Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to build/ops websites safety (2020-12-10)

Avatar for Daiji Hirata Daiji Hirata
December 10, 2020
Business
0
120

How to build/ops websites safety (2020-12-10)

ウェブサイト運用にともなうリスクと安定運用のコツ
2020.12.10 シックス・アパート オンラインミニセミナー スライド

Avatar for Daiji Hirata

Daiji Hirata

December 10, 2020
Tweet

More Decks by Daiji Hirata

See All by Daiji Hirata
WebCMS 概観 MTDDC Meetup TOHOKU 2025
Avatar for Daiji Hirata hirata
0
230
MTDDC Meetup TOKYO 2024 Keynote
Avatar for Daiji Hirata hirata
1
670
MTDDC Meetup TOHOKU 2024 Keynote Speech
Avatar for Daiji Hirata hirata
1
690
MTDDC Meetup Tokyo 2023 Keynote
Avatar for Daiji Hirata hirata
0
910
MTDDC Meetup Tokyo 2022 Keynote
Avatar for Daiji Hirata hirata
0
91
MTDDC meetup Tokyo 2021 Keynote
Avatar for Daiji Hirata hirata
0
1.4k
How to build a Robust Website for Peak Traffics (2021-02-12)
Avatar for Daiji Hirata hirata
0
92
MTDDC Meetup Tokyo 2020 Keynote
Avatar for Daiji Hirata hirata
0
210
MTDDC Meetup Tokyo 2019 Closing Session
Avatar for Daiji Hirata hirata
0
1.4k

Other Decks in Business

See All in Business
Company Profile
Avatar for Katsuhiko Eguchi katsuegu23
2
10k
PLAID ALPHAらしさ
Avatar for PLAID plaid
PRO
0
370
株式会社10X - Company Deck
Avatar for 10xinc 10xinc
89
1.5M
Schoo for Business インパクトレポート2025
Avatar for Schoo.inc schoo
0
1.5k
計画と曖昧さ
Avatar for mosa mosa_siru
10
5.9k
Sales Marker Culture Book(English)
Avatar for Sales Marker salesmarker
PRO
2
6k
最高のステークホルダーになるために / Striving to be the best stakeholder
Avatar for iwashi iwashi86
7
3.1k
[T2] 会社紹介資料 2025年8月
Avatar for T2 t2auto
0
5.8k
朝日新聞社 ITエンジニア キャリア採用 紹介資料
Avatar for 朝日新聞社CTO室 asahi_cto
0
140
もっと!「契約交渉よりも顧客との協調を」 〜協調を助ける契約と関係づくり〜
Avatar for sasakendayo sasakendayo
1
450
キャッチアップ会社紹介
Avatar for catchup catchup
2
56k
Company deck
Avatar for TRiCERA Inc. tricera
0
9.5k

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
36
2.5k
Building an army of robots
Avatar for Kyle Neath kneath
306
45k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
507
140k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
70
11k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
161
15k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
272
27k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
8
760
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
48
50k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
207
24k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
367
19k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k

Transcript

  1. γοΫεɾΞύʔτ ฏా େ࣏ ΢ΣϒαΠτӡ༻ʹͱ΋ͳ͏ϦεΫͱ҆ఆӡ༻ͷίπ ΢ΣϒαΠτΛ҆৺ͯ͠׆༻͢ΔͨΊʹ஌͓͖͍ͬͯͨ͜ͱ

  2. ͻΒ͍ͨͩ͡ 4JY"QBSU %JSFDUPS $50 !IJSBUB

  3. ࠓ೔ͷ࿩ • ΢ΣϒαΠτӡ༻্ͷϦεΫͱݪҼ • جຊతͳରࡦ • ରࡦͷҰྫɺެ։αʔόͷ෼཭ • ͦͷଞɺؾΛ͚ͭΔ͜ͱ

  4. ΢ΣϒαΠτͷϦεΫ͍Ζ͍Ζ • αΠτͷվ᜵ɺ৐ͬऔΓ • αΠτͷμ΢ϯ • ৘ใ࿙Ӯ • ౿Έ୆ʹ࢖ΘΕ͍ͯͨ •

    ߋ৽͕Ͱ͖ͳ͘ͳͬͨ

  5. αΠτͷվ᜵ɺ৐ͬऔΓ • ৘ใͷૢ࡞ • Ϛϧ΢ΣΞ͕഑෍͞Ε͍ͯͨ • ѱҙͷ͋ΔϓϩάϥϜΛΫϥΠΞϯτʹ࣮ߦͤ͞Δ • ϑΟογϯά࠮ٗʹ࢖ΘΕ͍ͯͨ •

