質問編集履歴

4

メンテナンス画面を解除

2017/06/07 00:16

投稿

madone99
madone99

スコア1855

test CHANGED
File without changes
test CHANGED
@@ -124,23 +124,23 @@
124
124
 
125
125
 
126
126
 
127
- if ($maintenance = true) {
127
+ #if ($maintenance = true) {
128
-
128
+
129
- return 503;
129
+ # return 503;
130
-
130
+
131
- }
131
+ #}
132
-
133
-
134
-
132
+
133
+
134
+
135
- error_page 503 @maintenance;
135
+ #error_page 503 @maintenance;
136
-
137
-
138
-
136
+
137
+
138
+
139
- location @maintenance {
139
+ #location @maintenance {
140
-
140
+
141
- rewrite ^(.*)$ https://xxx.cloudfront.net break;
141
+ # rewrite ^(.*)$ https://xxx.cloudfront.net break;
142
-
142
+
143
- }
143
+ #}
144
144
 
145
145
 
146
146
 
@@ -402,23 +402,23 @@
402
402
 
403
403
 
404
404
 
405
- if ($maintenance = true) {
405
+ #if ($maintenance = true) {
406
-
406
+
407
- return 503;
407
+ # return 503;
408
-
408
+
409
- }
409
+ #}
410
-
411
-
412
-
410
+
411
+
412
+
413
- error_page 503 @maintenance;
413
+ #error_page 503 @maintenance;
414
-
415
-
416
-
414
+
415
+
416
+
417
- location @maintenance {
417
+ #location @maintenance {
418
-
418
+
419
- rewrite ^(.*)$ https://xxx.cloudfront.net break;
419
+ # rewrite ^(.*)$ https://xxx.cloudfront.net break;
420
-
420
+
421
- }
421
+ #}
422
422
 
423
423
 
424
424
 

3

confファイル修正

2017/06/07 00:16

投稿

madone99
madone99

スコア1855

test CHANGED
File without changes
test CHANGED
@@ -40,7 +40,7 @@
40
40
 
41
41
 
42
42
 
43
- nginx default.conf
43
+ default.conf
44
44
 
45
45
  ---
46
46
 
@@ -50,6 +50,8 @@
50
50
 
51
51
  listen 81;
52
52
 
53
+ server_name example.com;
54
+
53
55
  rewrite ^ https://$host$request_uri permanent;
54
56
 
55
57
  }
@@ -58,15 +60,29 @@
58
60
 
59
61
  server {
60
62
 
63
+ listen 80 http2;
64
+
65
+ listen [::]:80 http2;
66
+
67
+ server_name www.example.com;
68
+
69
+ return 301 http://example.com$request_uri;
70
+
71
+ }
72
+
73
+
74
+
75
+ server {
76
+
61
77
  client_max_body_size 96M;
62
78
 
63
79
  listen 80 http2;
64
80
 
65
- #listen 443 ssl http2;
81
+ listen [::]:80 http2;
66
82
 
67
83
  root /var/www/html/wordpress;
68
84
 
69
- server_name example.com www.example.com;
85
+ server_name example.com;
70
86
 
