Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to build/ops websites safety (2020-12-10)
Search
Daiji Hirata
December 10, 2020
Business
0
90
How to build/ops websites safety (2020-12-10)
ウェブサイト運用にともなうリスクと安定運用のコツ
2020.12.10 シックス・アパート オンラインミニセミナー スライド
Daiji Hirata
December 10, 2020
Tweet
Share
More Decks by Daiji Hirata
See All by Daiji Hirata
MTDDC Meetup TOHOKU 2024 Keynote Speech
hirata
1
550
MTDDC Meetup Tokyo 2023 Keynote
hirata
0
740
MTDDC Meetup Tokyo 2022 Keynote
hirata
0
68
MTDDC meetup Tokyo 2021 Keynote
hirata
0
1.3k
How to build a Robust Website for Peak Traffics (2021-02-12)
hirata
0
57
MTDDC Meetup Tokyo 2020 Keynote
hirata
0
140
MTDDC Meetup Tokyo 2019 Closing Session
hirata
0
1.3k
AWS-ISV-SaaS-Seminar-2019-10-28-Tokyo
hirata
0
57
SAtisfaction 2019 Movable Type and Security
hirata
0
1.4k
Other Decks in Business
See All in Business
20240712_CM_Odyssey
hideki_ojima
1
190
株式会社リーディングマーク_SD紹介資料.pdf
lm_devhr
0
190
LayerXのOpsについて
suuu
2
800
エレコム株式会社 中途採用説明資料
elecom_hr
0
960
WORKERS'BOX document ver5.2
himojimoji
0
100
(14枚)仮説思考に必要な5つの能力
nyattx
PRO
1
330
オレンジスピリッツ 会社説明資料/Introduction
orangespirits
0
13k
Salesmarker_Culturebook
salesmarker
PRO
0
920
エスキュービズム 会社紹介資料
human_resources
0
4.8k
20240629_CMCCentral_closing
hideki_ojima
2
240
株式会社ユビレジ_採用ピッチ資料 / Ubiregi_CompanyProfile
ubiregi_saiyo
0
4.8k
(6枚)交渉スキルをアップする「ZOPA」「BATNA」活用3ステップ
nyattx
PRO
1
110
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
34
1.9k
Design by the Numbers
sachag
277
18k
WebSockets: Embracing the real-time Web
robhawkes
59
7.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
44
4.7k
