クラウド・Webホスティングサービスのセキュリティと運用技術の研究

 クラウド・Webホスティングサービスのセキュリティと運用技術の研究

クラウド・Webホスティングサービスのセキュリティと運用技術の研究

セキュリティ・キャンプ2018 全国大会
セキュリティ・ミニキャンプ2019 福岡

2019/03/03
さくらインターネット株式会社
さくらインターネット研究所

上級研究員松本亮介 / @matsumotory / まつもとりー

2b692bd83f4418103142a053ecf5ff59?s=128

MATSUMOTO Ryosuke

March 03, 2019
Tweet

Transcript

  1. 2.

    2 ɾ͘͞ΒΠϯλʔωοτݚڀॴ ্ڃݚڀһ ɾגࣜձࣾGrooves Forkewll ٕज़ސ໰ ɾϖύϘݚڀॴ ٬һݚڀһ ݚڀސ໰ ɾηΩϡϦςΟɾΩϟϯϓߨࢣ

    ɾ৘ใॲཧֶձ Πϯλʔωοτͱӡ༻ٕज़ݚڀձ ֤छҕһ ɾژ౎େֶത࢜ʢ৘ใֶʣ দຊ྄հ / ·ͭ΋ͱΓʔ / @matsumotory
  2. 10.

    ٕज़ͷݴޠԽΛ৴པ͠׆༻ͨ͠ݕূͱվળͷαΠΫϧ 10 ݕূલͷ։ൃӡ༻ٕज़ w ݕূ͕ᐆດͳঢ়ଶ w ಛఆ؀ڥͰͷᐆດͳఆੑධՁ w ಛఆ؀ڥґଘͰมԽ΍޿͕Γʹऑ͍ w

    ίετʹରͯ͠ͷޮՌ͕ݟ͑ͣਖ਼͠͞ ΋ෆ໌ྎ ࿦จԽ w ਖ਼͘͠ݕূՄೳͳঢ়ଶ΁ w ៛ີͰਖ਼֬ͳݴޠԽ͕ඞਢ w લఏͷҰகɾαʔϕΠɾఆྔධ Ձɾ༗ޮੑ ֶձʹΑΔݕূ w ҉໧ͷલఏΛ࣋ͨͳ͍ୈࡾऀػؔ ʹΑͬͯݕূͱϑΟʔυόοΫ w ࠪಡऀʹΑΔࠪಡ݁Ռ΋࿦จͱಉ ༷Ҏ্ͷݴޠԽ͕લఏ w ࿦จࣥචऀʹΑͬͯݕূ ݕূޙͷ։ൃӡ༻ٕज़ w ਖ਼͠͞ͱ޿͕Γ͕ݕূࡁΈ w ීวԽɾந৅Խ͕ਐΜͩ૊Έ ߹Θͤ΍͍ٕ͢ज़΁ w มԽʹڧ͘ਐԽͤ͞΍͍ٕ͢ ज़΁ ٕज़ͷݴޠԽʹج͍ͮͯ Կ౓΋ݕূͱվળΛճ͢ τοϓΧϯϑΝϨϯεͷΑ͏ͳ ੈքج४ͰͷϨϕϧͷߴ͍ݕূ Ͱ͋Δ΄͏͕ͳ͓ྑ͍ ࣗ෼͚ͨͪͩͰ৽ٕज़Λݕূ͢ Δͷ͸Կ΋ແ͍େւʹ์Γग़͞ Εͯ৽छͷڕΛ୳͢Α͏ͳ΋ͷ ݴޠԽ ٕज़Խ ٕज़ͷݕূՄೳͳݴޠԽ͸܇࿅ ͕ඞཁ
  3. 18.

    18

  4. 19.

    19

  5. 20.

    • ~2008: τϥϑΟοΫಛ௃ྔͷ૬ؔؔ܎͔Βͷҟৗݕ஌ʢଔ࿦ʣ • 2008~2012: ϗεςΟϯάαʔϏεձࣾͰΠϯϑϥӡ༻ɾӡ༻ઃܭɾ։ൃ • 2012~2015: WebαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟͷݚڀʢത࿦ʣ •

    2015~2016: ࣄۀΛࠩผԽ͢Δٕज़։ൃɾPM/POɾاըɾαʔϏε։ൃӡ༻ • 2016~: ݚڀ։ൃɾڞಉݚڀɾݚڀऀҭ੒ɾݚڀ࣮੷ڧԽɾ׭ֶͱͷ࿈ܞʹઐ೦ • 2018~: ٕज़ސ໰ɾݚڀސ໰ʹΑΔΤϯδχΞɾݚڀऀͷ੒௕ࢧԉͳͲ 20 ͜Ε·Ͱͷུྺ
  6. 23.

    1. ݱࡏ͸σʔληϯλʔʹڊେͳίϯϐϡʔςΟϯάϦιʔε͕ଘࡏ͍ͯ͠·͕͢ɺ ࠓޙ͸ϨΠςϯγʗηΩϡϦςΟʗίετ౳ͷཁ͔݅Βɺ͋ΒΏΔ৔ॴ΍ࣾձɺ ૊৫ʹίϯϐϡʔςΟϯάϦιʔε༹͕͚ࠐΜͰ͍͘͜ͱʹͳΓ·͢ɻ 2. ͦΕΒ෼ࢄͨ͠ίϯϐϡʔςΟϯάϦιʔε͸ɺ୯ಠͰίϯϐϡʔςΟϯάύϫʔ Λఏڙ͢Δʹཹ·Βͣɺͦͷ৔ॴ΍ࣾձͷཁٻʹԠͯ͡ɺࣗ཯తʹɺ෼ࢄ͋Δ͍ ͸༗ػతʹ݁߹͠ɺݱ৔ɾΫϥ΢υͦΕͧΕ͕ॎԣʹ݁ͼ͍ͭͨϋΠϒϦουߏ ଄Λ࠾ΔΑ͏ʹػೳ͠·͢ɻ 3.

    ͜ͷΑ͏ͳγεςϜʹΑΓ࣮ݱ͞ΕΔ΋ͷ͸ɺਓʑͷ਎ۙʹଘࡏ͠ɺϦΞϧλΠϜ ͔ͭΠϯςϦδΣϯεʹϢʔβΛࢧ͑ͳ͕Βɺ͔͠͠ಉ࣌ʹόοΫΤϯυଆ͕༗ ػతʹ݁߹͢Δ͜ͱʹΑΓɺ͔ͭͯͳ͍ϚγϯύϫʔͱϦιʔεྔΛಈһ͢Δ͜ ͱͰݱ৔࠷ద͔ͭશମ࠷దΛ΋࣮ݱ͢ΔSuper Organized WorldͰ͢ɻ 23 ௒ݸମܕσʔληϯλʔ͓ΑͼOS
  7. 26.

    ਓؒͷൃ૝ vs ج൫ٕज़(ػց)ͱদຊͷݚڀ 26 ج൫ٕज़ ػց ϓϩμΫτ ਓؒͷൃ૝ ਓͷମྗɾਫ਼ਆͷݶք ਓͷମྗɾਫ਼ਆͷݶք

    ਓྗͰࢧ͑ଓ͚Δ ਓྗͰ޿͛ଓ͚Δ ਓྗͰࢧ͑ଓ͚Δ ϓϩμΫτͷݶքͷ෯ ج൫ٕज़ ػց ϓϩμΫτ ਓؒͷൃ૝ ػցͰࢧ͑ଓ͚Δ ϓϩμΫτͷݶքͷ෯ • ॎ࣠͸ϓϩμΫτ։ൃɾӡ༻ͷίετͱ΋ݴ͑Δ • ج൫ٕज़ͷݶքΛ௒͑Δ΂͘ਓͰΧόʔ͍ͯ͠Δ • ॎ࣠ͷίετΛ୹͘ɺԣ࣠ͷݶքͷ෯Λ޿͛Δͨ Ίͷݚڀ։ൃΛߦ͍ͬͯΔ দຊͷݚڀ
  8. 37.

    • ௿Ձ֨WebϗεςΟϯάαʔϏεͰඞཁͱ͞ΕΔํࣜʢΞʔΩςΫνϟʣ • ߴूੵͳϚϧνςφϯτํࣜΛ໨ࢦ͢͜ͱͰ௿Ձ֨ԽΛ࣮ݱ • WebαʔόͷઃఆΛऩ༰ϗετ਺ͷ૿Ճʹґଘ͠ͳ͍Α͏ʹ͢Δ • ϋʔυ΢ΣΞίετͷߋͳΔޮ཰Խͱӡ༻ޮ཰ͷվળΛ໨ࢦ͢ • ߴूੵϚϧνςφϯτํࣜͷ৴པੑʹॏཁͳϙΠϯτ

    • ηΩϡϦςΟɾϦιʔε෼཭ɾӡ༻ٕज़ͷվળɾେྔͷυϝΠϯͷѻ͍ 37 WebαʔόͷߴूੵϚϧνςφϯτํࣜ [8] <>দຊ྄հɼ8FCαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟʹؔ͢Δݚڀɼതֶ࢜Ґ࿦จIUUQT SFQPTJUPSZLVMJCLZPUPVBDKQETQBDFIBOEMF ژ౎େֶɼ.BZ
  9. 38.

    • ηΩϡϦςΟ • ӡ༻ٕज़͕௿ݮ͗ͯ͢͠΋ɺੑೳ͕௿Լ͗ͯ͢͠΋͍͚ͳ͍ • Ϧιʔε؅ཧ • ςφϯτؒͰϦιʔεׯবʹΑͬͯϢʔβମݧ͕௿Լͯ͠͸͍͚ͳ͍ • ӡ༻ٕज़

    • Ϧιʔεׯবͷӡ༻ίετ͕ߴ·Γ݁Ռతʹίετ͕ߴ͘ͳͬͯ͸͍͚ͳ͍ • ͦͷଞϛυϧ΢ΣΞͷฏқͳ֦ு΍େྔTLSূ໌ॻ΍υϝΠϯͷ؅ཧͳͲ 38 ߴूੵϚϧνςφϯτํࣜͷॏཁͳ؍఺
  10. 50.

    • Ϋϥ΢υίϯϐϡʔςΟϯά[9] • ωοτϫʔΫ΍αʔόͱ͍ͬͨίϯϐϡʔλϦιʔεͷϓʔϧ͔Βඞཁͳ࣌ ʹඞཁͳྔ͚ͩΦϯσϚϯυʹར༻Մೳͱ͢ΔίϯϐϡʔςΟϯάϞσϧ • Ϋϥ΢υαʔϏε • Ϋϥ΢υίϯϐϡʔςΟϯάΛ֤छαʔϏεͱͯ͠ఏڙ͢ΔαʔϏε 50

    Ϋϥ΢υαʔϏε <>1.FMM 5(SBODF 5IF/*45%FpOJUJPOPG$MPVE$PNQVUJOHz 64/BU`M*OTUPG4DJFODFBOE5FDIOPMPHZ   IUUQDTSDOJTUHPWQVCMJDBUJPOTOJTUQVCT41QEG
  11. 51.

