サーバー1台！なるべく安く簡単に！旧AWSエバンジェリストのWordPress運用術

Transcript

1. αʔόʔ୆ʂͳΔ΂҆͘͘؆ ୯ʹʂچ"84 Τ ό ϯ δΣ Ϧε τ ͷ 8

   0 3 % 1 3 & 4 4 ӡ ༻ ज़ YA S U H I R O H O R I U C H I 2 0 1 8 . 11 . 3

2. ࣗݾ঺հ

3. None
4. None

5. !5 ࣗݾ঺հ ງ಺߁߂ (΄Γ͏ͪ΍͢ͻΖ) 1978೥ੜ·Εࢁསݝग़਎ ཱྀਓ Mobingi Co-founder AAI (AWS

   Authorized Instructor) ܦྺ ϒΠΩϡʔϒ 2001 -2006 FlipClip CTO 2006- 2009 gumi CTO 2009 – 2012 AWSΤόϯδΣϦετ 2012 – 2014 ཱྀਓ 2014 – ݱࡏ ޷͖ͳAWSαʔϏε RDSɺS3ɺRoute53ɺLambdaɺCloudWatch

6. ཱྀ Λ ͠ ͳ ͕ Β ຊ ΋ ॻ ͖

   · ͠ ͨ ʂ • Amazon Web Services
 ΤϯλʔϓϥΠζج൘ઃܭͷجຊ • 2018೥10݄4೔ൃച • AWSೝఆιϦϡʔγϣϯΞʔΩςΫτ - Ξιγ ΤΠτͷࢼݧରࡦʹ΋࠷దʂ • ຊʹ͍ͭͯͷৄࡉ͸MobingiͷϒϩάͰ΋ॻ͍ ͯ·͢ʂ
 ɹৄࡉ͸ͪ͜Βˠ http://bit.ly/horibook

7. Ϟ Ϗ ϯ Ϊ ΋ ઈ ޷ ௐ Ͱ ͢

   ʂ https://mobingi.com/jp/products/wave

8. Ϟ Ϗ ϯ Ϊ ΋ ઈ ޷ ௐ Ͱ ͢

   ʂ • Mobingi Wave • AWSͷ࢖༻ྔɾར༻ྉۚΛμογϡϘʔυͰݟ͑ΔԽʂ • ϓϩδΣΫτ୯ҐͰ΋ݸਓ୯ҐͰ΋ɺ޷͖ͳ୯ҐͰίετ؅ཧɾ෼ੳ͕Մೳ • payer accountͰ΋linked accountsͰ΋ΧελϚΠζͯ͠ίετ͕ݟΕΔ • ޷͖ͳ୯ҐͰΞΧ΢ϯτΛλά؅ཧ • ϦβʔϒυΠϯελϯεɾεϙοτΠϯελϯεͷར༻ίετΛਖ਼֬ʹ೺Ѳɻ • աڈͷར༻ྉ͔Β࠷దͳϦβʔϒυΠϯελϯεʢRIʣͷߪೖྔΛ༧ଌɻ

9. Ϟ Ϗ ϯ Ϊ ΋ ઈ ޷ ௐ Ͱ ͢

   ʂ https://mobingi.com/jp/products/ripple

10. Ϟ Ϗ ϯ Ϊ ΋ ઈ ޷ ௐ Ͱ ͢

    ʂ • Mobingi Ripple • MobingiRipple͸AWSίετͷूܭ͔Β੥ٻॻൃߦ·ͰΛҰؾ௨؏Ͱ࣮ݱʂ • ϒϨϯυϨʔτΛղআ͠ɺਖ਼֬ͳRIར༻ྉΛࣗಈܭࢉ • ΫϨδοτ΍ฦۚɺ֤छྉۚΛ1ΫϦοΫͰސ٬ͷ݄࣍੥ٻॻʹ௥Ճ • ઓུతͳRIߪೖͰROIΛ࠷େԽ • ੥ٻॻΛൃߦ͍ͨ͠ΞΧ΢ϯτΛάϧʔϓԽͯ͠؅ཧ

