt# systemctl stop nginx
root@web-app-1:/etc/apt#
- 停止確認
Terminal
root@web-app-1:/etc/apt# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2020-07-19 17:22:33 UTC; 16s ago
Docs: man:nginx(8)
Process: 4126 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 2274 (code=exited, status=0/SUCCESS)
- 何やら落ちているっぽいですが、一旦は無視します
Certbot実行
Terminal
root@web-app-1:/etc/apt# certbot certonly --standalone -d %domain_name%
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): %resitory_mail_address%
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for %domain_name%
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/%domain_name%/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/%domain_name%/privkey.pem
Your cert will expire on 2020-10-17. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
- Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/%domain_name%/fullchain.pem* と表示されれば成功です
httpリクエストのリダイレクト設定
- httpアクセスがあった場合に、httpsにリダイレクトする様にnginxの設定を変更します
Terminal
root@web-app-1:/etc/apt# vi /etc/nginx/sites-enabled/default
root@web-app-1:/etc/apt# vi /etc/nginx/sites-enabled/ssl
/etc/nginx/sites-enabled/default
server {
# Http configuration
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
# server_name _;
# Author root 2020/07/19
server_name %domain_name%;
return 301 https://$host$request_uri; # リダイレクト設定を挟みます
# Comment out Author root 2020/07/19 前回リバースプロキシで設定したhttp環境はコメントアウトします
# location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# Author root 2020/07/19
# proxy_pass http://0.0.0.0:3000;
# }
/etc/nginx/sites-enabled/ssl
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/%domain_name%/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/%domain_name%/privkey.pem;
server_name %domain_name%;
location / {
proxy_pass http://localhost:3000;
}
}
nginxの起動
- restartを使うとinactiveなのにrestartするなと、言われますので、startを使います
- nginx.service is not active, cannot reload.
Terminal
root@web-app-1:/etc/apt# systemctl start nginx
root@web-app-1:/etc/apt# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2020-07-19 17:47:01 UTC; 1s ago
Docs: man:nginx(8)
Process: 4126 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 4174 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 4172 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 4177 (nginx)
Tasks: 2 (limit: 4915)
CGroup: /system.slice/nginx.service
├─4177 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─4178 nginx: worker process
証明書自動更新の設定
/etc/cron.d/certbot
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
Terminal
root@web-app-1:/etc/apt# vi /etc/cron.d/certbot
0 */12 * * * root certbot -q renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
アプリインストール編
Git設定
Gitインストール
Terminal
root@web-app-1:/var/www# apt-get install git-all
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
adwaita-icon-theme at-spi2-core cvs cvsps dbus dconf-gsettings-backend dconf-service emacs emacs24
emacs24-bin-common emacs24-common emacs24-el emacsen-common fontconfig fonts-droid-fallback fonts-noto-mono
gawk gconf-service gconf2-common ghostscript git git-arch git-cvs git-daemon-run git-doc git-el git-email
git-gui git-man git-mediawiki git-svn gitk gitweb glib-networking glib-networking-common
glib-networking-services gnutls-bin gsettings-desktop-schemas gsfonts gtk-update-icon-cache hicolor-icon-theme
imagemagick-6-common less libalgorithm-c3-perl libapr1 libaprutil1 libasound2 libasound2-data
libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libauthen-sasl-perl libavahi-client3
libavahi-common-data libavahi-common3 libb-hooks-endofscope-perl libcairo-gobject2 libcairo2 libcgi-fast-perl
libcgi-pm-perl libclass-c3-perl libclass-c3-xs-perl libclass-data-inheritable-perl libclass-factory-util-perl
libclass-method-modifiers-perl libclass-singleton-perl libcolord2 libcommon-sense-perl libcroco3 libcups2
libcupsfilters1 libcupsimage2 libcurl3-gnutls libdata-optlist-perl libdatetime-format-builder-perl
libdatetime-format-iso8601-perl libdatetime-format-strptime-perl libdatetime-locale-perl libdatetime-perl
libdatetime-timezone-perl libdatrie1 libdbd-sqlite3-perl libdbi-perl libdbus-1-3 libdbus-glib-1-2 libdconf1
libdevel-caller-perl libdevel-lexalias-perl libdevel-stacktrace-perl libdigest-hmac-perl libdrm-amdgpu1
libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdrm2 libegl1-mesa libemail-valid-perl libencode-locale-perl