Leading Effective Engineering Teams 2024
addyosmani
3
300
Reflections from 52 weeks, 52 projects
jeffersonlam
346
19k
The Art of Programming - Codeland 2020
erikaheidi
48
13k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
20
7.2k
Bash Introduction
62gerente
607
210k
Atom: Resistance is Futile
akmur
261
25k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
36
9.1k
YesSQL, Process and Tooling at Scale
rocio
166
14k
Transcript
γοΫεɾΞύʔτ ฏా େ࣏ ΣϒαΠτӡ༻ʹͱͳ͏ϦεΫͱ҆ఆӡ༻ͷίπ ΣϒαΠτΛ҆৺ͯ͠׆༻͢ΔͨΊʹ͓͖͍ͬͯͨ͜ͱ
ͻΒ͍ͨͩ͡ 4JY"QBSU %JSFDUPS $50 !IJSBUB
ࠓͷ • ΣϒαΠτӡ༻্ͷϦεΫͱݪҼ • جຊతͳରࡦ • ରࡦͷҰྫɺެ։αʔόͷ • ͦͷଞɺؾΛ͚ͭΔ͜ͱ
ΣϒαΠτͷϦεΫ͍Ζ͍Ζ • αΠτͷվ᜵ɺͬऔΓ • αΠτͷμϯ • ใ࿙Ӯ • ౿ΈʹΘΕ͍ͯͨ •
ߋ৽͕Ͱ͖ͳ͘ͳͬͨ
αΠτͷվ᜵ɺͬऔΓ • ใͷૢ࡞ • ϚϧΣΞ͕͞Ε͍ͯͨ • ѱҙͷ͋ΔϓϩάϥϜΛΫϥΠΞϯτʹ࣮ߦͤ͞Δ • ϑΟογϯάٗʹΘΕ͍ͯͨ •
ݸਓใΫϨδοτΧʔυใΛ౪·ΕΔ
None
ෛͷ࿈ • ϚϧΣΞ / ϑΟογϯάʹΘΕΔ • ϒϩοΫϦετʹొ͞ΕΔ • Safe Browsing
ػೳͰαΠτ͕දࣔ͞Εͳ͘ͳΔ…
αΠτͷμϯ • αΠτ͕ਅͬനʹͳͬͨ • 404 Not Found φκͷΤϥʔը໘
ใ࿙Ӯ • αʔόʹอଘ͍ͯͨ͠ݸਓใ͕… • ·ͩެ։͍ͯ͠ͳ͍ͣͷ PDF ϑΝΠϧ͕…
౿Έʹ͞Ε͍ͯͨ? ඪతܕ߈ܸʹΘΕͨྫ • Βͳ͍ϑΝΠϧ͕͔ࣾΒΞοϓϩʔυ͞Ε͍ͯͨ • Βͳ͍αʔό͔ΒͷΞΫηεͰμϯϩʔυ͞Ε͍ͯͨ • Βͳ͍ϑΝΠϧ͕ࣾ֎͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ࣾͷPC͔ΒφκͷΞΫηε͕…
ߋ৽͕Ͱ͖ͳ͍ • CMS ͷཧը໘ʹϩάΠϯͰ͖ͳ͍ • αʔόͷΞΧϯτ͕Θ͔Βͳ͍
͞·͟·ͳݪҼ • ֎෦͔ΒͷͳΜΒ͔ͷΞΫγϣϯ (߈ܸ) • ނো • ୯७ͳϛε • ෦൜ߦ
• ͳʹ͍ͯ͠ͳ͍ͷʹ……
جຊతͳରࡦͷߟ͔͑ͨ • ݪҼΛ༧͠ɺͦΕͧΕͷରࡦΛߟ͑Δ • ϦεΫΛࣄલʹݮΒ͢ • ͠ൃੜͨ͠ͱ͖ͷϦΧόϦʔํ๏Λࣄલʹ༻ҙ͓ͯ͘͠ • ӡ༻ʹؾΛ͏ •
αʔόɺΞϓϦέʔγϣϯΛ҆શʹอͭ • ेͳϦιʔεΛख͢Δ • ීஈ͔ΒϦεΫʹඋ͑Δ
ҰൠతͳΣϒαΠτͰͷߟ͔͑ͨ • ҰൠͷใఏڙͷͨΊͷΣϒαʔό • ίʔϙϨʔταΠτͳͲ • ߋ৽ਵ࣌ɺσβΠϯมߋͳͲසൟͰͳ͍ • ड͚Δͷ͍߹ΘͤϑΥʔϜఔ
ҰൠతͳΣϒαΠτͰͷߟ͔͑ͨ • ެ։༻αʔόͱΞϓϦέʔγϣϯ༻αʔόΛ͢Δ • CMS αʔόҰൠ͔ΒΞΫηεͰ͖ͳ͍Α͏ʹɺ੍ݶ͢Δ • ΞΫηε੍ݶɺωοτϫʔΫͷ • ެ։༻αʔόʹɺඞཁͳΞϓϦέʔγϣϯͷΈઃஔ͢Δ
• ੩తίϯςϯπͷΈͩͱɺ͔ͳΓ҆શ
010111……… ެ։ྖҬ CMS 1ͷαʔόʹͯࠞ͢ࡏ html, image, css, js, etc.
