質問編集履歴
4
メンテナンス画面を解除
test
CHANGED
File without changes
|
test
CHANGED
@@ -124,23 +124,23 @@
|
|
124
124
|
|
125
125
|
|
126
126
|
|
127
|
-
if ($maintenance = true) {
|
127
|
+
#if ($maintenance = true) {
|
128
|
-
|
128
|
+
|
129
|
-
return 503;
|
129
|
+
# return 503;
|
130
|
-
|
130
|
+
|
131
|
-
}
|
131
|
+
#}
|
132
|
-
|
133
|
-
|
134
|
-
|
132
|
+
|
133
|
+
|
134
|
+
|
135
|
-
error_page 503 @maintenance;
|
135
|
+
#error_page 503 @maintenance;
|
136
|
-
|
137
|
-
|
138
|
-
|
136
|
+
|
137
|
+
|
138
|
+
|
139
|
-
location @maintenance {
|
139
|
+
#location @maintenance {
|
140
|
-
|
140
|
+
|
141
|
-
rewrite ^(.*)$ https://xxx.cloudfront.net break;
|
141
|
+
# rewrite ^(.*)$ https://xxx.cloudfront.net break;
|
142
|
-
|
142
|
+
|
143
|
-
}
|
143
|
+
#}
|
144
144
|
|
145
145
|
|
146
146
|
|
@@ -402,23 +402,23 @@
|
|
402
402
|
|
403
403
|
|
404
404
|
|
405
|
-
if ($maintenance = true) {
|
405
|
+
#if ($maintenance = true) {
|
406
|
-
|
406
|
+
|
407
|
-
return 503;
|
407
|
+
# return 503;
|
408
|
-
|
408
|
+
|
409
|
-
}
|
409
|
+
#}
|
410
|
-
|
411
|
-
|
412
|
-
|
410
|
+
|
411
|
+
|
412
|
+
|
413
|
-
error_page 503 @maintenance;
|
413
|
+
#error_page 503 @maintenance;
|
414
|
-
|
415
|
-
|
416
|
-
|
414
|
+
|
415
|
+
|
416
|
+
|
417
|
-
location @maintenance {
|
417
|
+
#location @maintenance {
|
418
|
-
|
418
|
+
|
419
|
-
rewrite ^(.*)$ https://xxx.cloudfront.net break;
|
419
|
+
# rewrite ^(.*)$ https://xxx.cloudfront.net break;
|
420
|
-
|
420
|
+
|
421
|
-
}
|
421
|
+
#}
|
422
422
|
|
423
423
|
|
424
424
|
|
3
confファイル修正
test
CHANGED
File without changes
|
test
CHANGED
@@ -40,7 +40,7 @@
|
|
40
40
|
|
41
41
|
|
42
42
|
|
43
|
-
|
43
|
+
default.conf
|
44
44
|
|
45
45
|
---
|
46
46
|
|
@@ -50,6 +50,8 @@
|
|
50
50
|
|
51
51
|
listen 81;
|
52
52
|
|
53
|
+
server_name example.com;
|
54
|
+
|
53
55
|
rewrite ^ https://$host$request_uri permanent;
|
54
56
|
|
55
57
|
}
|
@@ -58,15 +60,29 @@
|
|
58
60
|
|
59
61
|
server {
|
60
62
|
|
63
|
+
listen 80 http2;
|
64
|
+
|
65
|
+
listen [::]:80 http2;
|
66
|
+
|
67
|
+
server_name www.example.com;
|
68
|
+
|
69
|
+
return 301 http://example.com$request_uri;
|
70
|
+
|
71
|
+
}
|
72
|
+
|
73
|
+
|
74
|
+
|
75
|
+
server {
|
76
|
+
|
61
77
|
client_max_body_size 96M;
|
62
78
|
|
63
79
|
listen 80 http2;
|
64
80
|
|
65
|
-
|
81
|
+
listen [::]:80 http2;
|
66
82
|
|
67
83
|
root /var/www/html/wordpress;
|
68
84
|
|
69
|
-
server_name example.com
|
85
|
+
server_name example.com;
|
70
86
|
|
71
87
|
charset utf-8;
|
72
88
|
|
@@ -80,9 +96,217 @@
|
|
80
96
|
|
81
97
|
resolver_timeout 10s;
|
82
98
|
|
83
|
-
|
84
|
-
|
99
|
+
|
100
|
+
|
85
|
-
return 301 https://$host$request_uri;
|
101
|
+
#return 301 https://$host$request_uri;
|
102
|
+
|
103
|
+
|
104
|
+
|
105
|
+
# maintenance setting
|
106
|
+
|
107
|
+
set $maintenance false;
|
108
|
+
|
109
|
+
|
110
|
+
|
111
|
+
if (-e /var/tmp/maintenance.mode) {
|
112
|
+
|
113
|
+
set $maintenance true;
|
114
|
+
|
115
|
+
}
|
116
|
+
|
117
|
+
|
118
|
+
|
119
|
+
if ($http_x_forwarded_for ~ ^(xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
|
120
|
+
|
121
|
+
set $maintenance false;
|
122
|
+
|
123
|
+
}
|
124
|
+
|
125
|
+
|
126
|
+
|
127
|
+
if ($maintenance = true) {
|
128
|
+
|
129
|
+
return 503;
|
130
|
+
|
131
|
+
}
|
132
|
+
|
133
|
+
|
134
|
+
|
135
|
+
error_page 503 @maintenance;
|
136
|
+
|
137
|
+
|
138
|
+
|
139
|
+
location @maintenance {
|
140
|
+
|