    • SaaS • ιϑτ΢ΣΞαʔϏεͷఏڙʢGoogle AppsͳͲʣ • PaaS • γεςϜ։ൃखஈ΍ϓϥοτϑΥʔϜػೳΛఏڙʢGAEͳͲʣ •

    IaaS • OS΍ϛυϧ΢ΣΞΛؚΊͨΠϯϑϥػೳͷఏڙʢAWSͳͲʣ 51 Ϋϥ΢υαʔϏεͷ୅දతͳ෼ྨ
  12. 56.

    • unshare(): IPCɺnetɺmountɺpidɺuserͳͲͷ໊લۭؒΛִ཭ • chroot(): rootσΟϨΫτϦͷมߋ • Ծ૝Ϛγϯͱൺֱִͯ͠཭౓͸௿͍͕ऩ༰αʔό୯ҐͰͷऩ༰ޮ཰͸ߴ͍ • OSͷγεςϜྖҬ͔ΒϑΝΠϧγεςϜɾ໊લۭؒͰִ཭Մೳ

    • chroot؀ڥʹϑΝΠϧϕʔεͰॆ࣮ͨ͠ϥΠϒϥϦ؀ڥΛߏஙՄೳ • ϗετ୯ҐͰෆඞཁͳίϚϯυ΍ϥΠϒϥϦΛ഑ஔ͠ͳ͍ͱ੍͍ͬͨޚ͕Մೳ 56 chroot()΍unshare()ͰϓϩηεΛִ཭͢ΔϞσϧ(2)
  13. 61.

    • Ծ૝ϚγϯϨϕϧͷ෼཭ • ߴूੵʹϗετΛऩ༰͢Δʹ͸ෆ޲͖ɾηΩϡϦςΟॏࢹͷ৔߹ • ϓϩηεϨϕϧͷ෼཭ • ϗετ਺ʹґଘͯ͠ϓϩηε਺͕૿Ճ͢ΔͨΊߴूੵʹ͸ෆ޲͖ • ୯Ұͷαʔόϓϩηε܈Ͱෳ਺ͷϗετΛԾ૝తʹ෼཭

    • ϗετ਺ʹґଘ͠ͳ͍ͨΊߴूੵʹద͍ͯ͠Δ • ಛఆͷϗετͷϦιʔεઐ༗͕αʔόϓϩηεͷϦιʔεΛઐ༗͢Δ 61 ߴूੵऩ༰ʹ͓͚ΔWebαʔόͷϗετִ཭·ͱΊ
  14. 64.

    CGI࣮ߦํࣜ 64 $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU

    $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱൺֱతେ͖ͳ ΠϯλϓϦλόΠφϦʢ1)1ͩͱQIQDHJʣͷ FYFDWF ͕ඞཁ
  15. 66.

    • CGI࣮ߦํࣜ • ΠϯλϓϦλͷෳ਺όʔδϣϯΛ࣮ߦͰ͖Δ • DSO࣮ߦํࣜ • ੑೳ͸ߴ͍͕جຊతʹ͸୯ҰͷWebαʔόʹΠϯλϓϦλΛෳ਺όʔδϣ ϯ࣋ͯͳ͍ •

    ࣮ߦํࣜʹΑΒͣݖݶ෼཭ػೳΛར༻͠ͳ͍৔߹͸Webαʔόϓϩηεͱಉ ༷ͷΦʔφͰ࣮ߦ͞ΕΔͨΊηΩϡϦςΟ্ͷ՝୊͕͋Δ 66 ಈతίϯςϯπͷ࣮ߦํࣜ
  16. 68.

    WebαʔόͷجຊతͳϞσϧʢpreforkʣ 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF $MJFOU

    ϦΫΤετ Ϩεϙϯε 6/*9ܥ04ͷ৔߹ࣄલʹϦΫΤετΛड͚Δ ϓϩηεΛෳ਺GPSL ͯ͠ϓʔϧ͓ͯ͘͠ ʢ͜ΕΒશͯΛؚΊͯʮ୯Ұͷαʔόϓϩηεʯͱఆٛʣ 68 ϦΫΤετ Ϩεϙϯε ϦΫΤετ Ϩεϙϯε ϓϩηεϦΫΤετΛ ઐ༗ͯ͠ॲཧ
  17. 69.

    WebαʔόͷجຊతͳϞσϧʢworkerʣ 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEUISFBE PXOFSBQBDIF $IJMEIUUQEUISFBE PXOFSBQBDIF $IJMEIUUQEUISBE PXOFSBQBDIF $MJFOU

    ϦΫΤετ Ϩεϙϯε 6/*9ܥ04ͷ৔߹ࣄલʹϦΫΤετΛड͚Δ εϨουΛෳ਺GPSL ͯ͠ϓʔϧ͓ͯ͘͠ 69 ϦΫΤετ Ϩεϙϯε ϦΫΤετ Ϩεϙϯε
  18. 70.

    WebαʔόͷجຊతͳϞσϧʢϊϯϒϩοΩϯάʣ 1BSFOUOHJOYQSPDFTT PXOFSSPPU $IJMEOHJOYQSPDFTT PXOFSOHJOY $IJMEOHJOYQSPDFTT PXOFSOHJOY $MJFOU ϦΫΤετ Ϩεϙϯε

    6/*9ܥ04ͷ৔߹ࣄલʹϦΫΤετΛड͚Δ ϓϩηεΛෳ਺GPSL ͯ͠ϓʔϧ͓ͯ͘͠ ୯ҰͷϓϩηεͰෳ਺ͷϦΫΤετΛฒߦॲཧ 70 ϦΫΤετ Ϩεϙϯε ϦΫΤετ Ϩεϙϯε
  19. 71.

    ߴूੵͷͨΊͷΞʔΩςΫνϟ IUUQE Ϣʔβ" IUUQE Ϣʔβ# IUUQE Ϣʔβ$ IUUQE Ϣʔβ" Ϣʔβ#

    Ϣʔβ$ ޮ཰ྑ͘࢒ϦιʔεΛ࢖͑Δ ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁ ͳϦιʔε ىಈʹඞཁͳϦιʔε ߴूੵ͕ཁٻ͞ΕΔ৔߹ͷ Ϛϧνςφϯτʢ7JSUVBM)PTUʣ ϗετ୯ҐͰϓϩηεΛىಈ 71
  20. 80.

    • ݶΒΕͨίϯϐϡʔλϦιʔεΛϗετ୯ҐͰެฏʹϦιʔε෼཭͢΂͖ • ಛఆͷϗετ΁ͷΞΫηεʹΑΔαʔόશମͷϦιʔεઐ༗Λ๷ࢭ • ϋʔυ΢ΣΞίετ͚ͩͰͳ͘ӡ༻ɾ؅ཧίετΛ௿ݮ • JaoʹΑΔVirtualHostͰ΋ར༻͔ͷ͏ͳಉ࣌઀ଓ਺ϕʔεͰͷ੍ݶ [11] •

    ϑΝΠϧ΍ϗετ୯ҐͰͷ઀ଓ਺੍ݶ • ͨͬͨҰͭͷΞΫηε͕CPU΍I/OΛઐ༗͢Δ໰୊͕Ҏલͱͯ͠࢒Δ 80 ߴूੵϚϧνςφϯτΞʔΩςΫνϟͷϦιʔε෼཭ <>+%BWJE NPEMJNJUJQDPOO IUUQEPNJOJBPSHEKBPMJNJUJQDPOOIUNM
  21. 82.
  22. 86.

    • ϦΫΤετΛड͚͔ͯΒϨεϙϯεΛฦ͢·ͰͷϦιʔε࢖༻ྔΛܭଌ • https://github.com/matsumotory/mod_resource_checker • getrusage()Λ࢖ͬͯϓϩηεͷϦιʔεΧ΢ϯλͷࠩ෼Λऔಘ • ApacheϞδϡʔϧͱ࣮ͯ͠૷ • JSON΍ςΩετͰϩΪϯά͞ΕΔͨΊޙ͔Βͷௐࠪ΍ܭଌ΋༰қ

    86 দຊΒͷख๏ [12] <>দຊ྄հɼ઒ݪক࢘ɼদԬً෉ɼlେن໛ڞ༗ܕ8FCόʔνϟϧϗεςΟϯάج൫ͷηΩϡϦςΟͱӡ ༻ٕज़ͷվળɼz৘ॲֶ࿦ɼWPM OP QQr .BSDI
  23. 88.

    88

  24. 92.

    • দຊΒͷmod_vlimit [12] • ೚ҙͷϗετ΍ϑΝΠϧ໊ɺઈରύεɺσΟϨΫτϦɺਖ਼نදݱʹରԠ • ࢠϓϩηεؒͰڞ༗ϝϞϦ্ʹΧ΢ϯλΛ഑ஔͯ͠ഉଞ੍ޚ • ಉҰΫϥΠΞϯτIPΞυϨε͔Βͷಉ࣌઀ଓ਺΋੍ݶՄೳ •

    ੍ݶ௒ա࣌͸Service UnavailableίʔυΛฦ͢ • ΞΫηε਺΍ίϯςϯπͷϦιʔε࢖༻ྔʹج͍ͮͨϦιʔε੍ޚ 92 ϦΫΤετର৅΁ͷ࠷େಉ࣌઀ଓ਺Λ੍ݶ <>দຊ྄հɼ઒ݪক࢘ɼদԬً෉ɼlେن໛ڞ༗ܕ8FCόʔνϟϧϗεςΟϯάج൫ͷηΩϡϦςΟͱӡ ༻ٕज़ͷվળɼz৘ॲֶ࿦ɼWPM OP QQr .BSDI
  25. 94.

    • দຊΒͷmod_lalimit [13] • ϦΫΤετड৴࣌ʹϩʔυΞϕϨʔδͷ஋͕ߴ͚Ε͹Service Unabailable • ೚ҙͷϗετ΍ϑΝΠϧ໊ɺઈରύεɺσΟϨΫτϦɺਖ਼نදݱʹରԠ • αʔόͷશମϦιʔεΛج४ʹͨ͠Ϧιʔε੍ޚ

    94 ϩʔυΞϕϨʔδͷ਺஋ʹج͍ͮͨϦιʔε੍ޚ <>দຊ྄հɼ઒ݪক࢘ɼদԬً෉ɼlେن໛ڞ༗ܕ8FCόʔνϟϧϗεςΟϯάج൫ͷηΩϡϦςΟͱӡ༻ ٕज़ͷվળɼz৘ॲֶ࿦ɼWPM OP QQr .BSDI
  26. 100.