ެ։༻αʔό CMS ެ։ྖҬ 010111……… ެ։༻αʔόͱ CMS Λ͢Δ
ެ։༻αʔόͷ • αΠτΛ੩తίϯςϯπͱͯ͠४උ͠ɺެ։༻αʔόʹసૹ͢Δ • MT ͩͱϓϥάΠϯΛར༻͢Δ͜ͱ͕Ұൠత • Uploader, SmartSyncPack, Movable
Type Premium (SiteSync) • MT Ϋϥυʹඪ४Ͱαʔό৴Λ༻ҙ͍ͯ͠Δ • సૹઌͱରԠ͢Δϓϩτίϧʹҙ • FTPS, SFTP, rsync, S3 (AWS) ͳͲ
ެ։༻αʔό CMS ެ։ྖҬ 010111……… ඇެ։ྖҬ ৴ ࠶ߏங (੩తϑΝΠϧߏங)
৴ػೳͷϝϦοτ • ৴ઌΛෳ༻ҙ͢Δ͜ͱͰɺεςʔδϯάͷΑ͏ʹར༻Ͱ͖Δ • ίϯςϯπΛͯ͠ཧ͢Δ͜ͱ͕Ͱ͖Δ • େنαΠτͷҰ෦͚ͩΛ MT ΫϥυͰཧ͢Δ •
෦ຖʹ৴Λ͚Δ
ެ։༻αʔό ඇެ։ྖҬ ৴ ֬ೝ༻αʔό ৴ CMS
ެ։༻αʔό CMS ඇެ։ྖҬ Ұ෦ͷྖҬʹ͚ͩ৴
CMS ͷΞΫηε੍ݶηΩϡϦςΟڧԽ • IP ΞυϨεͷ੍ݶ • ύεϫʔυอޢ • WAF ͷར༻
CMS ͷӅṭ • CMS ΞϓϦέʔγϣϯͷΞΫηεΛ੍ݶ͢Δ • ϗετͷӅṭ • ϓϥΠϕʔτωοτϫʔΫʹઃஔͯ͠ VPN
ܦ༝ͰΞΫηε • ެ։αʔόͷίϯςϯπ৴Ҏ֎ΛڐՄ͠ͳ͍ • ֎෦ͷτϥϑΟοΫͷࢹ͕༰қʹ ౿ΈʹͳΔϦεΫΛܰݮͰ͖Δ
ެ։༻αʔό CMS VPN ͳͲͰΞΫηεΛ੍ݶɾཧ ৴ (Ұํ) ֎෦͔Βͷ௨৴ःஅ 010111………
ެ։αʔόͷߏྫ • Apache • SSI htaccess ͍͍ͨ • Amazon
S3 • + CDN • + CDN + WAF + DDoS ରࡦ
ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ੍͘͠ݶ͢Δ • PHP ͷར༻εΫϦϓτͷઃஔܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI .htaccess
Θͳ͍ͳΒɺS3 ͷར༻ࢹʹೖΔ • ϑΥʔϜɺݕࡧͳͲαʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯαʔόΛͯ͠ CORS ReverseProxy Ͱͷӡ༻ߟ͑Δ
ެ։༻αʔό iframe ͰΈࠐΈ
ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ੍͘͠ݶ͢Δ • PHP ͷར༻εΫϦϓτͷઃஔܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI .htaccess
Θͳ͍ͳΒɺS3 ͷར༻ࢹʹೖΔ • ϑΥʔϜɺݕࡧͳͲαʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯαʔόΛͯ͠ CORS ReverseProxy Ͱͷӡ༻ߟ͑Δ
ΑΓҙ͢Δ͜ͱ • ނোࣄނʹඋ͑ͨߏ • ೋॏԽ…ϗετɺωοτϫʔΫɺσʔληϯλ • γεςϜͷఆظతͳϝϯςφϯε • ϛυϧΣΞΞϓϦέʔγϣϯͷΞοϓσʔτɺઃఆͷ֬ೝ •
ϩάͷ֬ೝ • ఆظతͳόοΫΞοϓ • όοΫΞοϓͷೖखੑɺੈ • ϦετΞखॱͷ֬ೝτϨʔχϯά
ࣗͰΔͷ͕େมͩͱࢥͬͨΒ • ϚωʔδυαʔϏε SaaS ͷ CMS Λར༻͢Δ • Movable Type
Ϋϥυ൛ • αʔό৴ػೳΛඪ४උ • MovableType.net • αʔϏεͱͯ͠ɺ͞·͟·ͳϦεΫʹྀͯ͠ӡӦ͍ͯ͠·͢
͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