Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to build/ops websites safety (2020-12-10)

Daiji Hirata
December 10, 2020
Business
0
83

How to build/ops websites safety (2020-12-10)

ウェブサイト運用にともなうリスクと安定運用のコツ
2020.12.10 シックス・アパート オンラインミニセミナー スライド

Daiji Hirata

December 10, 2020
Tweet

More Decks by Daiji Hirata

See All by Daiji Hirata
MTDDC Meetup Tokyo 2022 Keynote
hirata
0
35
MTDDC meetup Tokyo 2021 Keynote
hirata
0
1.2k
How to build a Robust Website for Peak Traffics (2021-02-12)
hirata
0
34
MTDDC Meetup Tokyo 2020 Keynote
hirata
0
120
MTDDC Meetup Tokyo 2019 Closing Session
hirata
0
1.3k
AWS-ISV-SaaS-Seminar-2019-10-28-Tokyo
hirata
0
54
SAtisfaction 2019 Movable Type and Security
hirata
0
1.4k
MovableType.net in contents.nagoya 2019
hirata
0
28
Internet veterans 2019-05-25
hirata
0
2.1k

Other Decks in Business

See All in Business
BYARD会社紹介資料
byard_recruit
0
440
会社紹介資料
nako
0
1.6k
【株式会社テンポイノベーション】会社説明資料
urara
0
140
フィナンシェ_会社紹介資料_20231003
financie_hr
0
6.7k
Lonely Planet: Chaos
takahiroogoshi
0
570
Flip the script: overcoming negativity bias for positive growth
giuliapanozzo
1
170
株式会社マクロセンド - 会社ピッチ資料
macrosend
0
150
cinnamon_採用資料__0922_.pdf
cinnamonai
0
400
SEO: Story Effect Optimization
presentales
0
140
SEO and the NHS: when search can save lives
sarahkey
0
200
20230921 JBUG東京#21 ウェブライフ 塩谷
shioyashunsuke
0
130
Connected Robotics
cr
0
29k

Featured

See All Featured
Why Our Code Smells
bkeepers
PRO
329
56k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
6
7.1k
Debugging Ruby Performance
tmm1
68
11k
Git: the NoSQL Database
bkeepers
PRO
420
61k
Happy Clients
brianwarren
92
6.1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.2k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
215
12k
Statistics for Hackers
jakevdp
787
210k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
670
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Six Lessons from altMBA
skipperchong
17
2.6k