11. Confidential ஥ؒืूத A)ɹϞϏϯΪͷϓϩμΫτͷސ٬ମݧΛ޲্ͤ͞ΔΧελϚʔαΫηε B)ɹϞϏϯΪͷϓϩμΫτʢRipple / Wave / ALM )Ӧۀ C)ɹϞϏϯΪͷϓϩμΫτΛ։ൃ͢ΔΤϯδχΞ

    ͜Μͳਓ͕ཉ͍͠ʂ A)ɹAWSͷCertificateΛ͍࣋ͬͯΔʂʂ B)ɹΫϥ΢υͷചΓํΛख़஌͍ͯ͠Δํʂʂ C)ɹAWS੡඼ɾαʔϏεʹීஈ͔Β৮͍ͬͯΔʂʂ

12. ӡ ༻ ͯ͠ ͍ Δ ϒϩ ά ঺ հ

13. ग़ ෆ ਫ਼ ෉ ් ͕ ฻ Β͢Α ͏ ʹ

    ཱྀ ͢ Δ ϒϩ ά • ݄ؒ15ສPV • https://www.hori-uchi.com

14. ʮ ϋϫ Π ϋο ϐʔΞ ϫ ʔ ʯ Ͱ ΋

    ݟ ͭ ͔ Γ · ͢ ʂ

15. ʮ ϋϫ Π τ ϩ Ϧ ʔ ʯ Ͱ ΋

    ݟ ͭ ͔ Γ · ͢ ʂ

16. ॳ ظ ͷ ߏ ੒

17. ϒϩ ά ͷ ӡ ༻ ํ ਑ • ίετ͸ͳΔ΂͔͚ͨ͘͘ͳ͍ʂ •

    αʔϏεʹ໰୊͕͋ͬͨ৔߹ʹࣗಈͰ෮چ͞ΕΔͷ͕๬·͍͕͠ɺ࠷ѱͦ Εʹؾͮ͘͜ͱ͕Ͱ͖Ε͹ྑ͍ɻ • ύϑΥʔϚϯε͸͍͍ʹӽͨ͜͠ͱ͸ͳ͍͕ίετॏࢹ • ηΩϡϦςΟ΋ίετʹڹ͔ͳ͍ൣғͰڧݻʹ → AWS Well-Architected ϑϨʔϜϫʔΫΛར༻ͯ͠վળʂ

18. AW S W E L - A R C H

    I T E C T E D ϑ Ϩ ʔϜϫ ʔ Ϋ • طଘͷAWS؀ڥ͕༏Εͨઃܭʹͳ͍ͬͯΔ͔Λݕূ͢Δͷʹ༗༻ͳϑϨʔ ϜϫʔΫ • AWSͷΤΩεύʔτ͕࡞੒ͨ͠Ұ࿈ͷ࣭໰Λར༻ͯ͠ɺطଘͷAWS؀ڥ͕ ϕετϓϥΫςΟεʹԊ͍ͬͯΔ͔ΛݕূͰ͖Δ https://aws.amazon.com/jp/architecture/well-architected/

19. W E L L - A R C H I

    T E C T E D ϑ Ϩ ʔϜϫ ʔ Ϋ ͷ 5 ͭ ͷ ப   $   -% (1&  ),0 
     
     "'/    #  2.     +!*

20. ݱ ࡏ ͷ ϒϩ ά ؀ ڥ ͷ ߏ ੒

21. ϒϩ ά Ͱ ར ༻ ͯ͠ ͍ Δ AW S

    α ʔ Ϗ ε • EC2 = t3.micro Πϯελϯε1୆ • S3 = 3ͭͷόέοτ • CloudFront = 3ͭͷμ΢ϯϩʔυσΟετϦϏϡʔγϣϯ • Lambda = 3ͭͷؔ਺ • CloudWatch • SNS • Route53

22. ӡ ༻ ্ ͷ ༏ ल ੑ

23. ඞ ཁ ͳ ৘ ใ Λ Ϟχλ Ϧ ϯ ά

    ग़ དྷ Δ Α ͏ ʹ ४ උ ͢ Δ • CloudWatchͷσϑΥϧτͷϝτϦΫεͷ֬ೝ • CloudWatch AgentΛΠϯετʔϧ͠ɺEC2ͷ௥Ճ৘ใΛऔಘ • CloudWatch Logs ΤʔδΣϯτΛΠϯετʔϧ͠αʔόʔͷϩάΛ CloudWatchͰ֬ೝग़དྷΔΑ͏ʹ͢Δɻ