    • OSͷϓϩηεϦιʔε෼཭ٕज़ΛWebαʔόͷϦΫΤετ୯ҐͰ׆༻੍͠ޚ • ػೳ֦ுࢧԉػߏmod_mruby [15] ΛԠ༻ʢޙड़ʣ • ϓϩάϥϚϒϧͰΦʔόʔϔουগͳ͍Webαʔόͷػೳ֦ுࢧԉػߏͰ ϦΫΤετ୯ҐʹϦιʔεΛ੍ޚՄೳ •

    RubyͰ֦ுͭͭ͠ߴ଎ʹಈ࡞Մೳ 100 দຊΒͷϦιʔε੍ޚΞʔΩςΫνϟ [14] <>দຊ྄հ ܀ྛ݈ଠ࿠ Ԭ෦णஉ ϦΫΤετ୯ҐͰԾ૝తʹϋʔυ΢ΣΞϦιʔεΛ෼཭͢Δ8FCαʔόͷϦιʔε੍ޚΞʔΩςΫνϟ  ৘ใॲཧֶձ࿦จࢽ 7PM /P QQ .BS <>দຊ྄հ Ԭ෦णஉ NPE@NSVCZεΫϦϓτݴޠͰߴ଎͔ͭলϝϞϦʹ֦ுՄೳͳ8FCαʔόͷػೳ֦ுࢧԉػߏ ৘ใॲཧֶձ࿦จࢽɼ 7PM /P QQ /PW
  27. 101.

    101

  28. 102.

    • ϓϩηε୯ҐͰCPUɾϝϞϦɾI/O౳Λ੍ޚ • Linux Kernel 2.6.24Ҏ߱ͷػೳ • ಛఆͷϓϩηε͸1ίΞCPU30%·Ͱ͔͠࢖༻Ͱ͖ͳ͍ͳͲ • CPU30%ΛׂΓ౰ͯͨϦιʔεάϧʔϓΛ࡞੒

    • άϧʔϓʹࢀՃ͍ͯ͠Δෳ਺ͷϓϩηεͰϦιʔε෼഑ • 3ͭͷϓϩηε͕CPUΛ࠷େ࢖͏৔߹͸10%ͣͭ෼഑͞ΕΔ౳ 102 LinuxಠࣗͷϦιʔε੍ޚ cgroup
  29. 104.

    mod_mrubyͱcgroupͷ࣮૷ "QBDIF1SPDFTT NPE@NSVCZ NSVCZ MJCNSVCZB  NSVCZDHSPVQ MJCDHSPVQ -JOVYDHSPVQT • 

    ֤ػೳ͸୯ମͰಈ࡞Մೳʢૄ݁߹ʣ •  NPE@NSVCZ͸"QBDIFΛNSVCZͰ੍ޚ •  NSVCZDHSPVQ͸MJCDHSPVQΛNSVCZͰ੍ޚ •  NSVCZ NSVCZDHSPVQ •  3VCZ΍$ίʔυ಺ͰϦιʔεΛ੍ޚՄೳ •  ͜ͷϧʔϓ͸$16Ͱ •  ͜ͷॻ͖ग़͠͸%*4,ॻࠐ.#TFDͰ 104
  30. 106.

    Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.filename == “/path/to/cpu.cgi” cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 106 ݫີʹ͸NTதNTͷ$16࢖༻࣌ؒΛ RVPUBͱͯ͠εέδϡʔϧ͢Δઃఆ
  31. 107.

    Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.hostname == “example.com” cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 107
  32. 108.

    Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.user== “matsumotory” cpu = Cgroup::CPU.new

    “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 108
  33. 109.

    Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.method== “POST” cpu = Cgroup::CPU.new

    “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 109
  34. 110.

    Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.user == 500 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 110
  35. 111.

    Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.group == 300 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 111
  36. 112.

    Ϧιʔε੍ޚͷઃఆྫ r = Apache::Request.new if r.finfo.size > 3000 cpu =

    Cgroup::CPU.new “cpu_group” # CPU 10 cpu.cfs_quota_us = 10000 cpu.create cpu.attach end 112
  37. 113.

    Ϧιʔε੍ޚͷઃఆྫ if resource.most_heavy_hosts.include? r.hostname # 1 100 1 c =

    Cgroup::CPU.new "httpd-static-limited" c.cfs_quota_us = 100000 Apache::Resource.attach_cgroup c, "httpd-static-limited" elsif resource.heavy_hosts.include? r.hostname # CPU 25% 24 6 # httpd 100 ( ) c = Cgroup::CPU.new "httpd-limited" c.shares = 25 Apache::Resource.attach_cgroup c, "httpd-limited" else # CPU 75% 24 18 # httpd-limited 100 ( ) c = Cgroup::CPU.new "httpd" c.shares = 75 Apache::Resource.attach_cgroup c, "httpd" end 113
  38. 117.

    • CPU100%࢖༻͢ΔCGI΁ϦΫΤετ • CPU50%ʹϦιʔε੍ޚ • CGIͷCPU࢖༻࣌ؒΛมߋͯ͠ਫ਼౓Λൺֱ • ੑೳ੍ޚ཰Λఆٛɿ • Ϩεϙϯε࣌ؒʢ੍ݶແ͠ʣ/

    Ϩεϙϯε࣌ؒʢ੍ݶ༗Γʣ • ੑೳ੍ޚ཰͕50%ʹ͚ۙΕ͹ਖ਼੍͘͠ޚ͞Ε͍ͯΔ 117 Ϧιʔε੍ޚͷਫ਼౓ධՁ
  39. 118.

    118

  40. 121.

    • Ϧιʔε஋ͷ࣌ܥྻσʔλͷมԽ఺είΞΛܭࢉ[16] • มԽ఺ݕग़͸false positive/negative͕ॏཁ • มԽ఺ݕग़ޙʹଈ੍࣌ݶ͢Δͱޡݕ஌ͷӨڹେ • ౷ܭ஋Λ׆͔ͤΔݕ஌࣌ͷΞΫγϣϯ͕ඞཁ 121

    Ϧιʔε஋ͷมԽ఺ݕग़ΛԠ༻ <>+5BLFVDIJBOE,:BNBOJTIJ l"6OJGZJOH'SBNFXPSLGPS%FUFDUJOH0VUMJFSTBOE$IBOHF1PJOUTGSPN5JNF 4FSJFT z*&&&USBOTBDUJPOTPO,OPXMFEHFBOE%BUB&OHJOFFSJOH QQ 
  41. 124.

    1. ϦΫΤετ୯ҐͷϨεϙϯελΠϜͱಉ࣌઀ଓ਺ͷ࣌ܥྻσʔλ͔Βಛ௃ྔ ͱͯ͠ͷมԽ఺είΞܭࢉ 2. มԽ఺είΞͷՃࢉʹΑΔϗετ΍ϑΝΠϧʹؔ͢Δಛ௃ྔͷॏΈ෇͚Ϧε τͷੜ੒ 3. ߴෛՙ࣌ʹϦετͷϥϯΩϯάͷߴ͍ऩ༰ϗετ΍ϑΝΠϧ΁ͷϦΫΤετ ͸ಛ௃ྔʹ΋ͱ͍ͮͯCPUϦιʔεͱಉ࣌઀ଓ਺ʹΑͬͯࣗ཯੍ޚ 124

    দຊΒͷ࠷৽ͷݚڀ [17] <>দຊ྄հɼాฏ߁࿕ɼࢁԼ࿨඙ɼ܀ྛ݈ଠ࿠ɼlಛ௃ྔநग़ͱมԽ఺ݕग़ʹجͮ͘8FCαʔόͷߴूੵϚϧνςφ ϯτํࣜʹ͓͚ΔϦιʔεͷࣗ཯੍ޚΞʔΩςΫνϟɼz৘ॲֶݚใɼWPM*05 OP QQr 'FC
  42. 125.

    দຊΒͷख๏ͷࣗ཯੍ޚϑϩʔ 8FCαʔό ϓϩηε ΫϥΠΞϯτ ϦΫΤετ Ϩεϙϯε ॏΈ෇͚Ϧετ Ϩεϙϯεੜ੒ʹ ফඅͨ͠Ϧιʔε஋͔ ΒมԽ఺είΞܭࢉ

    ϗετ ͱεΫϦϓτ ຖͷϦ ιʔε࢖༻ྔͷ࣌ܥྻσʔλ ͔Βஞ࣍ܭࢉͨ͠౷ܭϞσϧ ͷ܎਺Λอଘ มԽ఺είΞΛॏΈ ෇͚ϦετʹՃࢉ ߴෛՙ࣌͸ॏΈ෇͚Ϧ ετ্Ґͷ৔߹ɺ੍ݶԼ ͰϨεϙϯεੜ੒ Ϧιʔεݶఆ؀ڥ $16ˋ *014 ϑΝΠϧ΁ͷಉ࣌઀ଓ਺ 125
  43. 126.

    • Webαʔόͷػೳ֦ு mod_mruby/ngx_mruby [18] • มԽ఺ݕग़Τϯδϯ mruby-changefinder • https://github.com/matsumotory/mruby-changefinder •

    ಉ࣌઀ଓ਺੍ݶ http-access-limiter • https://github.com/matsumotory/http-access-limiter <>দຊ྄հ Ԭ෦णஉ NPE@NSVCZεΫϦϓτݴޠͰߴ଎͔ͭলϝϞϦʹ֦ுՄೳͳ8FCαʔόͷػೳ֦ுࢧԉ ػߏ ৘ใॲཧֶձ࿦จࢽɼ7PM /P QQ /PW 126 σʔλੜ੒ͱղੳख๏͸ఏҊɾ࣮૷ࡁΈ
  44. 128.

    ॏΈ෇͚Ϧετͷσʔλߏ଄ྫ 128 { host1: {ɹɹɹɹɹɹɹɹɹɹɹɹ # ϗετ໊ st_score: 83, #

    ϗετͷಉ࣌઀ଓ਺είΞ rc_score: 32, # ϗετͷϨεϙϯελΠϜείΞ files: { path_to_progmra1: { # ϓϩάϥϜϑΝΠϧύε st_score: 30, # ϑΝΠϧͷಉ࣌઀ଓ਺είΞ rc_score: 20, # ϑΝΠϧͷϨεϙϯελΠϜείΞ }, path_to_progmra2: { st_score: 53, rc_score: 12, }, }, }, } ϑΝΠϧ΁ͷϦΫΤετʹରͯ͠ܭࢉͨ͠είΞΛɺ֘౰ ͢ΔϗετͱϑΝΠϧͷείΞʹͦΕͧΕՃࢉ͢Δ
  45. 129.

    มԽ఺είΞܭࢉྫ 129 > cf = ChangeFinder.new 5, 0.01, 10, 0.01,

    7 => #<ChangeFinder:0x7fad5c80be50 @ts_data_buffer=[], @change_point_analyze=#<ChangeFinder::SDAR:0x7fad5c80bb80>, @smooth_term=5, @outlier_analyze=#<ChangeFinder::SDAR: 0x7fad5c80be20>> > cf.learn [1,2,1,2,3,2,1,2,1] => [6.2017912433901, 1.3973555597559, 2.4211198000217, 2.3979400886673, 1.7835503570548, 1.4166612339939, 1.4837836144657, 1.2835583707215, 1.1556254255408] > cf.score 1 => 1.1044914205061
  46. 131.