libepoxy0 liberror-perl libeval-closure-perl libexception-class-perl libfcgi-perl libfftw3-double3
libfile-listing-perl libfont-afm-perl libfontenc1 libfribidi0 libgbm1 libgconf-2-4 libgdk-pixbuf2.0-0
libgdk-pixbuf2.0-common libgif7 libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libglib2.0-0 libglib2.0-data
libgnutls-dane0 libgnutls30 libgomp1 libgraphite2-3 libgs9 libgs9-common libgtk-3-0 libgtk-3-bin
libgtk-3-common libharfbuzz0b libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl
libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl
libhttp-negotiate-perl libice6 libijs-0.35 libio-html-perl libio-socket-inet6-perl libio-socket-ssl-perl
libjbig2dec0 libjson-glib-1.0-0 libjson-glib-1.0-common libjson-perl libjson-xs-perl liblcms2-2 libllvm3.9
liblockfile-bin liblockfile1 liblqr-1-0 libltdl7 liblwp-mediatypes-perl liblwp-protocol-https-perl libm17n-0
libmagickcore-6.q16-3 libmagickwand-6.q16-3 libmailtools-perl libmediawiki-api-perl
libmodule-implementation-perl libmodule-runtime-perl libmpfr4 libmro-compat-perl libnamespace-autoclean-perl
libnamespace-clean-perl libnet-dns-perl libnet-domain-tld-perl libnet-http-perl libnet-ip-perl
libnet-smtp-ssl-perl libnet-ssleay-perl libopenjp2-7 libotf0 libpackage-deprecationmanager-perl
libpackage-stash-perl libpackage-stash-xs-perl libpadwalker-perl libpango-1.0-0 libpangocairo-1.0-0
libpangoft2-1.0-0 libpaper-utils libpaper1 libparams-classify-perl libparams-util-perl libparams-validate-perl
libparams-validationcompiler-perl libpciaccess0 libperl5.24 libpixman-1-0 libproxy1v5 librest-0.7-0
librole-tiny-perl librsvg2-2 librsvg2-common libscalar-list-utils-perl libsensors4 libserf-1-1 libsigsegv2
libsm6 libsocket6-perl libsoup-gnome2.4-1 libsoup2.4-1 libspecio-perl libsub-exporter-perl
libsub-exporter-progressive-perl libsub-identify-perl libsub-install-perl libsub-name-perl libsvn-perl libsvn1
libtcl8.6 libterm-readkey-perl libtest-fatal-perl libthai-data libthai0 libtimedate-perl libtk8.6
libtry-tiny-perl libtxc-dxtn-s2tc libtypes-serialiser-perl libunbound2 liburi-perl libutempter0
libvariable-magic-perl libwayland-client0 libwayland-cursor0 libwayland-egl1-mesa libwayland-server0
libwww-perl libwww-robotrules-perl libx11-xcb1 libxaw7 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 libxcb-present0
libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0 libxcomposite1 libxcursor1 libxdamage1
libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxkbcommon0 libxmu6 libxmuu1 libxrandr2 libxrender1
libxshmfence1 libxss1 libxt6 libxtst6 libxv1 libxxf86dga1 libxxf86vm1 libyaml-libyaml-perl libyaml-perl m17n-db
patch perl perl-base perl-modules-5.24 perl-openssl-defaults poppler-data rename rsync runit shared-mime-info
tcl tcl8.6 tk tk8.6 tla tla-doc x11-common x11-utils xbitmaps xdg-user-dirs xkb-data xterm
Suggested packages:
mksh rcs default-dbus-session-bus | dbus-session-bus emacs24-common-non-dfsg ncurses-term fonts-noto gawk-doc
ghostscript-x aspell mediawiki subversion libasound2-plugins alsa-utils libgssapi-perl colord cups-common
libclone-perl libmldbm-perl libnet-daemon-perl libsql-statement-perl libfftw3-bin libfftw3-dev dns-root-data
gvfs libdata-dump-perl liblcms2-utils libcrypt-ssleay-perl m17n-docs libmagickcore-6.q16-3-extra
libscalar-number-perl pciutils librsvg2-bin lm-sensors libauthen-ntlm-perl libyaml-shell-perl ed diffutils-doc
perl-doc libterm-readline-gnu-perl | libterm-readline-perl-perl make poppler-utils fonts-japanese-mincho
| fonts-ipafont-mincho fonts-japanese-gothic | fonts-ipafont-gothic fonts-arphic-ukai fonts-arphic-uming
fonts-nanum tcl-tclreadline mesa-utils xfonts-cyrillic
The following NEW packages will be installed:
adwaita-icon-theme at-spi2-core cvs cvsps dbus dconf-gsettings-backend dconf-service emacs emacs24
emacs24-bin-common emacs24-common emacs24-el emacsen-common fontconfig fonts-droid-fallback fonts-noto-mono
gawk gconf-service gconf2-common ghostscript git git-all git-arch git-cvs git-daemon-run git-doc git-el
git-email git-gui git-man git-mediawiki git-svn gitk gitweb glib-networking glib-networking-common
glib-networking-services gnutls-bin gsettings-desktop-schemas gsfonts gtk-update-icon-cache hicolor-icon-theme
imagemagick-6-common less libalgorithm-c3-perl libapr1 libaprutil1 libasound2 libasound2-data
libatk-bridge2.0-0 libatk1.0-0 libatk1.0-data libatspi2.0-0 libauthen-sasl-perl libavahi-client3