24. ஫ ໨ ͢ Δ σ ϑ Υϧ τ ͷ ϝ

    τ Ϧ Ϋ ε • CPU Credit Balance (CPUΫϨδοτόϥϯε)ͷ؂ࢹ • 0ʹͳΔͱੑೳ͕ۃ୺ʹԼ͕Δ • 0ʹͳΒͳ͍Α͏CPUΫϨδοτ͕গͳ͘ͳ͖ͬͯͨΒAlert (3ஈ֊) • CPU Utilization (CPU࢖༻཰)΋؂ࢹ • CPU࢖༻཰͕60%Λ௒͑ͨΒAlert

25. C L O U D WAT C H A G

    E N T Ͱ ஫ ໨ ͢ Δ ϝ τ Ϧ Ϋ ε • ϝϞϦ࢖༻཰Λ؂ࢹ • ࢖༻཰͕90%Λ௒͑ͨΒAlert • EBSϘϦϡʔϜͷσΟεΫ࢖༻ྔ؂ࢹ • CWAgentͰΧελϜϝτϦΫεͱͯ͠औಘ • ࢖༻ྔ͕90%Λ௒͑ͨΒAlert

26. C L O U D WAT C H L O

    G S Ͱ ஫ ໨ ͢ Δ ϝ τ Ϧ Ϋ ε • xmlrpc.php΁ͷෆਖ਼ΞΫηεΛ؂ࢹ • େྔΞΫηεˠCPU࢖༻཰૿ՃˠCPUΫϨδοτফඅΛ๷͙ͨΊ • CloudWatch LogsͰnginxͷΞΫηεϩάΛऩू • ϩάΛϑΟϧλϦϯά͠ɺxmlrpc.phpͷΞΫηεΛϞχλϦϯά • ࣌ؒ୯ҐͷΞΫηε਺͕ҟৗʹ૿͑ͨΒAlartΛૹग़ (5෼ؒʹ100req)

27. η Ω ϡ Ϧ ςΟ

28. AW S Ϧ ι ʔε ΁ ͷ ΞΫ η ε

    • IAMϢʔβʔΛ࡞੒͠ϧʔτΞΧ΢ϯτͷ୅ΘΓʹ࢖༻ • IAMϢʔβʔɺϧʔτΞΧ΢ϯτʹ͸ଟཁૉೝূ(MFA)Λઃఆ • EC2Πϯελϯεʹ͸IAMϩʔϧΛؔ࿈෇͚ɻ • IAMϩʔϧʹ͸S3ɺCloudWatchͱݴͬͨඞཁ࠷খݶͷΞΫηεݖݶͷΈ ෇༩

29. E C 2 Π ϯε λ ϯε ΁ ͷ ઀

    ଓ • SSHϙʔτͷ઀ଓ͸ࣗ਎ͷIP͔ΒͷΈɻ • ࣗ਎ͷIPͷઃఆ͸γΣϧεΫϦϓτͰ࣮ߦ #!/bin/sh MYSECGROUP=sg-XXXXXXX WORKDIR=$HOME/tmp BINDIR=$HOME/bin if [ -e $WORKDIR/myip.txt ]; then $BINDIR/del_myip_from_sg.sh fi curl -s -o $WORKDIR/myip.txt http://checkip.amazonaws.com/ MYIP=`cat $WORKDIR/myip.txt` aws ec2 authorize-security-group-ingress --group-id $MYSECGROUP --protocol tcp --port 22 --cidr $MYIP/32