71
87
  charset utf-8;
72
88
 
@@ -80,9 +96,217 @@
80
96
 
81
97
  resolver_timeout 10s;
82
98
 
83
-
84
-
99
+
100
+
85
- return 301 https://$host$request_uri;
101
+ #return 301 https://$host$request_uri;
102
+
103
+
104
+
105
+ # maintenance setting
106
+
107
+ set $maintenance false;
108
+
109
+
110
+
111
+ if (-e /var/tmp/maintenance.mode) {
112
+
113
+ set $maintenance true;
114
+
115
+ }
116
+
117
+
118
+
119
+ if ($http_x_forwarded_for ~ ^(xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
120
+
121
+ set $maintenance false;
122
+
123
+ }
124
+
125
+
126
+
127
+ if ($maintenance = true) {
128
+
129
+ return 503;
130
+
131
+ }
132
+
133
+
134
+
135
+ error_page 503 @maintenance;
136
+
137
+
138
+
139
+ location @maintenance {
140
+
141
+ rewrite ^(.*)$ https://xxx.cloudfront.net break;
142
+
143
+ }
144
+
145
+
146
+
147
+ location / {
148
+
149
+ root /var/www/html/wordpress;
150
+
151
+ index index.html index.htm index.php;
152
+
153
+
154
+
155
+ try_files $uri $uri/ /index.php?q=$uri&$args @wp;
156
+
157
+
158
+
159
+ if (!-e $request_filename) {
160
+
161
+ rewrite ^.+?(/wp-.*) $1 last;
162
+
163
+ rewrite ^.+?(/.*\.php)$ $1 last;
164
+
165
+ rewrite ^ /index.php last;
166
+
167
+
168
+
169
+ }
170
+
171
+
172
+
173
+ }
174
+
175
+
176
+
177
+ location ~* \.php$ {
178
+
179
+ root /var/www/html/wordpress;
180
+
181
+ try_files $uri @wp;
182
+
183
+ fastcgi_pass unix:/var/run/php-fpm.sock;
184
+
185
+ # fastcgi_pass 127.0.0.1:9000;
186
+
187
+ fastcgi_index index.php;
188
+
189
+ fastcgi_split_path_info ^(.+\.php)(.*);
190
+
191
+ fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/$fastcgi_script_name;
192
+
193
+ fastcgi_param PATH_INFO $fastcgi_path_info;
194
+
195
+ fastcgi_pass_header "X-Accel-Redirect";
196
+
197
+ fastcgi_pass_header "X-Accel-Expires";
198
+
199
+ fastcgi_read_timeout 180;
200
+
201
+ include fastcgi_params;
202
+
203
+
204
+
205
+ }
206
+
207
+
208
+
209
+ location @wp {
210
+
211
+ root /var/www/html/wordpress;
212
+
213
+ fastcgi_index index.php;
214
+
215
+ fastcgi_split_path_info ^(.+\.php)(.*)$;
216
+
217
+ fastcgi_pass unix:/var/run/php-fpm.sock;
218
+
219
+ #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
220
+
221
+ fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/index.php;
222
+
223
+ include fastcgi_params;
224
+
225
+ }
226
+
227
+
228
+
229
+ # wp-config.phpへのアクセスを全て拒否
230
+
231
+ location ~* /wp-config.php {
232
+
233
+ deny all;
234
+
235
+ }
236
+
237
+
238
+
239
+ location ~* /(phpmyadmin|myadmin|pma) {
240
+
241
+ access_log off;
242
+
243
+ log_not_found off;
244
+
245
+ return 404;
246
+
247
+ }
248
+
249
+
250
+
251
+ location = /healthcheck.txt {
252
+
253
+ #access_log off;
254
+
255
+ return 204;
256
+
257
+ break;
258
+
259
+ }
260
+
261
+
262
+
263
+ # error_page 404 /index.php?error=404;
264
+
265
+
266
+
267
+ error_page 500 502 503 504 /50x.html;
268
+
269
+
270
+
271
+ location /favicon {
272
+
273
+ empty_gif;
274
+
275
+ access_log off;
276
+
277
+ log_not_found off;
278
+
279
+
280
+
281
+ }
282
+
283
+
284
+
285
+ location = /robots.txt {
286
+
287
+ log_not_found off;
288
+
289
+ access_log off;
290
+
291
+ }
292
+
293
+
294
+
295
+ location ~ /\. {
296
+
297
+ deny all;
298
+
299
+ log_not_found off;
300
+
301
+ access_log off;
302
+
303
+ }
304
+
305
+ location ~* \.(pdf)$ {
306
+
307
+ add_header X-Robots-Tag noindex;
308
+
309
+ }
86
310
 