141
|
+
rewrite ^(.*)$ https://xxx.cloudfront.net break;
|
142
|
+
|
143
|
+
}
|
144
|
+
|
145
|
+
|
146
|
+
|
147
|
+
location / {
|
148
|
+
|
149
|
+
root /var/www/html/wordpress;
|
150
|
+
|
151
|
+
index index.html index.htm index.php;
|
152
|
+
|
153
|
+
|
154
|
+
|
155
|
+
try_files $uri $uri/ /index.php?q=$uri&$args @wp;
|
156
|
+
|
157
|
+
|
158
|
+
|
159
|
+
if (!-e $request_filename) {
|
160
|
+
|
161
|
+
rewrite ^.+?(/wp-.*) $1 last;
|
162
|
+
|
163
|
+
rewrite ^.+?(/.*\.php)$ $1 last;
|
164
|
+
|
165
|
+
rewrite ^ /index.php last;
|
166
|
+
|
167
|
+
|
168
|
+
|
169
|
+
}
|
170
|
+
|
171
|
+
|
172
|
+
|
173
|
+
}
|
174
|
+
|
175
|
+
|
176
|
+
|
177
|
+
location ~* \.php$ {
|
178
|
+
|
179
|
+
root /var/www/html/wordpress;
|
180
|
+
|
181
|
+
try_files $uri @wp;
|
182
|
+
|
183
|
+
fastcgi_pass unix:/var/run/php-fpm.sock;
|
184
|
+
|
185
|
+
# fastcgi_pass 127.0.0.1:9000;
|
186
|
+
|
187
|
+
fastcgi_index index.php;
|
188
|
+
|
189
|
+
fastcgi_split_path_info ^(.+\.php)(.*);
|
190
|
+
|
191
|
+
fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/$fastcgi_script_name;
|
192
|
+
|
193
|
+
fastcgi_param PATH_INFO $fastcgi_path_info;
|
194
|
+
|
195
|
+
fastcgi_pass_header "X-Accel-Redirect";
|
196
|
+
|
197
|
+
fastcgi_pass_header "X-Accel-Expires";
|
198
|
+
|
199
|
+
fastcgi_read_timeout 180;
|
200
|
+
|
201
|
+
include fastcgi_params;
|
202
|
+
|
203
|
+
|
204
|
+
|
205
|
+
}
|
206
|
+
|
207
|
+
|
208
|
+
|
209
|
+
location @wp {
|
210
|
+
|
211
|
+
root /var/www/html/wordpress;
|
212
|
+
|
213
|
+
fastcgi_index index.php;
|
214
|
+
|
215
|
+
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
216
|
+
|
217
|
+
fastcgi_pass unix:/var/run/php-fpm.sock;
|
218
|
+
|
219
|
+
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
220
|
+
|
221
|
+
fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/index.php;
|
222
|
+
|
223
|
+
include fastcgi_params;
|
224
|
+
|
225
|
+
}
|
226
|
+
|
227
|
+
|
228
|
+
|
229
|
+
# wp-config.phpへのアクセスを全て拒否
|
230
|
+
|
231
|
+
location ~* /wp-config.php {
|
232
|
+
|
233
|
+
deny all;
|
234
|
+
|
235
|
+
}
|
236
|
+
|
237
|
+
|
238
|
+
|
239
|
+
location ~* /(phpmyadmin|myadmin|pma) {
|
240
|
+
|
241
|
+
access_log off;
|
242
|
+
|
243
|
+
log_not_found off;
|
244
|
+
|
245
|
+
return 404;
|
246
|
+
|
247
|
+
}
|
248
|
+
|
249
|
+
|
250
|
+
|
251
|
+
location = /healthcheck.txt {
|
252
|
+
|
253
|
+
#access_log off;
|
254
|
+
|
255
|
+
return 204;
|
256
|
+
|
257
|
+
break;
|
258
|
+
|
259
|
+
}
|
260
|
+
|
261
|
+
|
262
|
+
|
263
|
+
# error_page 404 /index.php?error=404;
|
264
|
+
|
265
|
+
|
266
|
+
|
267
|
+
error_page 500 502 503 504 /50x.html;
|
268
|
+
|
269
|
+
|
270
|
+
|
271
|
+
location /favicon {
|
272
|
+
|
273
|
+
empty_gif;
|
274
|
+
|
275
|
+
access_log off;
|
276
|
+
|
277
|
+
log_not_found off;
|
278
|
+
|
279
|
+
|
280
|
+
|
281
|
+
}
|
282
|
+
|
283
|
+
|
284
|
+
|
285
|
+
location = /robots.txt {
|
286
|
+
|
287
|
+
log_not_found off;
|
288
|
+
|
289
|
+
access_log off;
|
290
|
+
|
291
|
+
}
|
292
|
+
|
293
|
+
|
294
|
+
|
295
|
+
location ~ /\. {
|
296
|
+
|
297
|
+
deny all;
|
298
|
+
|
299
|
+
log_not_found off;
|
300
|
+
|
301
|
+
access_log off;
|
302
|
+
|
303
|
+
}
|
304
|
+
|
305
|
+
location ~* \.(pdf)$ {
|
306
|
+
|
307
|
+
add_header X-Robots-Tag noindex;
|
308
|
+
|
309
|
+
}
|
86
310
|
|
87
311
|
}
|
88
312
|
|
@@ -90,10 +314,26 @@
|
|
90
314
|
|
91
315
|
server {
|
92
316
|
|
317
|
+