Transcript

  1. γοΫεɾΞύʔτ ฏా େ࣏
    ΢ΣϒαΠτӡ༻ʹͱ΋ͳ͏ϦεΫͱ҆ఆӡ༻ͷίπ
    ΢ΣϒαΠτΛ҆৺ͯ͠׆༻͢ΔͨΊʹ஌͓͖͍ͬͯͨ͜ͱ

    View Slide

  2. ͻΒ͍ͨͩ͡
    4JY"QBSU
    %JSFDUPS $50
    !IJSBUB

    View Slide

  3. ࠓ೔ͷ࿩
    • ΢ΣϒαΠτӡ༻্ͷϦεΫͱݪҼ

    • جຊతͳରࡦ

    • ରࡦͷҰྫɺެ։αʔόͷ෼཭

    • ͦͷଞɺؾΛ͚ͭΔ͜ͱ

    View Slide

  4. ΢ΣϒαΠτͷϦεΫ͍Ζ͍Ζ
    • αΠτͷվ᜵ɺ৐ͬऔΓ

    • αΠτͷμ΢ϯ

    • ৘ใ࿙Ӯ

    • ౿Έ୆ʹ࢖ΘΕ͍ͯͨ

    • ߋ৽͕Ͱ͖ͳ͘ͳͬͨ

    View Slide

  5. αΠτͷվ᜵ɺ৐ͬऔΓ
    • ৘ใͷૢ࡞

    • Ϛϧ΢ΣΞ͕഑෍͞Ε͍ͯͨ

    • ѱҙͷ͋ΔϓϩάϥϜΛΫϥΠΞϯτʹ࣮ߦͤ͞Δ

    • ϑΟογϯά࠮ٗʹ࢖ΘΕ͍ͯͨ

    • ݸਓ৘ใ΍ΫϨδοτΧʔυ৘ใΛ౪·ΕΔ

    View Slide

  6. View Slide

  7. ෛͷ࿈࠯
    • Ϛϧ΢ΣΞ / ϑΟογϯάʹ࢖ΘΕΔ

    • ϒϩοΫϦετʹొ࿥͞ΕΔ

    • Safe Browsing ػೳͰαΠτ͕දࣔ͞Εͳ͘ͳΔ…

    View Slide

  8. αΠτͷμ΢ϯ
    • αΠτ͕ਅͬനʹͳͬͨ

    • 404 Not Found ΍φκͷΤϥʔը໘

    View Slide

  9. ৘ใ࿙Ӯ
    • αʔόʹอଘ͍ͯͨ͠ݸਓ৘ใ͕…

    • ·ͩެ։͍ͯ͠ͳ͍͸ͣͷ PDF ϑΝΠϧ͕…

    View Slide

  10. ౿Έ୆ʹ͞Ε͍ͯͨ?
    ඪతܕ߈ܸʹ࢖ΘΕͨྫ
    • ஌Βͳ͍ϑΝΠϧ͕ࣾ಺͔ΒΞοϓϩʔυ͞Ε͍ͯͨ

    • ஌Βͳ͍αʔό͔ΒͷΞΫηεͰμ΢ϯϩʔυ͞Ε͍ͯͨ

    • ஌Βͳ͍ϑΝΠϧ͕ࣾ֎͔ΒΞοϓϩʔυ͞Ε͍ͯͨ

    • ࣾ಺ͷPC͔ΒφκͷΞΫηε͕…

    View Slide

  11. ߋ৽͕Ͱ͖ͳ͍
    • CMS ͷ؅ཧը໘ʹϩάΠϯͰ͖ͳ͍

    • αʔόͷΞΧ΢ϯτ͕Θ͔Βͳ͍

    View Slide

  12. ͞·͟·ͳݪҼ
    • ֎෦͔ΒͷͳΜΒ͔ͷΞΫγϣϯ (߈ܸ)

    • ނো

    • ୯७ͳϛε

    • ಺෦൜ߦ

    • ͳʹ΋͍ͯ͠ͳ͍ͷʹ……

    View Slide

  13. جຊతͳରࡦͷߟ͔͑ͨ
    • ݪҼΛ༧૝͠ɺͦΕͧΕͷରࡦΛߟ͑Δ

    • ϦεΫΛࣄલʹݮΒ͢

    • ΋͠ൃੜͨ͠ͱ͖ͷϦΧόϦʔํ๏Λࣄલʹ༻ҙ͓ͯ͘͠

    • ӡ༻ʹؾΛ෷͏

    • αʔόɺΞϓϦέʔγϣϯΛ҆શʹอͭ

    • े෼ͳϦιʔεΛख౰͢Δ

    • ීஈ͔ΒϦεΫʹඋ͑Δ

    View Slide

  14. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ
    • Ұൠ΁ͷ৘ใఏڙͷͨΊͷ΢Σϒαʔό

    • ίʔϙϨʔταΠτͳͲ

    • ߋ৽͸ਵ࣌ɺσβΠϯมߋͳͲ͸සൟͰ͸ͳ͍

    • ड͚Δͷ͸໰͍߹ΘͤϑΥʔϜఔ౓

    View Slide

  15. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ
    • ެ։༻αʔόͱΞϓϦέʔγϣϯ༻αʔόΛ෼཭͢Δ

    • CMS αʔό͸Ұൠ͔ΒΞΫηεͰ͖ͳ͍Α͏ʹɺ੍ݶ͢Δ

    • ΞΫηε੍ݶɺωοτϫʔΫͷ෼཭

    • ެ։༻αʔόʹ͸ɺඞཁͳΞϓϦέʔγϣϯͷΈઃஔ͢Δ

    • ੩తίϯςϯπͷΈͩͱɺ͔ͳΓ҆શ

    View Slide

  16. 010111………
    ެ։ྖҬ
    CMS
    1୆ͷαʔόʹ͢΂ͯࠞࡏ
    html, image, css, js, etc.

    View Slide

  17. ެ։༻αʔό
    CMS
    ެ։ྖҬ
    010111………
    ެ։༻αʔόͱ CMS Λ෼཭͢Δ

    View Slide

  18. ެ։༻αʔόͷ෼཭
    • αΠτΛ੩తίϯςϯπͱͯ͠४උ͠ɺެ։༻αʔόʹసૹ͢Δ

    • MT ͩͱϓϥάΠϯΛར༻͢Δ͜ͱ͕Ұൠత

    • Uploader, SmartSyncPack, Movable Type Premium (SiteSync)