libavahi-common-data libavahi-common3 libb-hooks-endofscope-perl libcairo-gobject2 libcairo2 libcgi-fast-perl
libcgi-pm-perl libclass-c3-perl libclass-c3-xs-perl libclass-data-inheritable-perl libclass-factory-util-perl
libclass-method-modifiers-perl libclass-singleton-perl libcolord2 libcommon-sense-perl libcroco3 libcups2
libcupsfilters1 libcupsimage2 libcurl3-gnutls libdata-optlist-perl libdatetime-format-builder-perl
libdatetime-format-iso8601-perl libdatetime-format-strptime-perl libdatetime-locale-perl libdatetime-perl
libdatetime-timezone-perl libdatrie1 libdbd-sqlite3-perl libdbi-perl libdbus-1-3 libdbus-glib-1-2 libdconf1
libdevel-caller-perl libdevel-lexalias-perl libdevel-stacktrace-perl libdigest-hmac-perl libdrm-amdgpu1
libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdrm2 libegl1-mesa libemail-valid-perl libencode-locale-perl
libepoxy0 liberror-perl libeval-closure-perl libexception-class-perl libfcgi-perl libfftw3-double3
libfile-listing-perl libfont-afm-perl libfontenc1 libfribidi0 libgbm1 libgconf-2-4 libgdk-pixbuf2.0-0
libgdk-pixbuf2.0-common libgif7 libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libglib2.0-0 libglib2.0-data
libgnutls-dane0 libgomp1 libgraphite2-3 libgs9 libgs9-common libgtk-3-0 libgtk-3-bin libgtk-3-common
libharfbuzz0b libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl
libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6
libijs-0.35 libio-html-perl libio-socket-inet6-perl libio-socket-ssl-perl libjbig2dec0 libjson-glib-1.0-0
libjson-glib-1.0-common libjson-perl libjson-xs-perl liblcms2-2 libllvm3.9 liblockfile-bin liblockfile1
liblqr-1-0 libltdl7 liblwp-mediatypes-perl liblwp-protocol-https-perl libm17n-0 libmagickcore-6.q16-3
libmagickwand-6.q16-3 libmailtools-perl libmediawiki-api-perl libmodule-implementation-perl
libmodule-runtime-perl libmpfr4 libmro-compat-perl libnamespace-autoclean-perl libnamespace-clean-perl
libnet-dns-perl libnet-domain-tld-perl libnet-http-perl libnet-ip-perl libnet-smtp-ssl-perl libnet-ssleay-perl
libopenjp2-7 libotf0 libpackage-deprecationmanager-perl libpackage-stash-perl libpackage-stash-xs-perl
libpadwalker-perl libpango-1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 libpaper-utils libpaper1
libparams-classify-perl libparams-util-perl libparams-validate-perl libparams-validationcompiler-perl
libpciaccess0 libperl5.24 libpixman-1-0 libproxy1v5 librest-0.7-0 librole-tiny-perl librsvg2-2 librsvg2-common
libscalar-list-utils-perl libsensors4 libserf-1-1 libsigsegv2 libsm6 libsocket6-perl libsoup-gnome2.4-1
libsoup2.4-1 libspecio-perl libsub-exporter-perl libsub-exporter-progressive-perl libsub-identify-perl
libsub-install-perl libsub-name-perl libsvn-perl libsvn1 libtcl8.6 libterm-readkey-perl libtest-fatal-perl
libthai-data libthai0 libtimedate-perl libtk8.6 libtry-tiny-perl libtxc-dxtn-s2tc libtypes-serialiser-perl
libunbound2 liburi-perl libutempter0 libvariable-magic-perl libwayland-client0 libwayland-cursor0
libwayland-egl1-mesa libwayland-server0 libwww-perl libwww-robotrules-perl libx11-xcb1 libxaw7 libxcb-dri2-0
libxcb-dri3-0 libxcb-glx0 libxcb-present0 libxcb-render0 libxcb-shape0 libxcb-shm0 libxcb-sync1 libxcb-xfixes0
libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxft2 libxi6 libxinerama1 libxkbcommon0 libxmu6
libxmuu1 libxrandr2 libxrender1 libxshmfence1 libxss1 libxt6 libxtst6 libxv1 libxxf86dga1 libxxf86vm1
libyaml-libyaml-perl libyaml-perl m17n-db patch perl perl-modules-5.24 perl-openssl-defaults poppler-data
rename rsync runit shared-mime-info tcl tcl8.6 tk tk8.6 tla tla-doc x11-common x11-utils xbitmaps xdg-user-dirs
xkb-data xterm
The following packages will be upgraded:
libgnutls30 perl-base
2 upgraded, 288 newly installed, 0 to remove and 7 not upgraded.
Need to get 149 MB of archives.
After this operation, 627 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://security.debian.org stretch/updates/main amd64 libopenjp2-7 amd64 2.1.2-1.1+deb9u5 [123 kB]
Get:2 http://deb.debian.org/debian stretch/main amd64 perl-base amd64 5.24.1-3+deb9u7 [1,346 kB]
Get:3 http://deb.debian.org/debian stretch/main amd64 liblockfile-bin amd64 1.14-1+b1 [19.1 kB]
Get:4 http://deb.debian.org/debian stretch/main amd64 liblockfile1 amd64 1.14-1+b1 [15.7 kB]
Get:5 http://deb.debian.org/debian stretch/main amd64 perl-modules-5.24 all 5.24.1-3+deb9u7 [2,723 kB]
Get:6 http://deb.debian.org/debian stretch/main amd64 libperl5.24 amd64 5.24.1-3+deb9u7 [3,527 kB]
