CentOS 7 + Nginx + rep2 その8
2chproxy が無事起動するようになったので、今まで同様サービス化を実施
/etc/systemd/system 以下にUnit定義ファイルを設置
中身はこんな感じ
2018/09/15 追記
NetworkManagerを停止した所、Network I/Fが起動する(IP取得)前に
2chproxyが起動しようとしてコケテいたので Unit項目に以下追記
Wants=network-online.target
After=network-online.target
上記の詳細はこちら NetworkManager-wait-online.serviceはどのような場合にenableにすれば良いか、を理詰めで考える
# cat /etc/systemd/system/2chproxy.service [Unit] Description = 2ch proxy daemon Wants=network-online.target After=network-online.target [Service] ExecStart = /usr/local/bin/2chproxy.pl Restart = always Type = simple [Install] WantedBy = multi-user.target
UnitがServiceとして認識されているか確認する
# systemctl list-unit-files --type=service | grep 2chproxy 2chproxy.service disabled
認識されていたので、EnableしてStartする
# systemctl enable 2chproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/2chproxy.service to /etc/systemd/system/2chproxy.service.
# systemctl start 2chproxy
# systemctl status 2chproxy
● 2chproxy.service - 2ch proxy daemon
Loaded: loaded (/etc/systemd/system/2chproxy.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2018-04-16 02:31:14 JST; 6s ago
Main PID: 1519 (2chproxy.pl)
CGroup: /system.slice/2chproxy.service
mq1519 /usr/bin/perl /usr/local/bin/2chproxy.pl
Apr 16 02:31:14 rep2 systemd[1]: Started 2ch proxy daemon.
Apr 16 02:31:14 rep2 systemd[1]: Starting 2ch proxy daemon...
OS再起動しても、問題なくアクセスできることが確認できたので今日はここまで
この後はLet's Encryptを使用してhttps化を実行しよう(何時になることやら
参考情報1 Mozilla SSL Configuration Genarator
-> https://mozilla.github.io/server-side-tls/ssl-config-generator/
参考情報2 rep2用 Nginx設定サンプル
server {
listen 443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
location / {
root /path/to/p2-php/rep2;
index index.php index.html;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param HTTPS on;
fastcgi_param SSL_PROTOCOL $ssl_protocol;
fastcgi_param SSL_CIPHER $ssl_cipher;
fastcgi_param SSL_SESSION_ID $ssl_session_id;
fastcgi_param SSL_CLIENT_VERIFY $ssl_client_verify;
fastcgi_param SCRIPT_FILENAME /path/to/p2-php/rep2$fastcgi_script_name;
break;
}
}