    • MT Ϋϥ΢υʹ͸ඪ४Ͱαʔό഑৴Λ༻ҙ͍ͯ͠Δ

    • సૹઌͱରԠ͢Δϓϩτίϧʹ஫ҙ

    • FTPS, SFTP, rsync, S3 (AWS) ͳͲ

    View Slide

  19. ެ։༻αʔό
    CMS
    ެ։ྖҬ
    010111………
    ඇެ։ྖҬ
    ഑৴
    ࠶ߏங (੩తϑΝΠϧߏங)

    View Slide

  20. ഑৴ػೳͷϝϦοτ
    • ഑৴ઌΛෳ਺༻ҙ͢Δ͜ͱͰɺεςʔδϯάͷΑ͏ʹར༻Ͱ͖Δ

    • ίϯςϯπΛ෼཭ͯ͠؅ཧ͢Δ͜ͱ͕Ͱ͖Δ

    • େن໛αΠτͷҰ෦͚ͩΛ MT Ϋϥ΢υͰ؅ཧ͢Δ

    • ෦໳ຖʹ഑৴Λ෼͚Δ

    View Slide

  21. ެ։༻αʔό
    ඇެ։ྖҬ
    ഑৴
    ֬ೝ༻αʔό
    ഑৴
    CMS

    View Slide

  22. ެ։༻αʔό
    CMS
    ඇެ։ྖҬ
    Ұ෦ͷྖҬʹ͚ͩ഑৴

    View Slide

  23. CMS ͷΞΫηε੍ݶ΍ηΩϡϦςΟڧԽ
    • IP ΞυϨεͷ੍ݶ

    • ύεϫʔυอޢ

    • WAF ͷར༻

    View Slide

  24. CMS ͷӅṭ
    • CMS ΞϓϦέʔγϣϯ΁ͷΞΫηεΛ੍ݶ͢Δ

    • ϗετͷӅṭ

    • ϓϥΠϕʔτωοτϫʔΫʹઃஔͯ͠ VPN ܦ༝ͰΞΫηε

    • ެ։αʔό΁ͷίϯςϯπ഑৴Ҏ֎ΛڐՄ͠ͳ͍

    • ֎෦΁ͷτϥϑΟοΫͷ؂ࢹ͕༰қʹ

    ౿Έ୆ʹͳΔϦεΫΛܰݮͰ͖Δ

    View Slide

  25. ެ։༻αʔό
    CMS
    VPN ͳͲͰΞΫηεΛ੍ݶɾ؅ཧ
    ഑৴ (Ұํ޲)
    ֎෦͔Βͷ௨৴͸ःஅ
    010111………

    View Slide

  26. ެ։αʔόͷߏ੒ྫ
    • Apache

    • SSI ΍ htaccess ͸࢖͍͍ͨ

    • Amazon S3

    • + CDN

    • + CDN + WAF + DDoS ରࡦ

    View Slide

  27. ެ։༻αʔόΛηΩϡΞʹ
    • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ

    • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔

    • SSI ΍ .htaccess ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ

    • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ

    • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠

    CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

    View Slide

  28. ެ։༻αʔό
    iframe Ͱ૊ΈࠐΈ

    View Slide

  29. ެ։༻αʔόΛηΩϡΞʹ
    • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ

    • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔

    • SSI ΍ .htaccess ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ

    • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ

    • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠

    CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

    View Slide

  30. ΑΓ஫ҙ͢Δ͜ͱ
    • ނো΍ࣄނʹඋ͑ͨ৑௕ߏ੒

    • ೋॏԽ…ϗετɺωοτϫʔΫɺσʔληϯλ

    • γεςϜͷఆظతͳϝϯςφϯε

    • ϛυϧ΢ΣΞ΍ΞϓϦέʔγϣϯͷΞοϓσʔτɺઃఆͷ֬ೝ

    • ϩάͷ֬ೝ

    • ఆظతͳόοΫΞοϓ

    • όοΫΞοϓͷೖखੑɺੈ୅

    • ϦετΞखॱͷ֬ೝ΍τϨʔχϯά

    View Slide

  31. ࣗ෼Ͱ΍Δͷ͕େมͩͱࢥͬͨΒ
    • ϚωʔδυαʔϏε΍ SaaS ͷ CMS Λར༻͢Δ

    • Movable Type Ϋϥ΢υ൛

    • αʔό഑৴ػೳΛඪ४૷උ

    • MovableType.net

    • αʔϏεͱͯ͠ɺ͞·͟·ͳϦεΫʹ഑ྀͯ͠ӡӦ͍ͯ͠·͢

    View Slide

  32. ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠

    View Slide