    มԽ఺ݕग़ΤϯδϯͷॳظԽ࣮૷ྫ 131 # ChangeFinderΠϯελϯεੜ੒ cf = ChangeFinder.new(5, 0.1, 10, 0.1,

    3) # ԾֶशσʔλʹΑΔࣄલֶश cf.learn [1,1,1,1,1,1,1,1,1,1] # ֤ϑΣʔζͰσʔλΛऔΓग़ͤΔΑ͏ʹϢʔβσʔλʹอଘ Userdata.new.cf_list = {} Userdata.new.cf = cf
  47. 132.

    ϗετ୯ҐͷมԽ఺είΞͷܭࢉྫ 132 r = Apache::Request.new cf = Userdata.new.cf cf_list =

    Userdata.new.cf_list
 hostname = r.hostname res_time = r.response_time # vhostͷChangeFinderΠϯελϯε͕ଘࡏ͠ͳ͚Ε͹ෳ੡ unless cf_list.has_key?(hostname) usercf[hostname] = cf.clone end # ϦΫΤετλΠϜ͔ΒมԽ఺είΞΛܭࢉ͠ϩάʹग़ྗ Apache.log Apache::APLOG_ERR, “requesttime: #{r.response_time.to_s} score: #{cf_list[hostname].score(res_time)} hostname: #{hostname}”
  48. 134.

    • ϦΫΤετ୯ҐͰCPUͷ࠷େ࢖༻཰Λมߋ [19] • cgroup(mruby-cgroup)΍rlimit(mruby-resource) • ϗετ୯Ґ΍ϑΝΠϧ୯ҐͰͷಉ࣌઀ଓ਺Λมߋ • mod_mrubyͱhttp-access-limiter 134

    ੍ݶख๏ͷίϯϙʔωϯτ͸࣮૷ࡁΈ <>দຊ྄հ ܀ྛ݈ଠ࿠ Ԭ෦णஉ ϦΫΤετ୯ҐͰԾ૝తʹϋʔυ΢ΣΞϦιʔεΛ෼཭͢Δ8FCαʔόͷϦιʔ ε੍ޚΞʔΩςΫνϟ ৘ใॲཧֶձ࿦จࢽ 7PM /P QQ .BS
  49. 147.

    CGI࣮ߦํࣜ $(*QSPDFTT QIQDHJJOEFYQIQ $(*QSPDFTT GPSL UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT

    PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ɾഁغͱ ൺֱతେ͖ͳόΠφϦʢ1)1ͩͱQIQDHJόΠφϦʣͷ FYFDWF ͕ඞཁ 147
  50. 148.

    $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS ੩తʹઃఆ͞ΕͨVJEΛݩʹTFUVJE TFUHJE

    GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹ$(*༻ϓϩηεͷ ੜ੒ഁغ͕ඞཁ ˞$(* TV&9&$ 148
  51. 149.

    149

  52. 150.

    • DoerschΒʹΑΔख๏[19] • suEXEC࣌ʹ֤ϗετ؀ڥͰchroot()γεςϜίʔϧʹΑΓִ཭ • ϗετྖҬ֎ͷϑΝΠϧΛӾཡ͢Δ͜ͱ͕Ͱ͖ͳ͍ • ϗετ୯ҐͰݸผʹϥΠϒϥϦ΍࣮ߦ؀ڥΛ༰қ͢Δඞཁ͸͋Δ • ෳ਺ͷ࣮ߦ؀ڥͷݻఆతͳϥΠϒϥϦ͸ϋʔυϦϯΫͰࢀর͢Δ͜ͱʹΑ

    Γ࣮ߦ؀ڥߏங΍࢖༻༰ྔͷίετΛ࡟ݮՄೳ 150 suEXECͱchrootͷ૊Έ߹ΘͤʹΑΔִ཭ख๏ <>'%PFSTDI #VH$ISPPU1BUDIGPS4V&YFD IUUQTC[BQBDIFPSHCVH[JMMBTIPXCVHDHJ JE
  53. 151.

    $(*QSPDFTT PXOFSVTFS $(*QSPDFTT PXOFSSPPU QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS DISPPU ޙ

    TFUVJE TFUHJE GPSL  FYFDWF TVFYFDQSPHSBN TFUVJESPPU UFSNJOBUFQSPDFTT FYFDWF 1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF DISPPU&OWJSPONFOU ˞%PFSTDIΒͷख๏ 151
  54. 157.

    157

  55. 161.

    1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSSPPU JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF SVO

    ˞NPE@TVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSVTFS UFSNJOBUFQSPDFTT ϦΫΤετຖͷࢠIUUQEϓϩηεͷੜ੒ഁغ͕ඞཁ  
  56. 166.

    166

  57. 171.

    • Linux2.2Ҏ߱ • ैདྷͷ2֊૚ͷDACݖݶϞσϧͷ֦ு • εϨου୯Ґʹ੍ޚՄೳͳಛݖάϧʔϓ • εϨου͸3छྨͷcapability setΛ࣋ͭ •

    PermittedɺEffectiveɺInheritable • capability setͷ૊Έ߹ΘͤʹΑͬͯcapabilityͷݖݶΛ੍ޚ 171 Linux Capabilities
  58. 175.

    • Linux4.3͔Β௥Ճ͞Εͨcapability • ࢠϓϩηεʹҾ͖ͮͭಛݖ܈ • ҰൠϢʔβͰfile capability͕ͳͯ͘΋execve()ޙʹҾ͖ܧ͛Δ[24] • γϯϓϧͰ͋Δ͕࢖͍ํ࣍ୈͰ͸ඇৗʹڧྗ •

    ίϯςφ࣮૷࣌ʹAmbient capabilities͸͋͑ͯΞϯηοτ͢Δ࣮૷΋ • exeve()ޙͷ਌͔Βͷҙਤ͠ͳ͍ಛݖͷҡ࣋ͱঢ֨Λ๷ࢭ͢ΔͨΊ 175 Ambient capabilities <>NBUTVNPUPSZ DHSPVQͱ-JOVY$BQBCJMJUZͷ׆༻ IUUQTTQFBLFSEFDLDPNNBUTVNPUP@SSDPOBOE DBQDPOJOUFSOBMTOVNCFSMYDKQ
  59. 177.

    177 1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF

    SVO ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ഁغ͕ෆཁʁʁʁ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE
  60. 178.

    178 1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF

    SVO ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ϦΫΤετຖʹϓϩηεͷੜ੒ഁغ͕ෆཁʁʁʁ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE ίϯςϯπΛαʔϏεར༻ऀ͕࡞੒Ͱ͖Δ ৔߹͸੬ऑੑʹͳΔ
  61. 179.

    179 1BSFOUIUUQEQSPDFTT PXOFSBQBDIF $IJMEIUUQEQSPDFTT PXOFSBQBDIF JOEFYQIQ PXOFSVTFS TFUVJE TFUHJE QBSTF

    SVO ˞NPE@SVJE $IJMEIUUQEQSPDFTT PXOFSVTFS $IJMEIUUQEQSPDFTT PXOFSBQBDIF ࣮ߦϓϩηε͕ΦʔφมߋͷಛݖΛ࣋ͬ ͍ͯΔͨΊɺίϯςϯπܦ༝Ͱݖݶมߋ ͕Մೳʂʂ ˣ QSDUM TFUVJETFUHJEDBQT TFUVJE TFUHJE ίϯςϯπ࣮ߦલʹಛݖΛམͱ͞ͳ͍ͱ͍͚ ͳ͍ɻͭ·ΓɺϓϩηεͷΦʔφมߋޙ͸ݩ ͷΦʔφʹ໭Εͳ͍ͨΊϓϩηεഁغ͕ඞཁ VOTFUDBQT
  62. 181.

    • Webαʔό͔ΒͷݖݶมߋΛՄٯతʹมߋՄೳʹͭͭ͠ɺ࣮ߦ͞ΕΔίϯς ϯπϓϩάϥϜ͔Β͸ݖݶΛมߋ͞Εͳ͍Α͏ʹ͢Δख๏ • ϓϩάϥϜ͔Β࣮ߦ͞ΕΔγεςϜίʔϧΛ͋Β͔͡Ίચ͍ग़͠ɺίϯςϯ π࣮ߦ࣌ʹ֘౰ͷγεςϜίʔϧΛϑοΫͯ͠ݖݶมߋͷॲཧΛແޮԽ͢Δ • Linuxʹ͓͍ͯγεςϜίʔϧΛద੾ʹϑοΫ͢Δʹ͸Χʔωϧʹ௚઀มߋΛ Ճ͑Δඞཁ͕͋Δ •

    Χʔωϧ΍ϥΠϒϥϦΛܧଓతʹมߋ͢Δݱ৔Ͱ͸Մൖੑ͕௿͍ 181 ݪΒͷγεςϜίʔϧΛϑοΫ͢Δख๏ [25] <>ݪେีɼதࢁହҰɼl)VTTBεέʔϥϒϧ͔ͭηΩϡΞͳαʔόΞʔΩςΫνϟ௿ίετͳαʔόϓϩηε ࣮ߦݖݶมߋػߏɼzୈճ৘ใՊֶٕज़ϑΥʔϥϜ '*5 ߨԋ࿦จूɼ3# 
  63. 185.

    • DSOํࣜͷੑೳΛ׆͔͢ΞΫηε੍ޚΞʔΩςΫνϟ • ಈతίϯςϯπ࣮ߦલʹΦʔφมߋͷಛݖͷΈΛ༩੍͑ͨޚ༻εϨουΛ࡞੒ • ΦʔφΛมߋͨ͠εϨου্ͰίϯςϯπΛॲཧ • ίϯςϯπ࣮ߦޙ͸εϨουͷΈΛ࡟আ • ݖݶ෼཭ͷΦʔόʔϔουΛεϨουͷੜ੒ɾഁغϨϕϧʹ௿ݮ

    185 দຊΒͷఏҊ͢ΔεϨου୯ҐͰΞΫηε੍ޚ [26] <>দຊ྄հ Ԭ෦णஉ εϨου୯ҐͰݖݶ෼཭Λߦ͏8FCαʔόͷΞΫηε੍ޚΞʔΩςΫνϟ ిࢠ৘ใ௨৴ֶ ձ࿦จࢽ7PM+# /P QQ 0DU
  64. 187.

    1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS

    TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ  
  65. 188.

    1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF JOEFYQIQ PXOFSVTFS

    TFUVJE TFUHJE ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QBSTF SVO QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞%40 দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ DISPPU&OWJSPONFOU  
  66. 189.