listen 443 ssl http2;
|
318
|
+
|
319
|
+
listen [::]:443 ssl http2;
|
320
|
+
|
321
|
+
server_name www.example.com;
|
322
|
+
|
323
|
+
return 301 https://example.com$request_uri;
|
324
|
+
|
325
|
+
}
|
326
|
+
|
327
|
+
|
328
|
+
|
329
|
+
server {
|
330
|
+
|
93
331
|
client_max_body_size 96M;
|
94
332
|
|
95
333
|
listen 443 ssl default_server http2;
|
96
334
|
|
335
|
+
listen [::]:443 ssl http2;
|
336
|
+
|
97
337
|
server_name example.com;
|
98
338
|
|
99
339
|
root /var/www/html/wordpress;
|
@@ -102,8 +342,6 @@
|
|
102
342
|
|
103
343
|
|
104
344
|
|
105
|
-
ssl on;
|
106
|
-
|
107
345
|
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
108
346
|
|
109
347
|
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
@@ -112,7 +350,7 @@
|
|
112
350
|
|
113
351
|
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
114
352
|
|
115
|
-
keepalive_timeout
|
353
|
+
keepalive_timeout 120;
|
116
354
|
|
117
355
|
ssl_stapling on;
|
118
356
|
|
@@ -144,51 +382,43 @@
|
|
144
382
|
|
145
383
|
# maintenance setting
|
146
384
|
|
147
|
-
|
385
|
+
set $maintenance false;
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
386
|
+
|
152
|
-
|
153
|
-
|
387
|
+
|
154
|
-
|
155
|
-
|
156
|
-
|
388
|
+
|
157
|
-
|
389
|
+
if (-e /var/tmp/maintenance.mode) {
|
158
|
-
|
390
|
+
|
159
|
-
|
391
|
+
set $maintenance true;
|
160
|
-
|
392
|
+
|
161
|
-
|
393
|
+
}
|
162
|
-
|
394
|
+
|
395
|
+
|
396
|
+
|
163
|
-
|
397
|
+
if ($http_x_forwarded_for ~ ^(xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
|
164
|
-
|
398
|
+
|
165
|
-
|
399
|
+
set $maintenance false;
|
166
|
-
|
400
|
+
|
167
|
-
|
401
|
+
}
|
168
|
-
|
169
|
-
|
170
|
-
|
402
|
+
|
403
|
+
|
404
|
+
|
171
|
-
|
405
|
+
if ($maintenance = true) {
|
172
|
-
|
406
|
+
|
173
|
-
|
407
|
+
return 503;
|
174
|
-
|
408
|
+
|
175
|
-
|
409
|
+
}
|
176
|
-
|
177
|
-
|
178
|
-
|
410
|
+
|
411
|
+
|
412
|
+
|
179
|
-
|
413
|
+
error_page 503 @maintenance;
|
180
|
-
|
181
|
-
|
182
|
-
|
414
|
+
|
415
|
+
|
416
|
+
|
183
|
-
|
417
|
+
location @maintenance {
|
184
|
-
|
418
|
+
|
185
|
-
|
419
|
+
rewrite ^(.*)$ https://xxx.cloudfront.net break;
|
186
|
-
|
420
|
+
|
187
|
-
|
421
|
+
}
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
set $server "example.com";
|
192
422
|
|
193
423
|
|
194
424
|
|
@@ -212,6 +442,8 @@
|
|
212
442
|
|
213
443
|
rewrite ^ /index.php last;
|
214
444
|
|
445
|
+
|
446
|
+
|
215
447
|
}
|
216
448
|
|
217
449
|
|
@@ -294,55 +526,71 @@
|
|
294
526
|
|
295
527
|
location = /healthcheck.txt {
|
296
528
|
|
529
|
+
#access_log off;
|
530
|
+
|
531
|
+
return 204;
|
532
|
+
|
533
|
+
break;
|
534
|
+
|
535
|
+
}
|
536
|
+
|
537
|
+
|
538
|
+
|
539
|
+
location ^~ /.well-known/acme-challenge {
|
540
|
+
|
541
|
+
root /usr/local/letsencrypt;
|
542
|
+
|
543
|
+
access_log /var/log/nginx/access_letsencrypt.log;
|
544
|
+
|
545
|
+
error_log /var/log/nginx/error_letsencrypt.log;
|
546
|
+
|
547
|
+
}
|
548
|
+
|
549
|
+
# direcct access
|
550
|
+
|
551
|
+
location = /.well-known/acme-challenge {
|
552
|
+
|
553
|
+
return 404;
|
554
|
+
|
555
|
+
}
|
556
|
+
|
557
|
+
|
558
|
+
|
559
|
+
# error_page 404 /index.php?error=404;
|
560
|
+
|
561
|
+
|
562
|
+
|
563
|
+
error_page 500 502 503 504 /50x.html;
|
564
|
+
|
565
|
+
|
566
|
+
|
567
|
+
location /favicon {
|
568
|
+
|
569
|
+
empty_gif;
|
570
|
+
|
571
|
+
access_log off;
|
572
|
+
|
573
|
+
log_not_found off;
|
574
|
+
|
575
|
+
|