87
311
  }
88
312
 
@@ -90,10 +314,26 @@
90
314
 
91
315
  server {
92
316
 
317
+ listen 443 ssl http2;
318
+
319
+ listen [::]:443 ssl http2;
320
+
321
+ server_name www.example.com;
322
+
323
+ return 301 https://example.com$request_uri;
324
+
325
+ }
326
+
327
+
328
+
329
+ server {
330
+
93
331
  client_max_body_size 96M;
94
332
 
95
333
  listen 443 ssl default_server http2;
96
334
 
335
+ listen [::]:443 ssl http2;
336
+
97
337
  server_name example.com;
98
338
 
99
339
  root /var/www/html/wordpress;
@@ -102,8 +342,6 @@
102
342
 
103
343
 
104
344
 
105
- ssl on;
106
-
107
345
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
108
346
 
109
347
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
@@ -112,7 +350,7 @@
112
350
 
113
351
  ssl_dhparam /etc/nginx/ssl/dhparam.pem;
114
352
 
115
- keepalive_timeout 70;
353
+ keepalive_timeout 120;
116
354
 
117
355
  ssl_stapling on;
118
356
 
@@ -144,51 +382,43 @@
144
382
 
145
383
  # maintenance setting
146
384
 
147
- #set $maintenance false;
385
+ set $maintenance false;
148
-
149
-
150
-
151
- # - start touch /var/tmp/maintenance.mode
386
+
152
-
153
- # - end rm /var/tmp/maintenance.mode
387
+
154
-
155
-
156
-
388
+
157
- #if (-e /var/tmp/maintenance.mode) {
389
+ if (-e /var/tmp/maintenance.mode) {
158
-
390
+
159
- # set $maintenance true;
391
+ set $maintenance true;
160
-
392
+
161
- #}
393
+ }
162
-
394
+
395
+
396
+
163
- #if ($http_x_forwarded_for ~ (^xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
397
+ if ($http_x_forwarded_for ~ ^(xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
164
-
398
+
165
- # set $maintenance false;
399
+ set $maintenance false;
166
-
400
+
167
- #}
401
+ }
168
-
169
-
170
-
402
+
403
+
404
+
171
- #if ($maintenance = true) {
405
+ if ($maintenance = true) {
172
-
406
+
173
- # return 503;
407
+ return 503;
174
-
408
+
175
- #}
409
+ }
176
-
177
-
178
-
410
+
411
+
412
+
179
- #error_page 503 @maintenance;
413
+ error_page 503 @maintenance;
180
-
181
-
182
-
414
+
415
+
416
+
183
- #location @maintenance {
417
+ location @maintenance {
184
-
418
+
185
- # rewrite ^(.*)$ https://example.cloudfront.net break;
419
+ rewrite ^(.*)$ https://xxx.cloudfront.net break;
186
-
420
+
187
- #}
421
+ }
188
-
189
-
190
-
191
- set $server "example.com";
192
422
 
193
423
 
194
424
 
@@ -212,6 +442,8 @@
212
442
 
213
443
  rewrite ^ /index.php last;
214
444
 
445
+
446
+
215
447
  }
216
448
 
217
449
 
@@ -294,55 +526,71 @@
294
526
 
295
527
  location = /healthcheck.txt {
296
528
 
529
+ #access_log off;
530
+
531
+ return 204;
532
+
533
+ break;
534
+
535
+ }
536
+
537
+
538
+
539
+ location ^~ /.well-known/acme-challenge {
540
+
541
+ root /usr/local/letsencrypt;
542
+
543
+ access_log /var/log/nginx/access_letsencrypt.log;
544
+
545
+ error_log /var/log/nginx/error_letsencrypt.log;
546
+
547
+ }
548
+
549
+ # direcct access
550
+
551
+ location = /.well-known/acme-challenge {
552
+
553
+ return 404;
554
+
555
+ }
556
+
557
+
558
+
559
+ # error_page 404 /index.php?error=404;
560
+
561
+
562
+
563
+ error_page 500 502 503 504 /50x.html;
564
+
565
+
566
+
567
+ location /favicon {
568
+
569
+ empty_gif;
570
+
571
+ access_log off;
572
+
573
+ log_not_found off;
574
+
575
+
576
+
577
+ }
578
+
579
+
580
+
581
+ location = /robots.txt {
582
+
583
+ log_not_found off;
584
+
297
585
  access_log off;
298
586
 