    1BSFOUIUUQEQSPDFTT PXOFSSPPU $IJMEIUUQEQSPDFTT PXOFSBQBDIF UISFBE PXOFSVTFS UISFBE PXOFSBQBDIF TFUVJE TFUHJE

    ʜ VOTFUDBQT DSFBUFUISFBE TFUDBQT EFTUSPZUISFBE QSDUM TFUVJETFUHJEDBQT UISFBE PXOFSVTFS ˞$(* দຊΒͷΞΫηε੍ޚΞʔΩςΫνϟ $(*QSPDFTT PXOFSVTFS QIQDHJJOEFYQIQ PXOFSVTFS $(*QSPDFTT PXOFSVTFS GPSL UFSNJOBUFQSPDFTT FYFDWF  
  67. 197.

    • phpinfo()΁ͷΞΫηεΛstrace͔Βղੳ • CGI ʴ suEXEC: 3377ճ • mod_php +

    mod_process_security: 155ճ • ΦʔόʔϔουʹͳͬͯΔγεςϜίʔϧ • clone() open() close() execve() ͳͲsuEXECؔ࿈ ˞TUSBDFDGQ1*% ˞DBUDHJMPHcHSFQWFQPMM@XBJUcHSFQWGVUFYcQFSMBOF <aEa> QSJOU@JG 197 ࢀߟɿγεςϜίʔϧͷ਺Λൺֱ
  68. 201.

    201 • Time-of-check to time-of-Use Race Condition • ҎԼͷॲཧΛUNIX͸ΞτϛοΫʹͰ͖ͳ͍ •

    ϑΝΠϧ͕ϦϯΫ͔ɺϑΝΠϧ·ͰͷύεʹϦϯΫؚ͕·ΕΔ͔ɺͦͷݕࠪ ޙʹϑΝΠϧΛopen()͢ΔΑ͏ͳॲཧ • Webίϯςϯπ͕ࣗ༝ͳϗεςΟϯάʹ͓͍ͯ͸େ͖ͳ໰୊ͱͳΔ • Ϛϧνϓϩηεͷαʔόιϑτ΢ΣΞͰ͸λΠϛϯάʹΑͬͯ͸ϦϯΫͷνΣο ΫޙʹผϑΝΠϧʹ͢Γସ͑ΒΕΔՄೳੑ༗Γ ϦϯΫݕࠪͷTOCTOU໰୊
  69. 203.

    ϑΝΠϧ͕ϦϯΫ͔ݕࠪ ϑΝΠϧͷύεʹϦϯΫ͕ ؚ·ΕΔ͔ݕࠪ ϑΝΠϧΛPQFO ͯ͠ Ϩεϙϯεੜ੒ॲཧ 8FCαʔόϓϩηεXPSLFS" ϑΝΠϧΛϦϯΫʹ ஔ͖׵͑ ϨʔείϯσΟγϣϯͷ

    Մೳੑ 0, 0, ϦϯΫͷνΣοΫޙʹ ผϗετͷϑΝΠϧ ʹஔ͖׵͑ΒΕͯ೷͖ݟ ͞ΕΔՄೳੑ͋Γ 8FCαʔόϓϩηεXPSLFS#
  70. 204.

    204 • ϗεςΟϯάཁ݅ʹ͓͍ͯ͸ղܾՄೳ • ಉҰॴ༗ऀͷϦϯΫ͸࠷ѱݕ஌Ͱ͖ͳͯ͘΋ྑ͍ • ݕ஌͢΂͖͸ଞϗετɺͭ·Γɺଞͷॴ༗ऀͷϑΝΠϧ΁ͷϦϯΫ͔Ͳ͏͔ • ϑΝΠϧopen()ޙʹfd͔ΒΦʔφνΣοΫ •

    ͦͷԾ૝ϗετͰઃఆ͍ͯ͠ΔΦʔφͱopen()ͨ͠ϑΝΠϧͷॴ༗ݖΛൺֱ mod_fileownercheck [27] [27] Ryosuke Matsumotoɼhttps://github.com/matsumotory/mod_fileownercheck.
  71. 215.

    • Pros • Shebangߦͷهड़΍࣮ߦݖݶͷઃఆΛলུՄೳ • suEXECͱಉ༷ʹCGIϓϩάϥϜΛ֤ϗετͷϢʔβݖݶͰ࣮ߦՄೳ • Cons • suEXECͱಉ༷ʹVirtualHost୯ҐͰuidɺgidͷݸผઃఆ͕ඞཁͰઃఆ਺૿Ճ

    • suEXECͱಉ༷ʹγεςϜྖҬͷ೷͖ݟ͕Մೳ 215 SebastianΒʹΑΔsuPHP [27] <>.4FCBTUJBO TV1)1)PNFQBHF IUUQXXXTVQIQPSH)PNFIUNM
  72. 216.

    • suEXECͱͷซ༻͢Δ͜ͱͰݖݶ෼཭͕Մೳ • Pros • Shebangߦͷهड़΍࣮ߦݖݶͷઃఆΛলུՄೳ • Cons • ࣮ߦՄೳͳྖҬʹϥούʔϓϩάϥϜͷઃஔ͕ඞཁ

    • suEXECͱಉ༷ʹγεςϜྖҬͷ೷͖ݟ͕Մೳ 216 mod_actions [28] <>5IF"QBDIF4PGUXBSF'PVOEBUJPO "QBDIF.PEVMFNPEBDUJPOT IUUQIUUQEBQBDIFPSHEPDT FONPENPEBDUJPOTIUNM
  73. 217.

    • suEXECϓϩάϥϜͷதͰΠϯλϓϦλͱͷඥ෇͚Λߦ͏Α͏ʹ֦ு • Pros • Shebangߦͷهड़΍࣮ߦݖݶͷઃఆΛলུՄೳ • ෳ਺ͷϞδϡʔϧ΍ϥούʔΛඞཁͱ͠ͳ͍ • suEXEC࣮ߦ࣌ʹchroot͔ͯ͠Β࣮ߦ͢ΔͨΊγεςϜྖҬΛӾཡෆՄ

    • Cons: ShebangߦΛඞཁͱ͠ͳ͍ݴޠͷඥ෇͚͕ࣄલʹඞཁ 217 দຊΒʹΑΔsuEXECͷ֦ு [29] <>দຊ྄հɼ઒ݪক࢘ɼদԬً෉ɼlେن໛ڞ༗ܕ8FCόʔνϟϧϗεςΟϯάج൫ͷηΩϡϦςΟͱӡ༻ ٕज़ͷվળɼz৘ॲֶ࿦ɼWPM OP QQr .BSDI
  74. 220.
  75. 229.

    ػೳ֦ு NPE@QFSM NPE@SVCZ NPE@MVB ݴޠ $ 1FSM 3VCZ -VB ΠϯλϓϦλॳظԽ

    ॲཧ ࣄલ ౎౓ ϥΠϒϥϦಡΈࠐΈ ࣄલ ౎౓ ίϯύΠϧ ࣄલ ౎౓ ౎౓ ίʔυͷมߋ ෆՄ Մ Մ άϩʔόϧঢ়ଶ ڞ༗ ڞ༗ ඇڞ༗ 229
  76. 232.

    • ੑೳ͕ཁٻ͞ΕΔՕॴ͸ΠϯλϓϦλڞ༗ • ੑೳ͕ཁٻ͞Εͳ͍Օॴ͸ݸผʹΠϯλϓϦλ֬อ • ϝϞϦ૿ՃͷݪҼͰ͋ΔόΠτίʔυͷΈΛ։์ • ҆શੑͷ໘Ͱάϩʔόϧͷঢ়ଶͷΈΛ։์Մೳ • όΠτίʔυΩϟογϡʹΑΔߴ଎Խ΋Մೳ

    232 দຊΒͷΞʔΩςΫνϟ [32] <>দຊ྄հ Ԭ෦णஉ NPE@NSVCZεΫϦϓτݴޠͰߴ଎͔ͭলϝϞϦʹ֦ுՄೳͳ8FCαʔόͷػೳ֦ுࢧ ԉػߏ ৘ใॲཧֶձ࿦จࢽɼ7PM /P QQ /PW
  77. 234.

    w αʔόϓϩηεىಈ࣌ʹΠϯλϓ ϦλΛ֬อ w ϦΫΤετॲཧ࣌ʹΠϯλϓϦλ Λڞ༗ͯ͠εΫϦϓτΛίϯύΠϧ ͔ͯ͠Β࣮ߦ ߏจ໦ղੳ όΠτίʔυੜ੒ 7.্Ͱ࣮ߦ

    ϦΫΤετຖʹαʔόϓϩηε͕εΫϦϓτΛϑοΫ εΫϦϓτಡΈࠐΈ ΠϯλϓϦλͱ ϥΠϒϥϦΛڞ༗ όΠτίʔυɺάϩʔόϧม਺ɾΫϥεɺྫ֎ϑϥάΛ։์ ഉଞॲཧ ϚϧνεϨου8FC αʔόΞʔΩςΫνϟ ʹରԠ 234
  78. 235.

    ߏจ໦ղੳ όΠτίʔυੜ੒ 7.্Ͱ࣮ߦ ϦΫΤετຖʹαʔόϓϩηε͕εΫϦϓτΛϑοΫ εΫϦϓτಡΈࠐΈ ΠϯλϓϦλͱ ϥΠϒϥϦΛڞ༗ άϩʔόϧม਺ɾΫϥεɺྫ֎ϑϥάΛ։์ όΠτίʔυ ςʔϒϧ

    w όΠτίʔυΩϟογϡʹΑͬͯαʔ όϓϩηεىಈޙʹίʔυมߋ͕ඞ ཁͳ͍৔߹͸ߴ଎Խ w αʔόىಈ࣌ʹίϯύΠϧͯ͠όΠ τίʔυςʔϒϧʹอଘ͓͖ͯ͠ɺ ϦΫΤετ࣌ʹऔಘ࣮ͯ͠ߦ 235
  79. 238.

    mod_mrubyઃఆྫ # Normal hook <Location /mruby-test> mrubyHandlerMiddle /path/to/test.rb </Location> #

    ByteCode Caching at Start up <Location /mruby-test-cache> mrubyHandlerMiddle /path/to/test.rb cache </Location> 238
  80. 239.

    mod_mrubyઃఆྫ # Normal hook <Location /mruby-test> mrubyHandlerMiddle /path/to/test.rb </Location> #

    ByteCode Caching at Start up <Location /mruby-test-cache> mrubyHandlerMiddle /path/to/test.rb cache </Location> 239
  81. 240.

    ngx_mrubyͷΠϯϥΠϯઃఆྫ # Inline code hook location /mruby-hello { mruby_content_handler_code ‘

    r = Nginx::Request.new c = Nginx::Connection.new r.content_type = “text/plain” Nginx.echo “Hello #{c.remote_ip} World” ‘; } 240
  82. 241.

    mod_mrubyͰͷReverse Proxy # mrubyTranslateNameFirst “/path/to/proxy.rb” backends = [ "http://192.168.0.101:8888/", "http://192.168.0.102:8888/",

    "http://192.168.0.103:8888/", ] r = Apache::Request.new backend = backends[rand(backends.length)] r.reverse_proxy backend + r.unparsed_uri 241
  83. 242.

    ngx_mrubyͰͷReverse Proxy # location /proxy { # mruby_set $backend "/path/to/proxy.rb";

    # proxy_pass http://$backend; # } backends = [ "http://192.168.0.101:8888/", "http://192.168.0.102:8888/", "http://192.168.0.103:8888/", ] backends[rand(backends.length)] 242
  84. 243.

    mod_mrubyͷBasicAuth with Redis # <Location /basic/> # AuthType basic #

    AuthName "Message for clients" # AuthBasicProvider mruby # mrubyAuthnCheckPassword /path/to/authn_basic.rb # require valid-user # </Location> anp = Apache::AuthnProvider.new redis = Redis.new "127.0.0.1”, 6379 if redis.get(anp.user) == anp.password Apache.return Apache::AuthnProvider::AUTH_GRANTED else Apache.return Apache::AuthnProvider::AUTH_DENIED end 243
  85. 244.