Get:7 http://deb.debian.org/debian stretch/main amd64 perl amd64 5.24.1-3+deb9u7 [218 kB]
Get:8 http://deb.debian.org/debian stretch/main amd64 fontconfig amd64 2.11.0-6.7+b1 [404 kB]
Get:9 http://deb.debian.org/debian stretch/main amd64 fonts-droid-fallback all 1:6.0.1r16-1.1 [1,807 kB]
Get:10 http://deb.debian.org/debian stretch/main amd64 libmpfr4 amd64 3.1.5-1 [556 kB]
Get:11 http://deb.debian.org/debian stretch/main amd64 libsigsegv2 amd64 2.10-5 [28.9 kB]
Get:12 http://deb.debian.org/debian stretch/main amd64 gawk amd64 1:4.1.4+dfsg-1 [571 kB]
Get:13 http://deb.debian.org/debian stretch/main amd64 libgnutls30 amd64 3.5.8-5+deb9u5 [896 kB]
Get:14 http://deb.debian.org/debian stretch/main amd64 libcurl3-gnutls amd64 7.52.1-5+deb9u10 [290 kB]
Get:15 http://deb.debian.org/debian stretch/main amd64 liberror-perl all 0.17024-1 [26.9 kB]
Get:16 http://deb.debian.org/debian stretch/main amd64 git-man all 1:2.11.0-3+deb9u7 [1,436 kB]
Get:17 http://deb.debian.org/debian stretch/main amd64 git amd64 1:2.11.0-3+deb9u7 [4,170 kB]
Get:18 http://deb.debian.org/debian stretch/main amd64 libglib2.0-0 amd64 2.50.3-2+deb9u2 [2,692 kB]
Get:19 http://deb.debian.org/debian stretch/main amd64 liblqr-1-0 amd64 0.4.2-2+b2 [24.8 kB]
Get:20 http://deb.debian.org/debian stretch/main amd64 libgomp1 amd64 6.3.0-18+deb9u1 [73.3 kB]
Get:21 http://deb.debian.org/debian stretch/main amd64 libfftw3-double3 amd64 3.3.5-3 [731 kB]
Get:22 http://deb.debian.org/debian stretch/main amd64 liblcms2-2 amd64 2.8-4+deb9u1 [143 kB]
Get:23 http://deb.debian.org/debian stretch/main amd64 libltdl7 amd64 2.4.6-2 [389 kB]
Get:24 http://deb.debian.org/debian stretch/main amd64 libxext6 amd64 2:1.3.3-1+b2 [52.5 kB]
Get:25 http://deb.debian.org/debian stretch/main amd64 imagemagick-6-common all 8:6.9.7.4+dfsg-11+deb9u8 [185 kB]
Get:26 http://deb.debian.org/debian stretch/main amd64 libmagickcore-6.q16-3 amd64 8:6.9.7.4+dfsg-11+deb9u8 [1,743 kB]
Get:27 http://deb.debian.org/debian stretch/main amd64 libmagickwand-6.q16-3 amd64 8:6.9.7.4+dfsg-11+deb9u8 [423 kB]
Get:28 http://deb.debian.org/debian stretch/main amd64 x11-common all 1:7.7+19 [251 kB]
Get:29 http://deb.debian.org/debian stretch/main amd64 libxss1 amd64 1:1.2.2-1 [17.5 kB]
Get:30 http://deb.debian.org/debian stretch/main amd64 poppler-data all 0.4.7-8 [1,451 kB]
Get:31 http://deb.debian.org/debian stretch/main amd64 libdbus-1-3 amd64 1.10.32-0+deb9u1 [196 kB]
Get:32 http://deb.debian.org/debian stretch/main amd64 dbus amd64 1.10.32-0+deb9u1 [213 kB]
Get:33 http://deb.debian.org/debian stretch/main amd64 less amd64 481-2.1 [126 kB]
Get:34 http://deb.debian.org/debian stretch/main amd64 hicolor-icon-theme all 0.15-1 [9,550 B]
Get:35 http://deb.debian.org/debian stretch/main amd64 shared-mime-info amd64 1.8-1+deb9u1 [731 kB]
Get:36 http://deb.debian.org/debian stretch/main amd64 libgdk-pixbuf2.0-common all 2.36.5-2+deb9u2 [311 kB]
Get:37 http://deb.debian.org/debian stretch/main amd64 libgdk-pixbuf2.0-0 amd64 2.36.5-2+deb9u2 [170 kB]
Get:38 http://deb.debian.org/debian stretch/main amd64 gtk-update-icon-cache amd64 3.22.11-1 [76.6 kB]
Get:39 http://deb.debian.org/debian stretch/main amd64 libpixman-1-0 amd64 0.34.0-1 [530 kB]
Get:40 http://deb.debian.org/debian stretch/main amd64 libxcb-render0 amd64 1.12-1 [105 kB]
Get:41 http://deb.debian.org/debian stretch/main amd64 libxcb-shm0 amd64 1.12-1 [95.9 kB]
Get:42 http://deb.debian.org/debian stretch/main amd64 libxrender1 amd64 1:0.9.10-1 [33.0 kB]
Get:43 http://deb.debian.org/debian stretch/main amd64 libcairo2 amd64 1.14.8-1 [771 kB]
Get:44 http://deb.debian.org/debian stretch/main amd64 libcroco3 amd64 0.6.11-3 [143 kB]
Get:45 http://deb.debian.org/debian stretch/main amd64 libthai-data all 0.1.26-1 [166 kB]
Get:46 http://deb.debian.org/debian stretch/main amd64 libdatrie1 amd64 0.2.10-4+b1 [36.4 kB]
Get:47 http://deb.debian.org/debian stretch/main amd64 libthai0 amd64 0.1.26-1 [52.1 kB]
Get:48 http://deb.debian.org/debian stretch/main amd64 libpango-1.0-0 amd64 1.40.5-1 [320 kB]
Get:49 http://deb.debian.org/debian stretch/main amd64 libgraphite2-3 amd64 1.3.10-1 [84.2 kB]
Get:50 http://deb.debian.org/debian stretch/main amd64 libharfbuzz0b amd64 1.4.2-1 [671 kB]
・・・省略・・・
Fetched 149 MB in 2s (49.8 MB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 40243 files and directories currently installed.)