299
- return 204;
300
-
301
- break;
302
-
303
- }
587
+ }
304
-
305
-
306
-
307
- location /.well-known {
588
+
308
-
309
- root /var/www/html;
589
+
310
-
311
- }
590
+
312
-
313
- location ^~ /.well-known/acme-challenge {
314
-
315
- root /usr/local/letsencrypt;
316
-
317
- access_log /var/log/nginx/access_letsencrypt.log;
318
-
319
- error_log /var/log/nginx/error_letsencrypt.log;
320
-
321
- }
322
-
323
-
324
-
325
- # error_page 404 /index.php?error=404;
326
-
327
- error_page 500 502 503 504 /50x.html;
328
-
329
-
330
-
331
- location /favicon {
591
+ location ~ /\. {
332
-
592
+
333
- empty_gif;
593
+ deny all;
334
-
335
- access_log off;
336
-
337
- log_not_found off;
338
-
339
-
340
-
341
- }
342
-
343
-
344
-
345
- location = /robots.txt {
346
594
 
347
595
  log_not_found off;
348
596
 
@@ -352,18 +600,6 @@
352
600
 
353
601
 
354
602
 
355
- location ~ /\. {
356
-
357
- deny all;
358
-
359
- log_not_found off;
360
-
361
- access_log off;
362
-
363
- }
364
-
365
-
366
-
367
603
  location ~* \.(pdf)$ {
368
604
 
369
605
  add_header X-Robots-Tag noindex;

2

引用に変更

2017/06/06 22:37

投稿

madone99
madone99

スコア1855

test CHANGED
File without changes
test CHANGED
@@ -1,377 +1,375 @@
1
1
  タイトルのことをしたく、ALBを下記リンクを参考にターゲットグループを作成し
2
2
 
3
+
4
+
5
+ > from internet
6
+
7
+ > [internet] http -> 80 [ALB] http -> 81 [nginx] (https redirect)
8
+
9
+ > [internet] https -> 433 [ALB] http -> 80 [nginx] http -> any [WordPress]
10
+
11
+ >
12
+
13
+ > from health-checker
14
+
15
+ > [health-checker] http -> 80 [nginx] http -> any [WordPress]
16
+
17
+
18
+
19
+ のようにしたいのですが、ヘルスチェックでunhealthyになります。
20
+
21
+
22
+
23
+ [http://qiita.com/spaceprobe/items/96550d3214f2930f8b1a](http://qiita.com/spaceprobe/items/96550d3214f2930f8b1a)
24
+
25
+
26
+
27
+ nginxの設定は以下になります。
28
+
3
29
  ```ここに言語を入力
4
30
 
5
- from internet
6
-
7
- [internet] http -> 80 [ALB] http -> 81 [nginx] (https redirect)
31
+ fastcgi_pass unix:/var/run/php-fpm.sock;
8
-
32
+
9
- [internet] https -> 433 [ALB] http -> 80 [nginx] http -> any [WordPress]
33
+ ```の箇所は、実際にそこに存在しているために変更しています。
34
+
35
+
36
+
10
-
37
+ 何かご意見頂けますでしょうか?宜しくお願いします。
11
-
12
-
38
+
39
+
40
+
41
+
42
+
13
- from health-checker
43
+ nginx default.conf
14
-
44
+
15
- [health-checker] http -> 80 [nginx] http -> any [WordPress]
45
+ ---
16
46
 