    ҟͳΔWebαʔόͷ౷Ұత֦ுهड़ "QBDIF "1* 3VCZTDSJQU NPE@NSVCZ 3VCZTDSJQU ɾ ɾ ɾ ɾ

     3VCZTDSJQUO /HJOY "1* OHY@NSVCZ 3VCZTDSJQU "QBDIF $PSF /HJOY $PSF 3VCZ %4- GPS8FC "QBDIF 5SB⒏D 4FSWFS "1* UT@NSVCZ "QBDIF 5SB⒏D 4FSWFS $PSF SFGIUUQTHJUIVCDPNTZVDSFBNUT@NSVCZ 244
  86. 245.

    ౷Ұతهड़ྫ # Output Hello World Server = get_server_calss Server.rputs "Hello

    #{Server.module_name}/ #{Server.module_version} world!" # mod_mruby => "Hello mod_mruby/1.9.3 world!" # ngx_mruby => "Hello ngx_mruby/1.3.2 world!" # ts_mruby => "Hello ts_mruby/0.0.1 world!" 245
  87. 248.

    ؔ࿈ݚڀͱͷੑೳൺֱ ػೳ֦ு NPE@QFSM NPE@SVCZ NPE@MVB NPE@NSVCZ NPE@NSVCZ Ωϟογϡ ݴޠ $

    1FSM 3VCZ -VB NSVCZ NSVCZ ΠϯλϓϦλ ॳظԽॲཧ ࣄલ ౎౓ ࣄલ ࣄલ ϥΠϒϥϦ ಡΈࠐΈ ࣄલ ౎౓ ࣄલ ࣄલ ίϯύΠϧ ࣄલ ౎౓ ౎౓ ౎౓ ࣄલ ίʔυͷมߋ ෆՄ Մ Մ Մ ෆՄ άϩʔόϧঢ়ଶ ڞ༗ ڞ༗ ඇڞ༗ ඇڞ༗ ඇڞ༗ ੑೳ 3FTQPOTFTFD       248
  88. 253.

    • C10k໰୊ͳͲ͔Βಉ࣌઀ଓ਺Λେ෯ʹվળ͍ͨ͠ • CPUͷίΞΛे෼ʹ࢖͍੾Γ͍ͨɾ઀ଓ਺Λϓϩηε਺ʹґଘͤ͞ͳ͍ • ϓϩηεͷI/OΛϊϯϒϩοΫɾඇಉظʹॲཧ͢Δ͜ͱͰղܾ • File I/O, Network

    I/O, sleep… • ࣮૷ྫͱͯ͠͸epoll()ͰfdͷεςʔλεΛ؂ࢹͯ͠ΠϕϯτΛൃՐ • I/OͷଟॏԽͱ΋ݴ͏͕͜ͷ࢓૊ΈΛΠϕϯτϧʔϓͱ࣮ͯ͠૷ 253 ϛυϧ΢ΣΞͷϊϯϒϩοΩϯάI/O
  89. 255.

    255 mruby͕֤ϦΫΤετΛϒϩοΫ͢Δྫ SFRVFTUQSPDFTTJOH NSVCZ NSVCZ SFRVFTUQSPDFTTJOH SFRVFTUQSPDFTTJOH NSVCZ DSFBUFSFTQPOTF DSFBUFSFTQPOTF

    DSFBUFSFTQPOTF TFOESFTQPOTF OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT SFDWSFRVFTU BUUIFTBNFUJNF
  90. 256.

    256 mruby͕֤ϦΫΤετΛϒϩοΫ͢Δྫ SFRVFTU NSVCZ NSVCZ SFTQPOTF SFRVFTU SFRVFTU SFTQPOTF SFTQPOTF

    NSVCZ TFOESFTQPOTF SFDWSFRVFTU BUUIFTBNFUJNF Other responses are delayed in proportion to the time of processing of mruby blocking OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT
  91. 258.

    258 mruby͕֤ϦΫΤετΛϊϯϒϩοΩϯάʹॲཧ͢Δ SFRVFTU SFTQPOTF SFRVFTU SFRVFTU SFTQPOTF SFTQPOTF TFOESFTQPOTF SFDWSFRVFTU

    BUUIFTBNFUJNF CMPDLJOH PQFSBJUPO NSVCZ CMPDLJOH PQFSBJUPO NSVCZ NSVCZ CMPDLJOH PQFSBJUPO OPOCMPDLJOHNJEEMFXBSFMJLFOHJOYJOTJOHMFQSPDFTT
  92. 261.

    3VCZ4DSJQUʢ3VCZXPSMEʣ 1SPD 'JCFSSFTVNF mruby૊ΈࠐΈͷϛυϧ΢ΣΞͷϊϯϒϩοΩϯά 261 NJEEMFXBSF $XPSME NSC@TUBUF 'JCFS 3VCZCZUFDPEFJODMVEFE

    CMPDLJOHNFUIPE DGVODPGCMPDLJOHNFUIPE SVOCMPDLJOHPQFSBUJPOXJUIOPOCMPDLJOHNPEF TFUDBMMCBDLDGVODUPFWFOUMPPQPGNJEEMFXBSF DGVODPGNJEEMFXBSFPOFWFOUMPPQ QSPDFTTPUIFSSFRVFTUPOFWFOUMPPQ DBMMCBDLDGVOD SVOSFTVNFCZSVOOJOHQSPDPCKFDUGSPN$ DGVODPGNJEEMFXBSFXJUINSC@TUBUF SVOQSPDPCKFDUGSPN$      $VSSFOUNSVCZOPOCMPDLJOHNPEFM 3FRVFTU 'JCFSZJFME 
  93. 270.

    ϒϩοΩϯάͱϊϯϒϩοΩϯάϞʔυͷੑೳධՁ 270 ϕϯνϚʔΫ ΫϥΠΞϯτ ϓϩΩγαʔό "1*αʔό ϨεϙϯελΠϜΛ ৭ʑมԽͤ͞Δ NSVCZΛհͯ͠"1*αʔό ͔ΒҰ෦৘ใΛऔಘͦ͠ΕΛ

    ݩʹϨεϙϯεΛฦ͢ ಉ࣌઀ଓ਺ΛมԽͤ͞ͳ͕Β ϕϯνϚʔΫΛ͔͚Δ 1.apiଆͷϨεϙϯελΠϜΛ1msec͔Β50msec·ͰมԽͤ͞ͳ͕Βɺಉ࣌઀ଓ਺100Ͱϕϯ νϚʔΫΛ͔͚ͯRequest/secΛܭଌ͢Δ 2.apiଆͷϨεϙϯελΠϜΛ10msecʹݻఆ͠ɺಉ࣌઀ଓ਺Λ1͔Β100ʹมԽͤͯ͞ Request/secΛܭଌ͢Δ
  94. 282.

    • ݸਓ޲͚ͷ௿Ձ֨ϗεςΟϯάͰ࠾༻͞ΕΔ͜ͱͷଟ͍ํࣜ [36] • ୯ҰͷWebαʔόʹߴूੵ(਺ສυϝΠϯ)ʹϗετΛऩ༰ • Ծ૝ϗετํࣜʹΑΓେྔͷϗετΛಉҰϓϩηεͰॲཧ • ϦόʔεϓϩΩγͷ৔߹͸ߋʹߴूੵ(਺ेɺ਺ඦສυϝΠϯ) •

    ߴूੵϚϧνςφϯτํࣜͷHTTPSରԠ΋ٸ຿ 282 ߴूੵϚϧνςφϯτํࣜͷWebαʔό <>দຊ྄հ തֶ࢜Ґ࿦จ8FCαʔόͷߴूੵϚϧνςφϯτΞʔΩςΫνϟʹؔ͢Δݚڀ  IUUQTSFQPTJUPSZLVMJCLZPUPVBDKQETQBDFIBOEMF ژ౎େֶ ೥݄
  95. 291.

    • αʔόϓϩηεىಈ࣌ʹূ໌ॻ͸Ұ੾ಡΈࠐ·ͳ͍ • αʔόϓϩηεͷ࠶ىಈ/࠶ಡΈࠐΈ࣌ؒͷ௿଎ԽΛճආ • TLSϋϯυγΣΠΫ࣌ʹඞཁͳূ໌ॻͱઃఆΛಈతʹಡΈࠐΈ • ߴ଎ͳϓϩηε࠶ಡΈࠐΈʹΑΔϝϞϦղ์΋Մೳ • ূ໌ॻ΍ϗετͷ৽ن௥Ճઃఆʹϓϩηε࠶ىಈ͕ෆཁ

    291 দຊΒͷূ໌ॻͷಈతಡΈࠐΈख๏ [37] <>3ZPTVLF.BUTVNPUP ,FOKJ3JLJUBLF ,FOUBSP,VSJCBZBTIJ -BSHFTDBMF$FSUJpDBUF.BOBHFNFOUPO .VMUJUFOBOU8FC4FSWFST 5IFUI*&&&*OUFSOBUJPOBM$0.14"$8PSLTIPQPO"SDIJUFDUVSF %FTJHO  %FQMPZNFOUBOE.BOBHFNFOUPG/FUXPSLTBOE"QQMJDBUJPOT "%./&5 +VM
  96. 296.