576
|
+
|
577
|
+
}
|
578
|
+
|
579
|
+
|
580
|
+
|
581
|
+
location = /robots.txt {
|
582
|
+
|
583
|
+
log_not_found off;
|
584
|
+
|
297
585
|
access_log off;
|
298
586
|
|
299
|
-
return 204;
|
300
|
-
|
301
|
-
break;
|
302
|
-
|
303
|
-
}
|
587
|
+
}
|
304
|
-
|
305
|
-
|
306
|
-
|
307
|
-
|
588
|
+
|
308
|
-
|
309
|
-
|
589
|
+
|
310
|
-
|
311
|
-
|
590
|
+
|
312
|
-
|
313
|
-
location ^~ /.well-known/acme-challenge {
|
314
|
-
|
315
|
-
root /usr/local/letsencrypt;
|
316
|
-
|
317
|
-
access_log /var/log/nginx/access_letsencrypt.log;
|
318
|
-
|
319
|
-
error_log /var/log/nginx/error_letsencrypt.log;
|
320
|
-
|
321
|
-
}
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
# error_page 404 /index.php?error=404;
|
326
|
-
|
327
|
-
error_page 500 502 503 504 /50x.html;
|
328
|
-
|
329
|
-
|
330
|
-
|
331
|
-
location /
|
591
|
+
location ~ /\. {
|
332
|
-
|
592
|
+
|
333
|
-
e
|
593
|
+
deny all;
|
334
|
-
|
335
|
-
access_log off;
|
336
|
-
|
337
|
-
log_not_found off;
|
338
|
-
|
339
|
-
|
340
|
-
|
341
|
-
}
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
location = /robots.txt {
|
346
594
|
|
347
595
|
log_not_found off;
|
348
596
|
|
@@ -352,18 +600,6 @@
|
|
352
600
|
|
353
601
|
|
354
602
|
|
355
|
-
location ~ /\. {
|
356
|
-
|
357
|
-
deny all;
|
358
|
-
|
359
|
-
log_not_found off;
|
360
|
-
|
361
|
-
access_log off;
|
362
|
-
|
363
|
-
}
|
364
|
-
|
365
|
-
|
366
|
-
|
367
603
|
location ~* \.(pdf)$ {
|
368
604
|
|
369
605
|
add_header X-Robots-Tag noindex;
|
2
引用に変更
test
CHANGED
File without changes
|
test
CHANGED
@@ -1,377 +1,375 @@
|
|
1
1
|
タイトルのことをしたく、ALBを下記リンクを参考にターゲットグループを作成し
|
2
2
|
|
3
|
+
|
4
|
+
|
5
|
+
> from internet
|
6
|
+
|
7
|
+
> [internet] http -> 80 [ALB] http -> 81 [nginx] (https redirect)
|
8
|
+
|
9
|
+
> [internet] https -> 433 [ALB] http -> 80 [nginx] http -> any [WordPress]
|
10
|
+
|
11
|
+
>
|
12
|
+
|
13
|
+
> from health-checker
|
14
|
+
|
15
|
+
> [health-checker] http -> 80 [nginx] http -> any [WordPress]
|
16
|
+
|
17
|
+
|
18
|
+
|
19
|
+
のようにしたいのですが、ヘルスチェックでunhealthyになります。
|
20
|
+
|
21
|
+
|
22
|
+
|
23
|
+
[http://qiita.com/spaceprobe/items/96550d3214f2930f8b1a](http://qiita.com/spaceprobe/items/96550d3214f2930f8b1a)
|
24
|
+
|
25
|
+
|
26
|
+
|
27
|
+
nginxの設定は以下になります。
|
28
|
+
|
3
29
|
```ここに言語を入力
|
4
30
|
|
5
|
-
from internet
|
6
|
-
|
7
|
-
|
31
|
+
fastcgi_pass unix:/var/run/php-fpm.sock;
|
8
|
-
|
32
|
+
|
9
|
-
|
33
|
+
```の箇所は、実際にそこに存在しているために変更しています。
|
34
|
+
|
35
|
+
|
36
|
+
|
10
|
-
|
37
|
+
何かご意見頂けますでしょうか?宜しくお願いします。
|
11
|
-
|
12
|
-
|
38
|
+
|
39
|
+
|
40
|
+
|
41
|
+
|
42
|
+
|
13
|
-
|
43
|
+
nginx default.conf
|
14
|
-
|
44
|
+
|
15
|
-
|
45
|
+
---
|
16
46
|
|
17
47
|
```
|
18
48
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
ngin
|
46
|
-
|
47
|
-
|
49
|
+
server {
|
50
|
+
|
51
|
+
listen 81;
|
52
|
+
|
53
|
+
rewrite ^ https://$host$request_uri permanent;
|
54
|
+
|
55
|
+
}
|
56
|
+
|
57
|
+
|
58
|
+
|
59
|
+
server {
|
60
|
+
|
61
|
+
client_max_body_size 96M;
|
62
|
+
|
63
|
+
listen 80 http2;
|
64
|
+
|
65
|
+
#listen 443 ssl http2;
|
66
|
+
|
67
|
+
root /var/www/html/wordpress;
|
68
|
+
|
69
|
+
server_name example.com www.example.com;
|
70
|
+
|
71
|
+
charset utf-8;
|
72
|
+
|
73
|
+
|
74
|
+
|
75
|
+
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
|
76
|
+
|
77
|
+
#resolver 8.8.4.4 8.8.8.8 valid=300s;
|
78
|
+
|
79
|
+
resolver 127.0.0.1;
|
80
|
+
|
81
|
+