17
47
  ```
18
48
 
19
-
20
-
21
- のようにしたいのですが、ヘルスチェックでunhealthyになります。
22
-
23
-
24
-
25
- [http://qiita.com/spaceprobe/items/96550d3214f2930f8b1a](http://qiita.com/spaceprobe/items/96550d3214f2930f8b1a)
26
-
27
-
28
-
29
- nginxの設定は以下になります。
30
-
31
- ```ここに言語を入力
32
-
33
- fastcgi_pass unix:/var/run/php-fpm.sock;
34
-
35
- ```の箇所は、実際にそこに存在しているために変更しています。
36
-
37
-
38
-
39
- 何かご意見頂けますでしょうか?宜しくお願いします。
40
-
41
-
42
-
43
-
44
-
45
- nginx default.conf
46
-
47
- ---
49
+ server {
50
+
51
+ listen 81;
52
+
53
+ rewrite ^ https://$host$request_uri permanent;
54
+
55
+ }
56
+
57
+
58
+
59
+ server {
60
+
61
+ client_max_body_size 96M;
62
+
63
+ listen 80 http2;
64
+
65
+ #listen 443 ssl http2;
66
+
67
+ root /var/www/html/wordpress;
68
+
69
+ server_name example.com www.example.com;
70
+
71
+ charset utf-8;
72
+
73
+
74
+
75
+ add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
76
+
77
+ #resolver 8.8.4.4 8.8.8.8 valid=300s;
78
+
79
+ resolver 127.0.0.1;
80
+
81
+ resolver_timeout 10s;
82
+
83
+
84
+
85
+ return 301 https://$host$request_uri;
86
+
87
+ }
88
+
89
+
90
+
91
+ server {
92
+
93
+ client_max_body_size 96M;
94
+
95
+ listen 443 ssl default_server http2;
96
+
97
+ server_name example.com;
98
+
99
+ root /var/www/html/wordpress;
100
+
101
+ charset utf-8;
102
+
103
+
104
+
105
+ ssl on;
106
+
107
+ ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
108
+
109
+ ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
110
+
111
+ ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
112
+
113
+ ssl_dhparam /etc/nginx/ssl/dhparam.pem;
114
+
115
+ keepalive_timeout 70;
116
+
117
+ ssl_stapling on;
118
+
119
+ ssl_stapling_verify on;
120
+
121
+ ssl_session_cache builtin:1000 shared:SSL:10m;
122
+
123
+ ssl_session_timeout 10m;
124
+
125
+ ssl_session_tickets off;
126
+
127
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
128
+
129
+ proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
130
+
131
+ ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
132
+
133
+ ssl_prefer_server_ciphers on;
134
+
135
+ add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
136
+
137
+ #resolver 8.8.4.4 8.8.8.8 valid=300s;
138
+
139
+ resolver 10.0.0.2;
140
+
141
+ resolver_timeout 10s;
142
+
143
+
144
+
145
+ # maintenance setting
146
+
147
+ #set $maintenance false;
148
+
149
+
150
+
151
+ # - start touch /var/tmp/maintenance.mode
152
+
153
+ # - end rm /var/tmp/maintenance.mode
154
+
155
+
156
+
157
+ #if (-e /var/tmp/maintenance.mode) {
158
+
159
+ # set $maintenance true;
160
+
161
+ #}
162
+
163
+ #if ($http_x_forwarded_for ~ (^xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
164
+
165
+ # set $maintenance false;
166
+
167
+ #}
168
+
169
+
170
+
171
+ #if ($maintenance = true) {
172
+
173
+ # return 503;
174
+
175
+ #}
176
+
177
+
178
+
179
+ #error_page 503 @maintenance;
180
+
181
+
182
+
183
+ #location @maintenance {
184
+
185
+ # rewrite ^(.*)$ https://example.cloudfront.net break;
186
+
187
+ #}
188
+
189