    • ngx_mruby[38]ʹTLSϋϯυγΣΠΫͷRubyϑοΫઃఆΛ࣮૷ • TLSϋϯυγΣΠΫ࣌ʹϑοΫ͞ΕͨRubyͷίʔυΛ࣮ߦ • RubyϝιουͰOpenSSLͱσʔλͷड͚౉͠Λ࣮ߦ • KVS/File͔Βূ໌ॻ΍ൿີ伴ΛRubyܦ༝ͰಡΈࠐΈՄ 296 ngx_mruby

    v1.16.0ʢ2016೥2݄ʣͰ௥Ճ࣮૷ <>দຊ྄հ Ԭ෦णஉ NPE@NSVCZεΫϦϓτݴޠͰߴ଎͔ͭলϝϞϦʹ֦ுՄೳͳ8FCαʔόͷػ ೳ֦ுࢧԉػߏ ৘ใॲཧֶձ࿦จࢽɼ7PM /P QQ /PW
  97. 297.

    ngx_mrubyͷূ໌ॻಈతಡΈࠐΈ࣮૷ϑϩʔ 297 44-@$59@TFU@DFSU@DC ʹ3VCZͷόΠ τίʔυΛ࣮ߦ͢ΔIBOEMFSͷؔ਺ϙΠϯ λͱίϯςΩετߏ଄ମϙΠϯλΛηοτ OHJOYDPOGͷઃఆ͔ΒಡΈࠐΜͩ3VCZε ΫϦϓτΛόΠτίʔυԽͯ͠ ίϯςΩετߏ଄ମʹอଘ 5-4ϋϯυγΣΠΫ࣌ʹIBOEMFS͕ίʔϧ

    όοΫ͞ΕόΠτίʔυΛ࣮ߦ όΠτίʔυͰ࣮ߦ͞ΕΔ3VCZͷϝιο υܦ༝Ͱূ໌ॻ΍ൿີ伴σʔλ͕ ίϯςΩετߏ଄ମʹηοτ͢Δ ূ໌ॻͱൿີ伴σʔλʹج͍ͯ#*0ܦ༝Ͱ σʔλΛಡΈࠐΜͰϋϯυγΣΠΫΛଓߦ OHJOYىಈ࣌ͷॲཧ OHJOY͕ϦΫΤετड৴ͨ࣌͠ͷॲཧ NSVCZͷ5-4ϋϯυγΣΠΫϑοΫσΟ ϨΫςΟϒ͕ଘࡏͨ͠Β 44-@$59@TFU@DFSU@DC Λݺͼग़͢
  98. 310.

    ੩తಡΈࠐΈͱಈతಡΈࠐΈͷੑೳൺֱ 310 ಉ࣌઀ଓ਺ ੩తಡΈࠐΈख๏ SFRTFD ಈతಡΈࠐΈख๏ SFRTFD   

             $(*ͷΑ͏ͳϓϩηεෳ੡͕ੜ͡ͳ͍ܰྔͳ੩తϑΝΠϧ΁ͷϦΫΤετͰ΋ɺ ূ໌ॻͷಈతಡΈࠐΈ͸ैདྷख๏ͷ੩తಡΈࠐΈͱൺֱͯ͠΋΄΅͕ࠩͳ͍
  99. 316.

    0 5000 10000 15000 20000 25000 1 6 11 16

    21 26 31 The number of cer-ficates day The number of cer-ficate in a month dynamic load preload 1ϲ݄ؒͷূ໌ॻ਺ͷભҠ 316 Θ͔Γʹ͍͕͘Ұϲ݄Ͱ͔Β΁ͱ ূ໌ॻఔ౓૿͍͑ͯΔ ূ໌ॻ਺͸ϦϓϨʔεલͷഒ͔Βഒ
  100. 323.

    323 0 5000 10000 15000 20000 25000 30000 2017/07/02-09:00 2017/07/04-09:00

    2017/07/06-09:00 2017/07/08-09:00 2017/07/10-09:00 2017/07/12-09:00 2017/07/14-09:00 2017/07/16-09:00 2017/07/18-09:00 2017/07/20-09:00 2017/07/22-09:00 2017/07/24-09:00 2017/07/26-09:00 2017/07/28-09:00 2017/07/30-09:00 2017/08/01-09:00 2017/08/03-09:00 2017/08/05-09:00 2017/08/07-09:00 2017/08/09-09:00 2017/08/11-09:00 2017/08/13-09:00 2017/08/15-09:00 2017/08/17-09:00 2017/08/19-09:00 2017/08/21-09:00 2017/08/23-09:00 2017/08/25-09:00 2017/08/27-09:00 2017/08/29-09:00 2017/08/31-09:00 2017/09/02-09:00 2017/09/04-09:00 2017/09/06-09:00 2017/09/08-09:00 2017/09/10-09:00 2017/09/12-09:00 2017/09/14-09:00 2017/09/16-09:00 2017/09/18-09:00 2017/09/20-09:00 2017/09/22-09:00 2017/09/24-09:00 2017/09/26-09:00 2017/09/28-09:00 2017/09/30-09:00 2017/10/02-09:00 2017/10/04-09:00 2017/10/06-09:00 2017/10/08-09:00 2017/10/10-09:00 2017/10/12-09:00 2017/10/14-09:00 2017/10/16-09:00 2017/10/18-09:00 2017/10/20-09:00 2017/10/22-09:00 2017/10/24-09:00 2017/10/26-09:00 2017/10/28-09:00 2017/10/30-09:00 2017/11/01-09:00 Memory Usage [MBytes] Day Memory Usage for Four Months Memory Usage ಈతॲཧ ຖ೔SFMPBE SFMPBEఀࢭத SFMPBEఀࢭத ϦϑΝΫλϦϯά ສυϝΠϯ)5514Խ ສυϝΠϯ)5514Խ SFMPBEఀࢭ
  101. 325.

    325 0 5000 10000 15000 20000 25000 30000 2017/07/02-09:00 2017/07/04-09:00

    2017/07/06-09:00 2017/07/08-09:00 2017/07/10-09:00 2017/07/12-09:00 2017/07/14-09:00 2017/07/16-09:00 2017/07/18-09:00 2017/07/20-09:00 2017/07/22-09:00 2017/07/24-09:00 2017/07/26-09:00 2017/07/28-09:00 2017/07/30-09:00 2017/08/01-09:00 2017/08/03-09:00 2017/08/05-09:00 2017/08/07-09:00 2017/08/09-09:00 2017/08/11-09:00 2017/08/13-09:00 2017/08/15-09:00 2017/08/17-09:00 2017/08/19-09:00 2017/08/21-09:00 2017/08/23-09:00 2017/08/25-09:00 2017/08/27-09:00 2017/08/29-09:00 2017/08/31-09:00 2017/09/02-09:00 2017/09/04-09:00 2017/09/06-09:00 2017/09/08-09:00 2017/09/10-09:00 2017/09/12-09:00 2017/09/14-09:00 2017/09/16-09:00 2017/09/18-09:00 2017/09/20-09:00 2017/09/22-09:00 2017/09/24-09:00 2017/09/26-09:00 2017/09/28-09:00 2017/09/30-09:00 2017/10/02-09:00 2017/10/04-09:00 2017/10/06-09:00 2017/10/08-09:00 2017/10/10-09:00 2017/10/12-09:00 2017/10/14-09:00 2017/10/16-09:00 2017/10/18-09:00 2017/10/20-09:00 2017/10/22-09:00 2017/10/24-09:00 2017/10/26-09:00 2017/10/28-09:00 2017/10/30-09:00 2017/11/01-09:00 Memory Usage [MBytes] Day Memory Usage for Four Months Memory Usage ಈతॲཧ ຖ೔SFMPBE SFMPBEఀࢭத SFMPBEఀࢭத ϦϑΝΫλϦϯά ສυϝΠϯ)5514Խ ສυϝΠϯ)5514Խ SFMPBEఀࢭ
  102. 357.

    มԽ͠ଓ͚Δ͜ͱ͔ΒಘΒΕΔ҆ఆੑ 357 ϗετ" ϗετ" ϗετ" ϗετ" ϗετ" Πϯλʔωοτ ϗετ" ϗετ"

    ϗετ" ΍͕ͯఀࢭ ൓Ԡతʹىಈ ൓Ԡతʹ εέʔϧΞοϓ ऩ༰αʔόA ऩ༰αʔόB HTTPϦΫΤετ ൓Ԡతʹ εέʔϧΞ΢τ • ϗετͷىಈͱఀࢭΛ॥؀ • ৗʹ॥؀͠ଓ͚ΔΞʔΩςΫνϟ • มԽ͠ଓ͚Δ͜ͱʹΑΔ҆ఆੑ • ॥؀ͷ଎౓վળΛ௥ٻ ৗʹมԽՄೳͰ͋ΔͨΊಥൃతͳΞ ΫηεूதͷΑ͏ͳมԽʹ΋଱ੑͷ ͋ΔΞʔΩςΫνϟΛ࣮ݱՄೳ
  103. 359.

    ίϯςφ࣌୅ͷWebαʔϏεج൫Ϟσϧ 359 ຊΞʔΩςΫνϟͷείʔϓ FastContainer͸ཧ૝తʹ͸ ΦʔέετϨʔγϣϯ૚ҎԼͷ πʔϧ܈Ͱ࣮૷ՄೳͰ͋Δ 0SDIFTUSBUJPO-BZFS (,& &$4 .BSBUIPO

    ,VCFSOFUFT %PDLFS4XBSN 4USBUFHZ-BZFS 3BODIFS 'BTU$POUBJOFS 4FSWJDF-BZFS 8FC"QQMJDBUJPOPS4FSWJDFPO$POUBJOFST *OGSBTUSVDUVSF-BZFS ($1 "[VSF "84 0QFO4UBDL .FTPT #BSF.FUBM -JOVY,JU $POUBJOFS3VOUJNF-BZFS %PDLFS .PCZ DPOUBJOFSE -9$ SLU )BDPOJXB ,BUB$POUBJOFST $POUBJOFS3VOUJNF*OUFSGBDF $3*
  104. 360.

    HTTP FastContainerͷϑϩʔ 360 8FC1SPYZ ʢOHY@NSVCZ $.%# ʴ "1* -PDBM8FC1SPYZ OHY@NSVCZ

    $MJFOU ίϯςφ ίϯςφ ίϯςφ w )551ϦΫΤετͷ)PTUOBNF ΛΩʔʹɺ$.%# ߏ੒؅ཧ%# ͔Βίϯςφͷ৘ใΛऔಘ )551 4  ϦΫΤετ w ίϯςφͷ*1ͱϙʔτʹج͍ ͯίϯςφʹϓϩΩγ w ίϯςφ͕-JTUFO͍ͯ͠ͳ͍ ৔߹͸$.%#͔Βίϯςφ ৘ใΛಘͯىಈ $POUBJOFS&OHJOF IBDPOJXB
  105. 366.