Preparing to unpack .../perl-base_5.24.1-3+deb9u7_amd64.deb ...
Unpacking perl-base (5.24.1-3+deb9u7) over (5.24.1-3+deb9u6) ...
Setting up perl-base (5.24.1-3+deb9u7) ...
Selecting previously unselected package liblockfile-bin.
(Reading database ... 40243 files and directories currently installed.)
Preparing to unpack .../0-liblockfile-bin_1.14-1+b1_amd64.deb ...
Unpacking liblockfile-bin (1.14-1+b1) ...
Selecting previously unselected package liblockfile1:amd64.
Preparing to unpack .../1-liblockfile1_1.14-1+b1_amd64.deb ...
Unpacking liblockfile1:amd64 (1.14-1+b1) ...
Selecting previously unselected package perl-modules-5.24.
Preparing to unpack .../2-perl-modules-5.24_5.24.1-3+deb9u7_all.deb ...
Unpacking perl-modules-5.24 (5.24.1-3+deb9u7) ...
Selecting previously unselected package libperl5.24:amd64.
Preparing to unpack .../3-libperl5.24_5.24.1-3+deb9u7_amd64.deb ...
Unpacking libperl5.24:amd64 (5.24.1-3+deb9u7) ...
Selecting previously unselected package perl.
Preparing to unpack .../4-perl_5.24.1-3+deb9u7_amd64.deb ...
Unpacking perl (5.24.1-3+deb9u7) ...
Selecting previously unselected package fontconfig.
Preparing to unpack .../5-fontconfig_2.11.0-6.7+b1_amd64.deb ...
Unpacking fontconfig (2.11.0-6.7+b1) ...
Selecting previously unselected package fonts-droid-fallback.
Preparing to unpack .../6-fonts-droid-fallback_1%3a6.0.1r16-1.1_all.deb ...
Unpacking fonts-droid-fallback (1:6.0.1r16-1.1) ...
Selecting previously unselected package libmpfr4:amd64.
Preparing to unpack .../7-libmpfr4_3.1.5-1_amd64.deb ...
Unpacking libmpfr4:amd64 (3.1.5-1) ...
Selecting previously unselected package libsigsegv2:amd64.
Preparing to unpack .../8-libsigsegv2_2.10-5_amd64.deb ...
Unpacking libsigsegv2:amd64 (2.10-5) ...
Setting up libmpfr4:amd64 (3.1.5-1) ...
Setting up libsigsegv2:amd64 (2.10-5) ...
・・・省略・・・
Setting up libdatetime-format-strptime-perl (1.7200-1) ...
Setting up libdatetime-format-builder-perl (0.8100-1) ...
Setting up emacs (46.1) ...
Setting up libdatetime-format-iso8601-perl (0.08-2) ...
Setting up liblwp-protocol-https-perl (6.06-2) ...
Setting up libwww-perl (6.15-1) ...
Setting up libmediawiki-api-perl (0.41-1) ...
Setting up git-mediawiki (1:2.11.0-3+deb9u7) ...
Setting up git-all (1:2.11.0-3+deb9u7) ...
Processing triggers for libc-bin (2.24-11+deb9u4) ...
Processing triggers for systemd (232-25+deb9u12) ...
Processing triggers for libgdk-pixbuf2.0-0:amd64 (2.36.5-2+deb9u2) ...
Git clone
Terminal
root@web-app-1:/var/www# git clone https://github.com/webmaster-patche/%repository%.git %working_copy%
Cloning into '%working_copy%'...
Username for 'https://github.com': webmaster-patche
Password for 'https://webmaster-patche@github.com':
remote: Enumerating objects: 10092, done.
remote: Counting objects: 100% (10092/10092), done.
remote: Compressing objects: 100% (8481/8481), done.
remote: Total 10092 (delta 1023), reused 10092 (delta 1023), pack-reused 0
Receiving objects: 100% (10092/10092), 33.82 MiB | 16.24 MiB/s, done.
Resolving deltas: 100% (1023/1023), done.
rbenv設定
依存するライブラリをインストール
Terminal
root@web-app-1:/var/www# apt-get install -y gcc libssl-dev libreadline-dev autoconf zlib1g-dev make bzip2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
automake autotools-dev binutils cpp cpp-6 gcc-6 libasan3 libatomic1 libc-dev-bin libc6-dev libcc1-0 libcilkrts5
libgcc-6-dev libisl15 libitm1 liblsan0 libmpc3 libmpx2 libquadmath0 libssl-doc libtinfo-dev libtsan0 libubsan0
linux-libc-dev m4 manpages manpages-dev
Suggested packages:
autoconf-archive gnu-standards autoconf-doc libtool gettext binutils-doc cpp-doc gcc-6-locales gcc-multilib
flex bison gdb gcc-doc gcc-6-multilib gcc-6-doc libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg
libasan3-dbg liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg libmpx2-dbg libquadmath0-dbg glibc-doc
readline-doc m4-doc make-doc
The following NEW packages will be installed:
autoconf automake autotools-dev binutils cpp cpp-6 gcc gcc-6 libasan3 libatomic1 libc-dev-bin libc6-dev
libcc1-0 libcilkrts5 libgcc-6-dev libisl15 libitm1 liblsan0 libmpc3 libmpx2 libquadmath0 libreadline-dev
libssl-dev libssl-doc libtinfo-dev libtsan0 libubsan0 linux-libc-dev m4 make manpages manpages-dev zlib1g-dev
0 upgraded, 33 newly installed, 0 to remove and 7 not upgraded.