resolver_timeout 10s;
|
82
|
+
|
83
|
+
|
84
|
+
|
85
|
+
return 301 https://$host$request_uri;
|
86
|
+
|
87
|
+
}
|
88
|
+
|
89
|
+
|
90
|
+
|
91
|
+
server {
|
92
|
+
|
93
|
+
client_max_body_size 96M;
|
94
|
+
|
95
|
+
listen 443 ssl default_server http2;
|
96
|
+
|
97
|
+
server_name example.com;
|
98
|
+
|
99
|
+
root /var/www/html/wordpress;
|
100
|
+
|
101
|
+
charset utf-8;
|
102
|
+
|
103
|
+
|
104
|
+
|
105
|
+
ssl on;
|
106
|
+
|
107
|
+
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
108
|
+
|
109
|
+
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
110
|
+
|
111
|
+
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
|
112
|
+
|
113
|
+
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
114
|
+
|
115
|
+
keepalive_timeout 70;
|
116
|
+
|
117
|
+
ssl_stapling on;
|
118
|
+
|
119
|
+
ssl_stapling_verify on;
|
120
|
+
|
121
|
+
ssl_session_cache builtin:1000 shared:SSL:10m;
|
122
|
+
|
123
|
+
ssl_session_timeout 10m;
|
124
|
+
|
125
|
+
ssl_session_tickets off;
|
126
|
+
|
127
|
+
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
128
|
+
|
129
|
+
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
130
|
+
|
131
|
+
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
132
|
+
|
133
|
+
ssl_prefer_server_ciphers on;
|
134
|
+
|
135
|
+
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
|
136
|
+
|
137
|
+
#resolver 8.8.4.4 8.8.8.8 valid=300s;
|
138
|
+
|
139
|
+
resolver 10.0.0.2;
|
140
|
+
|
141
|
+
resolver_timeout 10s;
|
142
|
+
|
143
|
+
|
144
|
+
|
145
|
+
# maintenance setting
|
146
|
+
|
147
|
+
#set $maintenance false;
|
148
|
+
|
149
|
+
|
150
|
+
|
151
|
+
# - start touch /var/tmp/maintenance.mode
|
152
|
+
|
153
|
+
# - end rm /var/tmp/maintenance.mode
|
154
|
+
|
155
|
+
|
156
|
+
|
157
|
+
#if (-e /var/tmp/maintenance.mode) {
|
158
|
+
|
159
|
+
# set $maintenance true;
|
160
|
+
|
161
|
+
#}
|
162
|
+
|
163
|
+
#if ($http_x_forwarded_for ~ (^xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
|
164
|
+
|
165
|
+
# set $maintenance false;
|
166
|
+
|
167
|
+
#}
|
168
|
+
|
169
|
+
|
170
|
+
|
171
|
+
#if ($maintenance = true) {
|
172
|
+
|
173
|
+
# return 503;
|
174
|
+
|
175
|
+
#}
|
176
|
+
|
177
|
+
|
178
|
+
|
179
|
+
#error_page 503 @maintenance;
|
180
|
+
|
181
|
+
|
182
|
+
|
183
|
+
#location @maintenance {
|
184
|
+
|
185
|
+
# rewrite ^(.*)$ https://example.cloudfront.net break;
|
186
|
+
|
187
|
+
#}
|
188
|
+
|
189
|
+
|
190
|
+
|
191
|
+
set $server "example.com";
|
192
|
+
|
193
|
+
|
194
|
+
|
195
|
+
location / {
|
196
|
+
|
197
|
+
root /var/www/html/wordpress;
|
198
|
+
|
199
|
+
index index.html index.htm index.php;
|
200
|
+
|
201
|
+
|
202
|
+
|
203
|
+
try_files $uri $uri/ /index.php?q=$uri&$args @wp;
|
204
|
+
|
205
|
+
|
206
|
+
|
207
|
+
if (!-e $request_filename) {
|
208
|
+
|
209
|
+
rewrite ^.+?(/wp-.*) $1 last;
|
210
|
+
|
211
|
+
rewrite ^.+?(/.*\.php)$ $1 last;
|
212
|
+
|
213
|
+
rewrite ^ /index.php last;
|
214
|
+
|
215
|
+
}
|
216
|
+
|
217
|
+
|
218
|
+
|
219
|
+
}
|
220
|
+
|
221
|
+
|
222
|
+
|
223
|
+
location ~* \.php$ {
|
224
|
+
|
225
|
+
root /var/www/html/wordpress;
|
226
|
+
|
227
|
+
try_files $uri @wp;
|
228
|
+
|
229
|
+
fastcgi_pass unix:/var/run/php-fpm.sock;
|
230
|
+
|
231
|
+
# fastcgi_pass 127.0.0.1:9000;
|
232
|
+
|
233
|
+
fastcgi_index index.php;
|
234
|
+
|
235
|
+
fastcgi_split_path_info ^(.+\.php)(.*);
|
236
|
+
|
237
|
+
fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/$fastcgi_script_name;
|
238
|
+
|
239
|
+
fastcgi_param PATH_INFO $fastcgi_path_info;
|
240
|
+
|
241
|
+
fastcgi_pass_header "X-Accel-Redirect";
|
242
|
+
|
243
|
+
fastcgi_pass_header "X-Accel-Expires";
|
244
|
+
|
245
|
+
fastcgi_read_timeout 180;
|
246
|
+
|
247
|
+
include fastcgi_params;
|
248
|
+
|
249
|
+
|
250
|
+
|
251
|
+
}
|
252
|
+
|
253
|
+
|
254
|
+
|
255
|
+
location @wp {
|
256
|
+
|
257
|
+
root /var/www/html/wordpress;
|
258
|
+
|
259
|
+
fastcgi_index index.php;
|
260
|
+
|
261
|
+
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
262
|
+
|
263
|
+
fastcgi_pass unix:/var/run/php-fpm.sock;
|
264
|
+
|
265
|
+
fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/index.php;
|
266
|
+
|
267
|
+
include fastcgi_params;
|
268
|
+
|
269
|
+
}
|
270
|
+
|
271
|
+
|
272
|
+
|
273
|
+
# wp-config.phpへのアクセスを全て拒否
|
274
|
+
|
275
|
+
location ~* /wp-config.php {
|
276
|
+
|
277
|
+
deny all;
|
278
|
+
|
279
|
+
}
|
280
|
+
|
281
|
+
|
282
|
+
|
283
|
+
location ~* /(phpmyadmin|myadmin|pma) {
|
284
|
+
|
285
|
+
access_log off;
|
286
|
+
|
287
|
+
log_not_found off;
|
288
|
+
|
289
|
+
return 404;
|
290
|
+
|
291
|
+
}
|
292
|
+
|
293
|
+
|
294
|
+
|
295
|
+
location = /healthcheck.txt {
|
296
|
+
|
297
|
+
access_log off;
|
298
|
+
|
299
|
+
return 204;
|
300
|
+
|
301
|
+
break;
|
302
|
+
|
303
|
+
}
|
304
|
+
|
305
|
+
|
306
|
+
|
307
|
+
location /.well-known {
|
308
|
+
|
309
|
+
root /var/www/html;
|
310
|
+
|
311
|
+
}
|
312
|
+
|
313
|
+
location ^~ /.well-known/acme-challenge {
|
314
|
+
|
315
|
+
root /usr/local/letsencrypt;
|
316
|
+
|
317
|
+
access_log /var/log/nginx/access_letsencrypt.log;
|
318
|
+
|
319
|
+
error_log /var/log/nginx/error_letsencrypt.log;
|
320
|
+
|
321
|
+
}
|
322
|
+
|
323
|
+
|
324
|
+
|
325
|
+
# error_page 404 /index.php?error=404;
|
326
|
+
|
327
|
+
error_page 500 502 503 504 /50x.html;
|
328
|
+
|
329
|
+
|
330
|
+
|
331
|
+
location /favicon {
|
332
|
+
|
333
|
+
empty_gif;
|
334
|
+
|
335
|
+
access_log off;
|
336
|
+
|
337
|
+
log_not_found off;
|
338
|
+
|
339
|
+
|
340
|
+
|
341
|
+
}
|
342
|
+
|
343
|
+
|
344
|
+
|
345
|
+
location = /robots.txt {
|
346
|
+
|
347
|
+
log_not_found off;
|
348
|
+
|
349
|
+
access_log off;
|
350
|
+
|
351
|
+
}
|
352
|
+
|
353
|
+
|
354
|
+
|
355
|
+
location ~ /\. {
|
356
|
+
|
357
|
+
deny all;
|
358
|
+
|
359
|
+
log_not_found off;
|
360
|
+
|
361
|
+
access_log off;
|
362
|
+
|
363
|
+
}
|
364
|
+
|
365
|
+
|
366
|
+
|
367
|
+
location ~* \.(pdf)$ {
|
368
|
+
|
369
|
+
add_header X-Robots-Tag noindex;
|
370
|
+
|
371
|
+
}
|
372
|
+
|
373
|
+
}
|
48
374
|
|
49
375
|
```
|
50
|
-
|
51
|
-
server {
|
52
|
-
|
53
|
-
listen 81;
|
54
|
-
|
55
|
-
rewrite ^ https://$host$request_uri permanent;
|
56
|
-
|
57
|
-
}
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
server {
|
62
|
-
|
63
|
-
client_max_body_size 96M;
|
64
|
-
|
65
|
-
listen 80 http2;
|
66
|
-
|
67
|
-
#listen 443 ssl http2;
|
68
|
-
|
69
|
-
root /var/www/html/wordpress;
|
70
|
-
|
71
|
-
server_name example.com www.example.com;
|
72
|
-
|
73
|
-
charset utf-8;
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
|
78
|
-
|
79
|
-
#resolver 8.8.4.4 8.8.8.8 valid=300s;
|
80
|
-
|
81
|
-
resolver 127.0.0.1;
|
82
|
-
|
83
|
-
resolver_timeout 10s;
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
return 301 https://$host$request_uri;
|
88
|
-
|
89
|
-
}
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