30. C L O U D F R O N T

    ʹ S S L ઀ ଓ

31. C L O U D F R O N T

    ʹ ͸ S S L Ͱ ઀ ଓ • αΠτ઀ଓ͸SSLͷΈՄʹɻ • SSLূ໌ॻ͸ACMͰແྉऔಘɻ

32. S 3 όέ ο τ ΁ ͸ 
 C L

    O U D F R O N T ܦ ༝ ͷ Έ ڐ Մ

33. S 3 όέ ο τ ΁ ͸ C L O

    U D F R O N T ܦ ༝ ͷ Έ ڐ Մ • OAIΛઃఆ͠ɺը૾Λ഑৴͢ΔS3όέοτʹCloudFrontܦ༝ͰͷΈΞΫη εՄೳʹ

34. 8 0 ൪ ϙʔ τ ΁ ͷ ΞΫ η ε

    Λ 
 C L O U D F R O N T ͷ Έ ͔ Β ʹ ੍ ݶ

35. 8 0 ൪ ϙʔ τ ΁ ͷ ΞΫ η ε

    Λ C L O U D F R O N T ͷ Έ ͔ Β ʹ ੍ ݶ • CloudFrontͷ࢖༻͢ΔIPΛશͯιʔεͱͯ͠ࢦఆ • CloudFrontͷ࢖༻͢ΔIP͕௥Ճ͞ΕͨΒࣗಈతʹηΩϡϦςΟΛߋ৽ • AWS͕࢖༻͢ΔIPϨϯδ͕ߋ৽͞ΕΔͱ௨஌͞ΕΔSNSͷτϐοΫʹ Lambdaؔ਺ΛαϒεΫϥΠϒ arn:aws:sns:us-east-1:806199016981:AmazonIpSpaceChanged

36. ѱ ҙ ͋ Δ ΞΫ η ε ͸ ω ο

    τ ϫ ʔ Ϋ A C L Ͱ ϒϩ ο Ϋ • /xmlrpc.php΁ఆظతʹେྔͷෆਖ਼ΞΫηε • CloudWatchͷΞϥʔϜΛड͚औͬͨΒରॲ͢Δ͔Λ൑அ • ѱ࣭ͳΞΫηε͸ωοτϫʔΫACLΛ࢖༻ͯ͠IPࢦఆͰϒϩοΫ

37. ৴ པ ੑ

38. E C 2 A U TO R E C O

    V E RY

39. E C 2 A U TO R E C O

    V E RY ͷ ઃ ఆ • ϗετͷϋʔυ΢ΣΞো֐ͱ͍ͬͨEC2Πϯελϯεͷো֐ʹࣗಈରԠ • EC2 Auto RecoveryΛઃఆ

40. E B S ͷ ࣗ ಈ ε φ οϓ γ

    ϣ ο τ

41. E B S ͷ ࣗ ಈ ε φ οϓ γ

    ϣ ο τ • LambdaΛར༻ͯ͠EBSͷεφοϓγϣοτΛ1͓͖࣌ؒʹऔಘ • RPO͸1࣌ؒͰ໰୊ͳ͍ͱ൑அ

42. ো ֐ ࣌ ͷ ࣗ ಈ ϑ Σ Πϧ Φ

    ʔόʔ

43. ো ֐ ࣌ ͷ ࣗ ಈ ϑ Σ Πϧ Φ

    ʔόʔ • Route53ͷϔϧενΣοΫͱDNSϑΣΠϧΦʔόʔΛར༻ • ো֐ൃੜ࣌ʹ͸S3Ͱϗετ͞ΕͨϝϯςφϯεϖʔδʹϑΣΠϧΦʔ όʔ

44. ύ ϑ Υ ʔϚ ϯε ޮ ཰

45. T 2 → T 3

46. T 2 → T 3 • t2.micro͔Βt3.microʹมߋ • 0.0152 USD/࣌

    ͔Β 0.0136 USD/࣌ʹ • ੑೳ΋޲্

47. ϝ σΟΞ ϑ Ν Πϧ ͸ 
 S 3 ͔

    Β ௚ ઀ ഑ ৴

48. ϝ σΟΞ ϑ Ν Πϧ ͸ S 3 ͔ Β

    ௚ ઀ ഑ ৴ • WordPressͷϓϥάΠϯWP Offload S3Λ࢖༻͠ɺϝσΟΞϑΝΠϧ͸S3 ʹอଘ͞ΕΔΑ͏ʹɻ • ࣸਅ͸JPEGminiͰ࠷దԽ͔ͯ͠ΒΞοϓϩʔυ • WordPressͷϓϥάΠϯEWWW Image OptimizerͰαʔόʔαΠυͰ΋࠷ దԽ