Need to get 33.9 MB of archives.
After this operation, 137 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian stretch/main amd64 manpages all 4.10-2 [1,222 kB]
Get:2 http://deb.debian.org/debian stretch/main amd64 m4 amd64 1.4.18-1 [202 kB]
Get:3 http://deb.debian.org/debian stretch/main amd64 autoconf all 2.69-10 [338 kB]
Get:4 http://deb.debian.org/debian stretch/main amd64 autotools-dev all 20161112.1 [73.4 kB]
Get:5 http://deb.debian.org/debian stretch/main amd64 automake all 1:1.15-6 [733 kB]
Get:6 http://deb.debian.org/debian stretch/main amd64 binutils amd64 2.28-5 [3,770 kB]
Get:7 http://deb.debian.org/debian stretch/main amd64 libisl15 amd64 0.18-1 [564 kB]
Get:8 http://deb.debian.org/debian stretch/main amd64 libmpc3 amd64 1.0.3-1+b2 [39.9 kB]
Get:9 http://deb.debian.org/debian stretch/main amd64 cpp-6 amd64 6.3.0-18+deb9u1 [6,584 kB]
Get:10 http://deb.debian.org/debian stretch/main amd64 cpp amd64 4:6.3.0-4 [18.7 kB]
Get:11 http://deb.debian.org/debian stretch/main amd64 libcc1-0 amd64 6.3.0-18+deb9u1 [30.6 kB]
Get:12 http://deb.debian.org/debian stretch/main amd64 libitm1 amd64 6.3.0-18+deb9u1 [27.3 kB]
Get:13 http://deb.debian.org/debian stretch/main amd64 libatomic1 amd64 6.3.0-18+deb9u1 [8,966 B]
Get:14 http://deb.debian.org/debian stretch/main amd64 libasan3 amd64 6.3.0-18+deb9u1 [311 kB]
Get:15 http://deb.debian.org/debian stretch/main amd64 liblsan0 amd64 6.3.0-18+deb9u1 [115 kB]
Get:16 http://deb.debian.org/debian stretch/main amd64 libtsan0 amd64 6.3.0-18+deb9u1 [257 kB]
Get:17 http://deb.debian.org/debian stretch/main amd64 libubsan0 amd64 6.3.0-18+deb9u1 [107 kB]
Get:18 http://deb.debian.org/debian stretch/main amd64 libcilkrts5 amd64 6.3.0-18+deb9u1 [40.5 kB]
Get:19 http://deb.debian.org/debian stretch/main amd64 libmpx2 amd64 6.3.0-18+deb9u1 [11.2 kB]
Get:20 http://deb.debian.org/debian stretch/main amd64 libquadmath0 amd64 6.3.0-18+deb9u1 [131 kB]
Get:21 http://deb.debian.org/debian stretch/main amd64 libgcc-6-dev amd64 6.3.0-18+deb9u1 [2,296 kB]
Get:22 http://deb.debian.org/debian stretch/main amd64 gcc-6 amd64 6.3.0-18+deb9u1 [6,900 kB]
Get:23 http://deb.debian.org/debian stretch/main amd64 gcc amd64 4:6.3.0-4 [5,196 B]
Get:24 http://deb.debian.org/debian stretch/main amd64 libc-dev-bin amd64 2.24-11+deb9u4 [259 kB]
Get:25 http://deb.debian.org/debian stretch/main amd64 linux-libc-dev amd64 4.9.228-1 [1,511 kB]
Get:26 http://deb.debian.org/debian stretch/main amd64 libc6-dev amd64 2.24-11+deb9u4 [2,364 kB]
Get:27 http://deb.debian.org/debian stretch/main amd64 libtinfo-dev amd64 6.0+20161126-1+deb9u2 [79.2 kB]
Get:28 http://deb.debian.org/debian stretch/main amd64 libreadline-dev amd64 7.0-3 [132 kB]
Get:29 http://deb.debian.org/debian stretch/main amd64 libssl-dev amd64 1.1.0l-1~deb9u1 [1,594 kB]
Get:30 http://deb.debian.org/debian stretch/main amd64 libssl-doc all 1.1.0l-1~deb9u1 [1,480 kB]
Get:31 http://deb.debian.org/debian stretch/main amd64 make amd64 4.1-9.1 [302 kB]
Get:32 http://deb.debian.org/debian stretch/main amd64 manpages-dev all 4.10-2 [2,145 kB]
Get:33 http://deb.debian.org/debian stretch/main amd64 zlib1g-dev amd64 1:1.2.8.dfsg-5 [205 kB]
Fetched 33.9 MB in 0s (60.0 MB/s)
Extracting templates from packages: 100%
Selecting previously unselected package manpages.
(Reading database ... 63067 files and directories currently installed.)
Preparing to unpack .../00-manpages_4.10-2_all.deb ...
Unpacking manpages (4.10-2) ...
Selecting previously unselected package m4.
Preparing to unpack .../01-m4_1.4.18-1_amd64.deb ...
Unpacking m4 (1.4.18-1) ...
・・・省略・・・
Receiving objects: 100% (2852/2852), 550.44 KiB | 0 bytes/s, done.
Resolving deltas: 100% (1781/1781), done.