server {
|
94
|
-
|
95
|
-
client_max_body_size 96M;
|
96
|
-
|
97
|
-
listen 443 ssl default_server http2;
|
98
|
-
|
99
|
-
server_name example.com;
|
100
|
-
|
101
|
-
root /var/www/html/wordpress;
|
102
|
-
|
103
|
-
charset utf-8;
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
ssl on;
|
108
|
-
|
109
|
-
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
|
110
|
-
|
111
|
-
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
|
112
|
-
|
113
|
-
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
|
114
|
-
|
115
|
-
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
|
116
|
-
|
117
|
-
keepalive_timeout 70;
|
118
|
-
|
119
|
-
ssl_stapling on;
|
120
|
-
|
121
|
-
ssl_stapling_verify on;
|
122
|
-
|
123
|
-
ssl_session_cache builtin:1000 shared:SSL:10m;
|
124
|
-
|
125
|
-
ssl_session_timeout 10m;
|
126
|
-
|
127
|
-
ssl_session_tickets off;
|
128
|
-
|
129
|
-
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
130
|
-
|
131
|
-
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
132
|
-
|
133
|
-
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
134
|
-
|
135
|
-
ssl_prefer_server_ciphers on;
|
136
|
-
|
137
|
-
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
|
138
|
-
|
139
|
-
#resolver 8.8.4.4 8.8.8.8 valid=300s;
|
140
|
-
|
141
|
-
resolver 10.0.0.2;
|
142
|
-
|
143
|
-
resolver_timeout 10s;
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
# maintenance setting
|
148
|
-
|
149
|
-
#set $maintenance false;
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
# - start touch /var/tmp/maintenance.mode
|
154
|
-
|
155
|
-
# - end rm /var/tmp/maintenance.mode
|
156
|
-
|
157
|
-
|
158
|
-
|
159
|
-
#if (-e /var/tmp/maintenance.mode) {
|
160
|
-
|
161
|
-
# set $maintenance true;
|
162
|
-
|
163
|
-
#}
|
164
|
-
|
165
|
-
#if ($http_x_forwarded_for ~ (^xxx.xxx.xxx.xxx|xxx.xxx.xxx.xxx)) {
|
166
|
-
|
167
|
-
# set $maintenance false;
|
168
|
-
|
169
|
-
#}
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
#if ($maintenance = true) {
|
174
|
-
|
175
|
-
# return 503;
|
176
|
-
|
177
|
-
#}
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
#error_page 503 @maintenance;
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
#location @maintenance {
|
186
|
-
|
187
|
-
# rewrite ^(.*)$ https://example.cloudfront.net break;
|
188
|
-
|
189
|
-
#}
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
set $server "example.com";
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
location / {
|
198
|
-
|
199
|
-
root /var/www/html/wordpress;
|
200
|
-
|
201
|
-
index index.html index.htm index.php;
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
try_files $uri $uri/ /index.php?q=$uri&$args @wp;
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
if (!-e $request_filename) {
|
210
|
-
|
211
|
-
rewrite ^.+?(/wp-.*) $1 last;
|
212
|
-
|
213
|
-
rewrite ^.+?(/.*\.php)$ $1 last;
|
214
|
-
|
215
|
-
rewrite ^ /index.php last;
|
216
|
-
|
217
|
-
}
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
}
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
location ~* \.php$ {
|
226
|
-
|
227
|
-
root /var/www/html/wordpress;
|
228
|
-
|
229
|
-
try_files $uri @wp;
|
230
|
-
|
231
|
-
fastcgi_pass unix:/var/run/php-fpm.sock;
|
232
|
-
|
233
|
-
# fastcgi_pass 127.0.0.1:9000;
|
234
|
-
|
235
|
-
fastcgi_index index.php;
|
236
|
-
|
237
|
-
fastcgi_split_path_info ^(.+\.php)(.*);
|
238
|
-
|
239
|
-
fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/$fastcgi_script_name;
|
240
|
-
|
241
|
-
fastcgi_param PATH_INFO $fastcgi_path_info;
|
242
|
-
|
243
|
-
fastcgi_pass_header "X-Accel-Redirect";
|
244
|
-
|
245
|
-
fastcgi_pass_header "X-Accel-Expires";
|
246
|
-
|
247
|
-
fastcgi_read_timeout 180;
|
248
|
-
|
249
|
-
include fastcgi_params;
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
}
|
254
|
-
|
255
|
-
|
256
|
-
|
257
|
-
location @wp {
|
258
|
-
|
259
|
-
root /var/www/html/wordpress;
|
260
|
-
|
261
|
-
fastcgi_index index.php;
|
262
|
-
|
263
|
-
fastcgi_split_path_info ^(.+\.php)(.*)$;
|
264
|
-
|
265
|
-
fastcgi_pass unix:/var/run/php-fpm.sock;
|
266
|
-
|
267
|
-
fastcgi_param SCRIPT_FILENAME /var/www/html/wordpress/index.php;
|
268
|
-
|
269
|
-
include fastcgi_params;
|
270
|
-
|
271
|
-
}
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
# wp-config.phpへのアクセスを全て拒否
|
276
|
-
|
277
|
-
location ~* /wp-config.php {
|
278
|
-
|
279
|
-
deny all;
|
280
|
-
|
281
|
-
}
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
location ~* /(phpmyadmin|myadmin|pma) {
|
286
|
-
|
287
|
-
access_log off;
|
288
|
-
|
289
|
-
log_not_found off;
|
290
|
-
|
291
|
-
return 404;
|
292
|
-
|
293
|
-
}
|
294
|
-
|
295
|
-
|
296
|
-
|
297
|
-
location = /healthcheck.txt {
|
298
|
-
|
299
|
-
access_log off;
|
300
|
-
|
301
|
-
return 204;
|
302
|
-
|
303
|
-
break;
|
304
|
-
|
305
|
-
}
|
306
|
-
|
307
|
-
|
308
|
-
|
309
|
-
location /.well-known {
|
310
|
-
|
311
|
-
root /var/www/html;
|
312
|
-
|
313
|
-
}
|
314
|
-
|
315
|
-
location ^~ /.well-known/acme-challenge {
|
316
|
-
|
317
|
-
root /usr/local/letsencrypt;
|
318
|
-
|
319
|
-
access_log /var/log/nginx/access_letsencrypt.log;
|
320
|
-
|
321
|
-
error_log /var/log/nginx/error_letsencrypt.log;
|
322
|
-
|
323
|
-
}
|
324
|
-
|
325
|
-
|
326
|
-
|
327
|
-
# error_page 404 /index.php?error=404;
|
328
|
-
|
329
|
-
error_page 500 502 503 504 /50x.html;
|
330
|
-
|
331
|
-
|
332
|
-
|
333
|
-
location /favicon {
|
334
|
-
|
335
|
-
empty_gif;
|
336
|
-
|
337
|
-
access_log off;
|
338
|
-
|
339
|
-
log_not_found off;
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
}
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
location = /robots.txt {
|
348
|
-
|
349
|
-
log_not_found off;
|
350
|
-
|
351
|
-
access_log off;
|
352
|
-
|
353
|
-
}
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
location ~ /\. {
|
358
|
-
|
359
|
-
deny all;
|
360
|
-
|
361
|
-
log_not_found off;
|
362
|
-
|
363
|
-
access_log off;
|
364
|
-
|
365
|
-
}
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
location ~* \.(pdf)$ {
|
370
|
-
|
371
|
-
add_header X-Robots-Tag noindex;
|
372
|
-
|
373
|
-
}
|
374
|
-
|
375
|
-
}
|
376
|
-
|
377
|
-
```
|
1
接続の流れを追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -1,6 +1,24 @@
|
|
1
|
-
タイトルのことをしたく、ALBを下記リンクを参考にターゲットグループを作成し
|
1
|
+
タイトルのことをしたく、ALBを下記リンクを参考にターゲットグループを作成し
|
2
|
+
|
2
|
-
|
3
|
+
```ここに言語を入力
|
4
|
+
|
5
|
+
from internet
|
6
|
+
|
7
|
+
[internet] http -> 80 [ALB] http -> 81 [nginx] (https redirect)
|
8
|
+
|
9
|
+
[internet] https -> 433 [ALB] http -> 80 [nginx] http -> any [WordPress]
|
10
|
+
|
11
|
+
|
12
|
+
|
13
|
+
from health-checker
|
14
|
+
|
15
|
+
[health-checker] http -> 80 [nginx] http -> any [WordPress]
|
16
|
+
|
17
|
+
```
|
18
|
+
|
19
|
+
|
20
|
+
|
3
|
-
ヘルスチェック
|
21
|
+
のようにしたいのですが、ヘルスチェックでunhealthyになります。
|
4
22
|
|
5
23
|
|
6
24
|
|