49. Ω ϟ ο γ ϡ ί ϯ τ ϩ ʔϧ

    ϔο μ 
 ͷ ෇ ༩

50. Ω ϟ ο γ ϡ ί ϯ τ ϩ ʔϧ

    ϔο μ ͷ ෇ ༩ • LambdaΛ࢖༻ͯ͠S3ʹΞοϓϩʔυ͞Εͨը૾ʹExpiresϔομΛ෇༩

51. શ ͯͷ ί ϯ ς ϯ π Λ C L

    O U D F R O N T ܦ ༝ Ͱ ഑ ৴

52. શ ͯͷ ί ϯ ς ϯ π Λ C L

    O U D F R O N T ܦ ༝ Ͱ ഑ ৴ • ಈతɾ੩తͱ΋CloudFrontܦ༝Ͱ഑৴ • ίϯςϯπ͝ͱʹΩϟογϡ࣌ؒΛࡉ͔͘ίϯτϩʔϧ • EC2Πϯελϯε͔Β഑৴͢Δը૾΍CSSʹ΋Ωϟογϡίϯτϩʔϧ ϔομΛ෇༩͢ΔΑ͏nginxΛઃఆ • EC2Πϯελϯε͔Βͷ഑৴͸gzipѹॖɻ(AmimotoͰ࠷ॳ͔ΒઃఆࡁΈ) • CloudFrontܦ༝ͷ৔߹͸ɺgzip_proxied any;Λ௥Ճ

53. PA G E S P E E D I N

    S I G H T ͷ ݁ Ռ ( Ϟ όΠϧ )

54. PA G E S P E E D I N

    S I G H T ͷ ݁ Ռ ( P C )

55. ί ε τ ࠷ ద Խ

56. ί ε τ ࠷ ద Խ • ϦβʔϒυΠϯελϯεΛߪೖ͠EC2Πϯελϯεͷίετ࡟ݮ • શͯͷS3ͷόέοτϩά͸ϩά༻ͷ1ͭͷόέοτʹอଘ

    • ϩά༻ͷόέοτʹ͸ϥΠϑαΠΫϧϙϦγʔΛઃఆ͠ɺίετ࠷దԽ • Ξοϓϩʔυ͢Δը૾ͷ࠷దԽʹΑΓసૹίετͷ࡟ݮ • CloudWatch+SNSͰྉ͕ۚࢦఆֹΛ௒͑ͨΒ௨஌ • CloudFrontͷΩϟογϡޮ཰ΛߴΊΔ͜ͱͰEC2ΠϯελϯεͷෛՙΛݮΒ͠ίετ࡟ݮ • AWS ShieldͰ͸ͳ͘ωοτϫʔΫACLΛར༻

57. ࠷ ޙ ʹ • AWS͸ָ͍͠ʂ • ৽ػೳ΍৽αʔϏε͕ग़ͨΒΞοϓσʔτ͢Δ͜ͱ͕Ͱ͖Δɻ • ͜Ε͔Β΋AWSʹ͓ੈ࿩ʹͳΓ·͢ʂ

58. Confidential ஥ؒืूத A)ɹϞϏϯΪͷϓϩμΫτͷސ٬ମݧΛ޲্ͤ͞ΔΧελϚʔαΫηε B)ɹϞϏϯΪͷϓϩμΫτʢRipple / Wave / ALM )Ӧۀ C)ɹϞϏϯΪͷϓϩμΫτΛ։ൃ͢ΔΤϯδχΞ

    ͜Μͳਓ͕ཉ͍͠ʂ A)ɹAWSͷCertificateΛ͍࣋ͬͯΔʂʂ B)ɹΫϥ΢υͷചΓํΛख़஌͍ͯ͠Δํʂʂ C)ɹAWS੡඼ɾαʔϏεʹීஈ͔Β৮͍ͬͯΔʂʂ