ちなみに、bzip2をインストールしていないと、rubyインストール時にエラーが発生します
tar (child): bzip2: Cannot exec: No such file or directory
rbenvのclone
Terminal
root@web-app-1:/var/www# git clone https://github.com/rbenv/rbenv.git ~/.rbenv
Cloning into '/root/.rbenv'...
remote: Enumerating objects: 5, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 2852 (delta 0), reused 1 (delta 0), pack-reused 2847
Receiving objects: 100% (2852/2852), 550.44 KiB | 0 bytes/s, done.
Resolving deltas: 100% (1781/1781), done.
プロファイルにrbenv設定
Terminal
root@web-app-1:/var/www# echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
root@web-app-1:/var/www# echo 'eval "$(rbenv init -)"' >> ~/.bashrc
root@web-app-1:/var/www# source ~/.bashrc
root@web-app-1:/var/www# $(rbenv root)
-su: /root/.rbenv: Is a directory
ruby-buildのclone
Terminal
root@web-app-1:/var/www# mkdir -p "$(rbenv root)"/plugins
root@web-app-1:/var/www# ls /root/.rbenv/plugins/
root@web-app-1:/var/www# git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build
Cloning into '/root/.rbenv/plugins/ruby-build'...
remote: Enumerating objects: 1, done.
remote: Counting objects: 100% (1/1), done.
remote: Total 10996 (delta 0), reused 0 (delta 0), pack-reused 10995
Receiving objects: 100% (10996/10996), 2.31 MiB | 0 bytes/s, done.
Resolving deltas: 100% (7258/7258), done.
インストール可能なrubyバージョンの確認
Terminal
root@web-app-1:/var/www# rbenv install --list
2.5.8
2.6.6
2.7.1
jruby-9.2.12.0
maglev-1.0.0
mruby-2.1.1
rbx-5.0
truffleruby-20.1.0
Only latest stable releases for each Ruby implementation are shown.
Use 'rbenv install --list-all' to show all local versions.
rubyインストール
Terminal
root@web-app-1:/var/www# rbenv install -v 2.6.6
/tmp/ruby-build.20200718225848.18288.AhoWq9 /var/www
Downloading ruby-2.6.6.tar.bz2...
-> https://cache.ruby-lang.org/pub/ruby/2.6/ruby-2.6.6.tar.bz2
Installing ruby-2.6.6...
/tmp/ruby-build.20200718225848.18288.AhoWq9/ruby-2.6.6 /tmp/ruby-build.20200718225848.18288.AhoWq9 /var/www
checking for ruby... false
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for g++... no
checking for c++... no
checking for gpp... no
checking for aCC... no
checking for CC... no
checking for cxx... no
checking for cc++... no
checking for cl.exe... no
・・・省略・・・
installing default gems from lib: /root/.rbenv/versions/2.6.6/lib/ruby/gems/2.6.0 (build_info, cache, doc, extensions, gems, specifications)
bundler 1.17.2
cmath 1.0.0
csv 3.0.9
e2mmap 0.1.0
fileutils 1.1.0
forwardable 1.2.0
ipaddr 1.2.2
irb 1.0.0
logger 1.3.0
matrix 0.1.0
mutex_m 0.1.0
ostruct 0.1.0
prime 0.1.0
rdoc 6.1.2
rexml 3.1.9
rss 0.2.7
scanf 1.0.0
shell 0.7
sync 0.5.0
thwait 0.1.0
tracer 0.1.0
webrick 1.4.2
installing default gems from ext: /root/.rbenv/versions/2.6.6/lib/ruby/gems/2.6.0 (build_info, cache, doc, extensions, gems, specifications)
bigdecimal 1.4.1
date 2.0.0
etc 1.0.1
fcntl 1.0.0
fiddle 1.0.0
io-console 0.4.7
json 2.1.0
openssl 2.1.2
psych 3.1.0
sdbm 1.0.0
stringio 0.0.2
strscan 1.0.0
zlib 1.0.0
installing bundled gems: /root/.rbenv/versions/2.6.6/lib/ruby/gems/2.6.0 (build_info, cache, doc, extensions, gems, specifications)
rake 12.3.3
did_you_mean 1.3.0
power_assert 1.1.3
minitest 5.11.3
xmlrpc 0.3.0
test-unit 3.2.9
net-telnet 0.2.0
installing rdoc: /root/.rbenv/versions/2.6.6/share/ri/2.6.0/system
installing html-docs: /root/.rbenv/versions/2.6.6/share/doc/ruby
installing capi-docs: /root/.rbenv/versions/2.6.6/share/doc/ruby
Installed ruby-2.6.6 to /root/.rbenv/versions/2.6.6
/tmp/ruby-build.20200718225848.18288.AhoWq9 /var/www
/var/www
root@web-app-1:/var/www# ruby -v
rbenv: ruby: command not found
The `ruby' command exists in these Ruby versions:
2.6.6
root@web-app-1:/var/www# gem install bundler
rbenv: gem: command not found
The `gem' command exists in these Ruby versions:
2.6.6
root@web-app-1:/var/www# rbenv exec gem install bundler
rbenv: gem: command not found
The `gem' command exists in these Ruby versions:
2.6.6
root@web-app-1:~# rbenv global 2.6.6
root@web-app-1:~# rbenv init
root@web-app-1:~# bundle -v
Bundler version 1.17.3
global設定しておかないとruby -vやbundlerでエラーになります
-bash: ruby: command not found
gem設定
gemのダウンロード
Terminal
root@web-app-1:~# wget https://rubygems.org/rubygems/rubygems-3.0.3.tgz
--2020-07-18 23:41:13-- https://rubygems.org/rubygems/rubygems-3.0.3.tgz
Resolving rubygems.org (rubygems.org)... 151.101.64.70, 151.101.128.70, 151.101.0.70, ...