+
190
+
191
+ set $server "example.com";
192
+
193
+
194
+
195
+ location / {
196
+
197
+ root /var/www/html/wordpress;
198
+
199
+ index index.html index.htm index.php;
200
+
201
+
202
+
203
+ try_files $uri $uri/ /index.php?q=$uri&$args @wp;
204
+
205
+
206
+
207
+ if (!-e $request_filename) {
208
+
209
+ rewrite ^.+?(/wp-.*) $1 last;
210
+
211
+ rewrite ^.+?(/.*\.php)$ $1 last;
212
+
213
+ rewrite ^ /index.php last;
214
+
215
+ }
216
+
217
+
218
+
219
+ }
220
+
221
+
222
+
223
+ location ~* \.php$ {
224
+
225
+ root /var/www/html/wordpress;
226
+
227
+ try_files $uri @wp;
228
+
229
+ fastcgi_pass unix:/var/run/php-fpm.sock;
230
+
231
+ # fastcgi_pass 127.0.0.1:9000;
232
+
233
+ fastcgi_index index.php;
234
+
235
+ fastcgi_split_path_info ^(.+\.php)(.*);
236
+
237
+ fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/$fastcgi_script_name;
238
+
239
+ fastcgi_param PATH_INFO $fastcgi_path_info;
240
+
241
+ fastcgi_pass_header "X-Accel-Redirect";
242
+
243
+ fastcgi_pass_header "X-Accel-Expires";
244
+
245
+ fastcgi_read_timeout 180;
246
+
247
+ include fastcgi_params;
248
+
249
+
250
+
251
+ }
252
+
253
+
254
+
255
+ location @wp {
256
+
257
+ root /var/www/html/wordpress;
258
+
259
+ fastcgi_index index.php;
260
+
261
+ fastcgi_split_path_info ^(.+\.php)(.*)$;
262
+
263
+ fastcgi_pass unix:/var/run/php-fpm.sock;
264
+
265
+ fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/index.php;
266
+
267
+ include fastcgi_params;
268
+
269
+ }
270
+
271
+
272
+
273
+ # wp-config.phpへのアクセスを全て拒否
274
+
275
+ location ~* /wp-config.php {
276
+
277
+ deny all;
278
+
279
+ }
280
+
281
+
282
+
283
+ location ~* /(phpmyadmin|myadmin|pma) {
284
+
285
+ access_log off;
286
+
287
+ log_not_found off;
288
+
289
+ return 404;
290
+
291
+ }
292
+
293
+
294
+
295
+ location = /healthcheck.txt {
296
+
297
+ access_log off;
298
+
299
+ return 204;
300
+
301
+ break;
302
+
303
+ }
304
+
305
+
306
+
307
+ location /.well-known {
308
+
309
+ root /var/www/html;
310
+
311
+ }
312
+
313
+ location ^~ /.well-known/acme-challenge {
314
+
315
+ root /usr/local/letsencrypt;
316
+
317
+ access_log /var/log/nginx/access_letsencrypt.log;
318
+
319
+ error_log /var/log/nginx/error_letsencrypt.log;
320
+
321
+ }
322
+
323
+
324
+
325
+ # error_page 404 /index.php?error=404;
326
+
327
+ error_page 500 502 503 504 /50x.html;
328
+
329
+
330
+
331
+ location /favicon {
332
+
333
+ empty_gif;
334
+
335
+ access_log off;
336
+
337
+ log_not_found off;
338
+
339
+
340
+
341
+ }
342
+
343
+
344
+
345
+ location = /robots.txt {
346
+
347
+ log_not_found off;
348
+
349
+ access_log off;
350
+
351
+ }
352
+
353
+
354
+
355
+ location ~ /\. {
356
+
357
+ deny all;
358
+
359
+ log_not_found off;
360
+
361
+ access_log off;
362
+
363
+ }
364
+
365
+
366
+
367
+ location ~* \.(pdf)$ {
368
+
369
+ add_header X-Robots-Tag noindex;
370
+
371
+ }
372
+
373
+ }
48
374
 
49
375
  ```
50
-
51
- server {
52
-
53
- listen 81;
54
-
55
- rewrite ^ https://$host$request_uri permanent;