    ࣮ݧ؀ڥ ߲໨ ࢓༷ $PNQVUF $16 .FNPSZ /*$ 04 *OUFM9FPO&()[DPSF (CZUF

    (CQT 6CVOUV,FSOFM 6TFS1SPYZ $16 .FNPSZ /*$ 04 *OUFM9FPO&()[DPSF (CZUF (CQT 6CVOUV,FSOFM $PSF"1* $16 .FNPSZ /*$ 04 *OUFM9FPO&()[DPSF (CZUF (CQT 6CVOUV,FSOFM $.%# $16 .FNPSZ /*$ 04 *OUFM9FPO&()[DPSF (CZUF (CQT 6CVOUV,FSOFM %BUB1PPM $16 .FNPSZ /*$ 04 *OUFM9FPO&()[DPSF (CZUF (CQT 6CVOUV,FSOFM OpenStackͰߏங͞ΕͨԾ૝ج൫্ Ͱ֤ίϯϙʔωϯτΛVM্Ͱ࣮૷ ͠ɺ࣮ݧΛ࣮ࢪɻ ίϯςφ͸phpinfo()͕ಈ࡞͢Δ mod_phpΛ૊ΈࠐΜͩApache࣮ߦ ؀ڥɻઃఆ͸σϑΥϧτɻCPU1ίΞ ͷ30%ɺϝϞϦ512MBΛׂΓ౰ͯɻ εέʔϧΞ΢τͱεέʔϧΞοϓͷਝ ଎ੑΛධՁ͢ΔͨΊʹɺ10ສϦΫΤ ετͷ5ສϦΫΤετ͔Βεέʔϧॲ ཧΛߦ͍ɺॲཧ͕٧·Δ͜ͱͳ͘ෛՙ ෼ࢄग़དྷ͍ͯΔ͔Λ֬ೝɻ
  106. 370.
  107. 379.

    1. Πϯελϯε௥Ճॲཧ͕௿଎Ͱ͋Δ͜ͱΛղܾ • Πϯελϯε(ίϯςφ)ͷঢ়ଶͷఀࢭɾىಈɾεέʔϦϯάΛߴ଎ʹ॥؀ • ϦΫΤετ୯ҐͰঢ়ଶΛܾఆ → มԽʹڧ͍ج൫΁ 2. ϋʔυ΢ΣΞϦιʔεͷར༻ޮ཰ͷ௿͞Λղܾ

    • ϦΫΤετ͕ແ͍Πϯελϯε͸Ұఆظؒىಈޙʹఀࢭ • CPU48ίΞ256GBϝϞϦఔ౓ͷαʔόʹ਺ສ͔Βे਺ສϗετΛ૝ఆ ΠϯελϯεΛߴूੵʹऩ༰ՄೳͰมԽʹڧ͍Ծ૝Խج൫FastContainer 379 Πϯελϯε͕॥؀͢ΔมԽʹڧ͍ج൫ͷఏҊ※1 ˞দຊ྄հ ۙ౻Ӊஐ࿕ ࡾ୐༔հ ྗ෢݈࣍ ܀ྛ݈ଠ࿠ 'BTU$POUBJOFS࣮ߦ؀ڥͷมԽʹૉૣ͘దԠͰ͖Δ߃ৗੑΛ࣋ͭγεςϜΞʔΩςΫνϟ  Πϯλʔωοτͱӡ༻ٕज़γϯϙδ΢Ϝ࿦จूɼɼʢʣ /PW
  108. 383.

    • FastContainer ※1͸HTTPϦΫΤετʹԠͯ͡൓Ԡత͔ͭߴ଎ʹΠϯελϯε ͷঢ়ଶʢىಈɺఀࢭɺҠಈɺෳ੡ɺϦιʔε૿ݮ౳ʣΛܾఆ • ΞΫηε਺ʹԠͨ͡ϦΞΫςΟϒͳεέʔϦϯάॲཧ͕Մೳ • Ϋϥ΢υαʔϏεج൫͸༧ΊΠϯελϯεΛىಈͤͯ͞ϦΫΤετΛॲཧ • ΞΫηεूத࣌͸༧ଌత͔ͭϓϩΞΫςΟϒͳεέʔϦϯάॲཧ͕ඞཁ

    383 FastContainerͱΫϥ΢υαʔϏεج൫ͷಛ௃ ˞দຊ྄հ ۙ౻Ӊஐ࿕ ࡾ୐༔հ ྗ෢݈࣍ ܀ྛ݈ଠ࿠ 'BTU$POUBJOFS࣮ߦ؀ڥͷมԽʹૉૣ͘దԠͰ͖ Δ߃ৗੑΛ࣋ͭγεςϜΞʔΩςΫνϟ Πϯλʔωοτͱӡ༻ٕज़γϯϙδ΢Ϝ࿦จूɼɼ ʢʣ ೥݄
  109. 387.

    387 $MJFOU 4FSWFS "QBDIF ʢWIPTU܈ʣ 4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF#

    JOTUBODF$ 4FSWFS JOTUBODF" 4UPSBHF 4FSWFS "QBDIF ʢWIPTU܈ʣ ௿Ձ֨8FCϗεςΟϯάج൫ͷՄ༻ੑ 'BTU$POUBJOFS΍Ϋϥ΢υج൫ͷՄ༻ੑ )551ϦΫΤετ )551ϦΫΤετ
  110. 388.

    388 $MJFOU 4FSWFS "QBDIF ʢWIPTU܈ʣ 4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF#

    JOTUBODF$ 4FSWFS JOTUBODF" 4UPSBHF 4FSWFS "QBDIF ʢWIPTU܈ʣ ௿Ձ֨8FCϗεςΟϯάج൫ͷՄ༻ੑ 'BTU$POUBJOFS΍Ϋϥ΢υج൫ͷՄ༻ੑ )551ϦΫΤετ )551ϦΫΤετ ✗ ✗
  111. 391.

    391 4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS JOTUBODF" 'BTU$POUBJOFS΍Ϋϥ΢υج൫ͷՄ༻ੑ

    4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS ఏҊख๏ʴ'BTU$POUBJOFSͷՄ༻ੑ ఏҊख๏ )551ϦΫΤετ )551ϦΫΤετ
  112. 392.

    392 4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS JOTUBODF" 'BTU$POUBJOFS΍Ϋϥ΢υج൫ͷՄ༻ੑ

    4UPSBHF $MJFOU 4FSWFS JOTUBODF" JOTUBODF# JOTUBODF$ 4FSWFS ఏҊख๏ʴ'BTU$POUBJOFSͷՄ༻ੑ ఏҊख๏ )551ϦΫΤετ )551ϦΫΤετ JOTUBODF" ✗൓Ԡతʹ ࠶഑ஔ ✗
  113. 393.

    HTTP FastContainerͷجຊϑϩʔ 393 8FC1SPYZ ʢOHY@NSVCZ $.%# ʴ "1* 8FC%JTQBUDIFS OHY@NSVCZ

    $MJFOU ίϯςφ ίϯςφ ίϯςφ w )551ϦΫΤετͷ)PTUOBNF ΛΩʔʹɺ$.%# ߏ੒؅ཧ%# ͔Βίϯςφͷ৘ใΛऔಘ )551 4  ϦΫΤετ w ίϯςφͷ*1ͱϙʔτʹج͍ ͯίϯςφʹϓϩΩγ w ίϯςφ͕-JTUFO͍ͯ͠ͳ͍ ৔߹͸$.%#͔Βίϯςφ ৘ใΛಘͯىಈ $POUBJOFS&OHJOF IBDPOJXB ऩ༰ϗετ"
  114. 395.
  115. 396.

    )PTU04 8FC1SPYZ $.%#"1* $POUBJOFS %JTQBUDIFS $POUBJOFS )PTU04 $POUBJOFS %JTQBUDIFS $POUBJOFS

    $MJFOU )551 *$.1PS5$1 *$.1PS5$1 )551 )551 )551 ✗ ࠷ॳͷ࠶഑ஔ࣌͸ίϯςφͷىಈ͕ඞཁͰ͋Δ͕ɺ ىಈޙ͸Ұఆظؒىಈ͠ଓ͚Δɻ
  116. 403.

    403

  117. 404.

    • ༧උ࣮ݧ: CRIUͱCheckpoint/Restore͢ΔϓϩηεͷϝϞϦαΠζͱͷؔ܎ • ༧උ࣮ݧ: CRIUͱCheckpoint/Restore͢Δϓϩηε਺ͱͷؔ܎ • ୅දతͳΞϓϦέʔγϣϯΛ࢖ͬͨίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ • Apache

    2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3ʢσϑΥϧτϖʔδʣ • Python 3.7.1ɼDjango 2.1.4ɼgunicorn 19.9.0※1 • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0※2 404 ࣮ݧ಺༰ ˞IUUQTNDMPMJQPQ[FOEFTLDPNIDKBBSUJDMFT ˞IUUQTHJUIVCDPNFWFSZMFBGFMUSBJOJO ݱ࣮తͳن໛ʢݸਓάϧʔϓ಺Ͱͷར༻ͷΞϓϦέʔγϣϯఔ౓ʣͰ%#Λར༻ͨ͠΋ͷΛ࠾
  118. 406.
  119. 409.

    • Apache 2.4.18ɼPHP 7.3.0ɼWordpress 5.0.3 • ϓϩηε਺͸3ɼ୯ҰͷϓϩηεͷϝϞϦαΠζ(RSS)͸35MBytes • Python 3.7.1ɼDjango

    2.1.4ɼgunicorn 19.9.0 ※1 • ϓϩηε਺2ɼεϨου਺2ɼ୯ҰͷϓϩηεͷRSS͸33MBytes • Ruby 2.5.1ɼRails 5.2.1ɼPuma 3.12.0 ※2 • ϓϩηε਺2ɼεϨου਺14ɼ୯ҰͷϓϩηεͷRSS͸89MBytes • gemΛࣄલίϯύΠϧ͓ͯ͘͠bootsnapͱ΋ൺֱ 409 ίϯςφ࠶഑ஔ࣌ͷϨεϙϯελΠϜ
  120. 413.
  121. 414.

    • ୯ҰΠϯελϯεͰՄ༻ੑΛ୲อ͢Δߴ଎ͳεέδϡʔϦϯάख๏ΛఏҊ • ෳ਺ΠϯελϯεΛඞཁͱ͠ͳ͍ͨΊϦιʔείετ͕௿͍ • ࣮ݧ͔Βݱ࣌఺Ͱ΋࣮༻ՄೳͳϨϕϧͷ࠶഑ஔͷੑೳ͕ಘΒΕͨ • ϓϩμΫγϣϯ؀ڥͰԠ༻ • ϗετো֐࣌Ͱ͋ͬͯ΋Ϣʔβ͕ؾ͔ͮͳ͍ϨϕϧͰͷՄ༻ੑ

    • ΦʔτεέʔϦϯά࣌ʹ΋γʔϜϨεʹίϯςφΛ૿΍ͯ͠ෛՙରࡦՄೳʹ • ΞΫηε܏޲ͱϦιʔεׂΓ౰͕ͯਖ਼֬ʹ௥ਵՄೳʹ • εέʔϦϯά΍ϋʔυ΢ΣΞϓʔϧͷϦιʔεׂΓ౰ͯ΋࠷దԽ 414 ·ͱΊ