Connecting to rubygems.org (rubygems.org)|151.101.64.70|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 904175 (883K) [application/x-tar]
Saving to: ‘rubygems-3.0.3.tgz’
rubygems-3.0.3.tgz 100%[=============================================>] 882.98K --.-KB/s in 0.07s
2020-07-18 23:41:13 (11.9 MB/s) - ‘rubygems-3.0.3.tgz’ saved [904175/904175]
gem解凍・インストール
Terminal
root@web-app-1:~# tar xvfz rubygems-3.0.3.tgz
rubygems-3.0.3/
rubygems-3.0.3/CODE_OF_CONDUCT.md
rubygems-3.0.3/hide_lib_for_update/
rubygems-3.0.3/hide_lib_for_update/note.txt
rubygems-3.0.3/test/
rubygems-3.0.3/test/rubygems/
rubygems-3.0.3/test/rubygems/test_gem_validator.rb
rubygems-3.0.3/test/rubygems/test_gem_commands_install_command.rb
rubygems-3.0.3/test/rubygems/test_gem_security_signer.rb
rubygems-3.0.3/test/rubygems/test_gem_request_set_lockfile.rb
rubygems-3.0.3/test/rubygems/test_gem_name_tuple.rb
rubygems-3.0.3/test/rubygems/test_gem_commands_signout_command.rb
rubygems-3.0.3/test/rubygems/test_gem_resolver_git_set.rb
rubygems-3.0.3/test/rubygems/test_gem_resolver_index_set.rb
rubygems-3.0.3/test/rubygems/private_key.pem
rubygems-3.0.3/test/rubygems/test_gem_resolver_conflict.rb
rubygems-3.0.3/test/rubygems/test_gem_commands_setup_command.rb
rubygems-3.0.3/test/rubygems/test_gem_package_tar_reader.rb
rubygems-3.0.3/test/rubygems/test_gem_silent_ui.rb
rubygems-3.0.3/test/rubygems/test_gem_version_option.rb
rubygems-3.0.3/test/rubygems/test_gem_commands_fetch_command.rb
rubygems-3.0.3/test/rubygems/test_gem_rdoc.rb
・・・省略・・・
rubygems-3.0.3/bundler/exe/bundle
rubygems-3.0.3/bundler/exe/bundler
root@web-app-1:~# ls -la
total 920
drwx------ 4 root root 4096 Jul 18 23:41 .
drwxr-xr-x 22 root root 4096 Jul 18 19:15 ..
-rw-r--r-- 1 root root 630 Jul 18 21:58 .bashrc
-rw-r--r-- 1 root root 148 Aug 17 2015 .profile
drwxr-xr-x 13 root root 4096 Jul 18 22:53 .rbenv
drwxr-xr-x 8 218038053 2033490572 4096 Mar 4 2019 rubygems-3.0.3
-rw-r--r-- 1 root root 904175 Mar 4 2019 rubygems-3.0.3.tgz
-rw------- 1 root root 10130 Jul 18 21:51 .viminfo
root@web-app-1:~# cd rubygems-3.0.3
root@web-app-1:~/rubygems-3.0.3# ls
appveyor.yml CONTRIBUTING.md LICENSE.txt POLICIES.md setup.rb
bin hide_lib_for_update MAINTAINERS.txt Rakefile test
bundler History.txt Manifest.txt README.md UPGRADING.md
CODE_OF_CONDUCT.md lib MIT.txt rubygems-update.gemspec util
root@web-app-1:~/rubygems-3.0.3# cd ../
root@web-app-1:~# cd rubygems-3.0.3
root@web-app-1:~/rubygems-3.0.3# ruby setup.rb
Bundler 1.17.3 installed
RubyGems 3.0.3 installed
Regenerating binstubs
Parsing documentation for rubygems-3.0.3
Installing ri documentation for rubygems-3.0.3
=== 3.0.2 / 2019-01-01
・・・省略・・・
RubyGems installed the following executables:
/root/.rbenv/versions/2.6.6/bin/gem
/root/.rbenv/versions/2.6.6/bin/bundle
Ruby Interactive (ri) documentation was installed. ri is kind of like man
pages for Ruby libraries. You may access it like this:
ri Classname
ri Classname.class_method
ri Classname#instance_method
If you do not wish to install this documentation in the future, use the
--no-document flag, or set it as the default in your ~/.gemrc file. See
'gem help env' for details.
root@web-app-1:~/rubygems-3.0.3# gem -v
3.0.3
アプリのサービス化
- インスタンス起動に合わせて、railsサーバーが起動する様にサービス化します
Terminal
root@web-app-1:/var/www# vi /etc/systemd/system/app_one_punch.service
/etc/systemd/system/%app_service_name%.service
[Unit]
Description=App %working_copy%
After=network.target
[Service]
Type=simple
Restart=always
WorkingDeirectory=/var/www/%working_copy%
ExecStart=bundle exec rails s --environment production # railsは初期3000番である為、-p指定していない
[Install]
WantedBy=multi-user.target