56
-
57
- }
58
-
59
-
60
-
61
- server {
62
-
63
- client_max_body_size 96M;
64
-
65
- listen 80 http2;
66
-
67
- #listen 443 ssl http2;
68
-
69
- root /var/www/html/wordpress;
70
-
71
- server_name example.com www.example.com;
72
-
73
- charset utf-8;
74
-
75
-
76
-
77
- add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
78
-
79
- #resolver 8.8.4.4 8.8.8.8 valid=300s;
80
-
81
- resolver 127.0.0.1;
82
-
83
- resolver_timeout 10s;
84
-
85
-
86
-
87
- return 301 https://$host$request_uri;
88
-
89
- }
90
-
91
-
92
-
93
- server {
94
-
95
- client_max_body_size 96M;
96
-
97
- listen 443 ssl default_server http2;
98
-
99
- server_name example.com;
100
-
101
- root /var/www/html/wordpress;
102
-
103
- charset utf-8;
104
-
105
-
106
-
107
- ssl on;
108
-
109
- ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
110
-
111
- ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
112
-
113
- ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
114
-
115
- ssl_dhparam /etc/nginx/ssl/dhparam.pem;
116
-
117
- keepalive_timeout 70;
118
-
119
- ssl_stapling on;
120
-
121
- ssl_stapling_verify on;
122
-
123
- ssl_session_cache builtin:1000 shared:SSL:10m;
124
-
125
- ssl_session_timeout 10m;
126
-
127
- ssl_session_tickets off;
128
-
129
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
130
-
131
- proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
132
-
133
- ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
134
-
135
- ssl_prefer_server_ciphers on;
136
-
137
- add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
138
-
139
- #resolver 8.8.4.4 8.8.8.8 valid=300s;
140
-
141
- resolver 10.0.0.2;
142
-
143
- resolver_timeout 10s;
144
-
145
-
146
-
147
- # maintenance setting
148
-
149
- #set $maintenance false;
150
-
151
-
152
-
153
- # - start touch /var/tmp/maintenance.mode
154
-
155
- # - end rm /var/tmp/maintenance.mode
156
-
157
-
158
-
159
- #if (-e /var/tmp/maintenance.mode) {
160
-
161
- # set $maintenance true;
162
-
163
- #}
164
-
165
- #if ($http_x_forwarded_for ~ (^xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
166
-
167
- # set $maintenance false;
168
-
169
- #}
170
-
171
-
172
-
173
- #if ($maintenance = true) {
174
-
175
- # return 503;
176
-
177
- #}
178
-
179
-
180
-
181
- #error_page 503 @maintenance;
182
-
183
-
184
-
185
- #location @maintenance {
186
-
187
- # rewrite ^(.*)$ https://example.cloudfront.net break;
188
-
189
- #}
190
-
191
-
192
-
193
- set $server "example.com";
194
-
195
-
196
-
197
- location / {
198
-
199
- root /var/www/html/wordpress;
200
-
201
- index index.html index.htm index.php;
202
-
203
-
204
-
205
- try_files $uri $uri/ /index.php?q=$uri&$args @wp;
206
-
207
-
208
-
209
- if (!-e $request_filename) {
210
-
211
- rewrite ^.+?(/wp-.*) $1 last;
212
-
213
- rewrite ^.+?(/.*\.php)$ $1 last;
214
-
215
- rewrite ^ /index.php last;
216
-
217
- }
218
-
219
-
220
-
221
- }
222
-
223
-
224
-
225
- location ~* \.php$ {
226
-
227
- root /var/www/html/wordpress;
228
-
229
- try_files $uri @wp;
230
-
231
- fastcgi_pass unix:/var/run/php-fpm.sock;
232
-
233
- # fastcgi_pass 127.0.0.1:9000;
234
-
235
- fastcgi_index index.php;
236
-
237
- fastcgi_split_path_info ^(.+\.php)(.*);
238
-
239
- fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/$fastcgi_script_name;
240
-
241
- fastcgi_param PATH_INFO $fastcgi_path_info;
242
-
243
- fastcgi_pass_header "X-Accel-Redirect";
244
-
245
- fastcgi_pass_header "X-Accel-Expires";
246
-
247
- fastcgi_read_timeout 180;
248
-
249
- include fastcgi_params;
250
-
251
-
252
-
253
- }
254
-
255
-
256
-
257
- location @wp {
258
-
259
- root /var/www/html/wordpress;
260
-
261
- fastcgi_index index.php;
262
-
263
- fastcgi_split_path_info ^(.+\.php)(.*)$;
264
-
265
- fastcgi_pass unix:/var/run/php-fpm.sock;
266
-
267
- fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/index.php;
268
-
269
- include fastcgi_params;
270
-
271
- }
272
-
273
-
274
-
275
- # wp-config.phpへのアクセスを全て拒否
276
-
277
- location ~* /wp-config.php {
278
-
279
- deny all;
280
-
281
- }
282
-
283
-
284
-
285
- location ~* /(phpmyadmin|myadmin|pma) {
286
-
287
- access_log off;
288
-
289
- log_not_found off;
290
-
291
- return 404;
292
-
293
- }
294
-
295
-
296
-
297
- location = /healthcheck.txt {
298
-
299
- access_log off;
300
-
301
- return 204;
302
-
303
- break;
304
-
305
- }
306
-
307
-
308
-
309
- location /.well-known {
310
-
311
- root /var/www/html;
312
-
313
- }
314
-
315
- location ^~ /.well-known/acme-challenge {
316
-
317
- root /usr/local/letsencrypt;
318
-
319
- access_log /var/log/nginx/access_letsencrypt.log;
320
-
321
- error_log /var/log/nginx/error_letsencrypt.log;
322
-
323
- }
324
-
325
-
326
-
327
- # error_page 404 /index.php?error=404;
328
-
329
- error_page 500 502 503 504 /50x.html;
330
-
331
-
332
-
333
- location /favicon {
334
-
335
- empty_gif;
336
-
337
- access_log off;
338
-
339
- log_not_found off;
340
-
341
-
342
-
343
- }
344
-
345
-
346
-
347
- location = /robots.txt {
348
-
349
- log_not_found off;
350
-
351
- access_log off;
352
-
353
- }
354
-
355
-
356
-
357
- location ~ /\. {
358
-
359
- deny all;
360
-
361
- log_not_found off;
362
-
363
- access_log off;
364
-
365
- }
366
-
367
-
368
-
369
- location ~* \.(pdf)$ {
370
-
371
- add_header X-Robots-Tag noindex;
372
-
373
- }
374
-
375
- }
376
-
377
- ```

1

接続の流れを追記

2017/06/06 07:00

投稿

madone99
madone99

スコア1855

test CHANGED
File without changes
test CHANGED
@@ -1,6 +1,24 @@
1
- タイトルのことをしたく、ALBを下記リンクを参考にターゲットグループを作成したのですが、
1
+ タイトルのことをしたく、ALBを下記リンクを参考にターゲットグループを作成し
2
+
2
-
3
+ ```ここに言語を入力
4
+
5
+ from internet
6
+
7
+ [internet] http -> 80 [ALB] http -> 81 [nginx] (https redirect)
8
+
9
+ [internet] https -> 433 [ALB] http -> 80 [nginx] http -> any [WordPress]
10
+
11
+
12
+
13
+ from health-checker
14
+
15
+ [health-checker] http -> 80 [nginx] http -> any [WordPress]
16
+
17
+ ```
18
+
19
+
20
+
3
- ヘルスチェックunhealthyまです。
21
+ のようにしたいのですが、ヘルスチェックunhealthyになります。
4
22
 
5
23
 
6
24