    ݸਓ৘ใ΍ΫϨδοτΧʔυ৘ใΛ౪·ΕΔ
  6. None

  7. ෛͷ࿈࠯ • Ϛϧ΢ΣΞ / ϑΟογϯάʹ࢖ΘΕΔ • ϒϩοΫϦετʹొ࿥͞ΕΔ • Safe Browsing

    ػೳͰαΠτ͕දࣔ͞Εͳ͘ͳΔ…

  8. αΠτͷμ΢ϯ • αΠτ͕ਅͬനʹͳͬͨ • 404 Not Found ΍φκͷΤϥʔը໘

  9. ৘ใ࿙Ӯ • αʔόʹอଘ͍ͯͨ͠ݸਓ৘ใ͕… • ·ͩެ։͍ͯ͠ͳ͍͸ͣͷ PDF ϑΝΠϧ͕…

  10. ౿Έ୆ʹ͞Ε͍ͯͨ? ඪతܕ߈ܸʹ࢖ΘΕͨྫ • ஌Βͳ͍ϑΝΠϧ͕ࣾ಺͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍αʔό͔ΒͷΞΫηεͰμ΢ϯϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍ϑΝΠϧ͕ࣾ֎͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ࣾ಺ͷPC͔ΒφκͷΞΫηε͕…

  11. ߋ৽͕Ͱ͖ͳ͍ • CMS ͷ؅ཧը໘ʹϩάΠϯͰ͖ͳ͍ • αʔόͷΞΧ΢ϯτ͕Θ͔Βͳ͍

  12. ͞·͟·ͳݪҼ • ֎෦͔ΒͷͳΜΒ͔ͷΞΫγϣϯ (߈ܸ) • ނো • ୯७ͳϛε • ಺෦൜ߦ

    • ͳʹ΋͍ͯ͠ͳ͍ͷʹ……

  13. جຊతͳରࡦͷߟ͔͑ͨ • ݪҼΛ༧૝͠ɺͦΕͧΕͷରࡦΛߟ͑Δ • ϦεΫΛࣄલʹݮΒ͢ • ΋͠ൃੜͨ͠ͱ͖ͷϦΧόϦʔํ๏Λࣄલʹ༻ҙ͓ͯ͘͠ • ӡ༻ʹؾΛ෷͏ •

    αʔόɺΞϓϦέʔγϣϯΛ҆શʹอͭ • े෼ͳϦιʔεΛख౰͢Δ • ීஈ͔ΒϦεΫʹඋ͑Δ

  14. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • Ұൠ΁ͷ৘ใఏڙͷͨΊͷ΢Σϒαʔό • ίʔϙϨʔταΠτͳͲ • ߋ৽͸ਵ࣌ɺσβΠϯมߋͳͲ͸සൟͰ͸ͳ͍ • ड͚Δͷ͸໰͍߹ΘͤϑΥʔϜఔ౓

  15. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • ެ։༻αʔόͱΞϓϦέʔγϣϯ༻αʔόΛ෼཭͢Δ • CMS αʔό͸Ұൠ͔ΒΞΫηεͰ͖ͳ͍Α͏ʹɺ੍ݶ͢Δ • ΞΫηε੍ݶɺωοτϫʔΫͷ෼཭ • ެ։༻αʔόʹ͸ɺඞཁͳΞϓϦέʔγϣϯͷΈઃஔ͢Δ

    • ੩తίϯςϯπͷΈͩͱɺ͔ͳΓ҆શ

  16. 010111……… ެ։ྖҬ CMS 1୆ͷαʔόʹ͢΂ͯࠞࡏ html, image, css, js, etc.

  17. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ެ։༻αʔόͱ CMS Λ෼཭͢Δ

  18. ެ։༻αʔόͷ෼཭ • αΠτΛ੩తίϯςϯπͱͯ͠४උ͠ɺެ։༻αʔόʹసૹ͢Δ • MT ͩͱϓϥάΠϯΛར༻͢Δ͜ͱ͕Ұൠత • Uploader, SmartSyncPack, Movable

    Type Premium (SiteSync) • MT Ϋϥ΢υʹ͸ඪ४Ͱαʔό഑৴Λ༻ҙ͍ͯ͠Δ • సૹઌͱରԠ͢Δϓϩτίϧʹ஫ҙ • FTPS, SFTP, rsync, S3 (AWS) ͳͲ

  19. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ඇެ։ྖҬ ഑৴ ࠶ߏங (੩తϑΝΠϧߏங)

  20. ഑৴ػೳͷϝϦοτ • ഑৴ઌΛෳ਺༻ҙ͢Δ͜ͱͰɺεςʔδϯάͷΑ͏ʹར༻Ͱ͖Δ • ίϯςϯπΛ෼཭ͯ͠؅ཧ͢Δ͜ͱ͕Ͱ͖Δ • େن໛αΠτͷҰ෦͚ͩΛ MT Ϋϥ΢υͰ؅ཧ͢Δ •

    ෦໳ຖʹ഑৴Λ෼͚Δ

  21. ެ։༻αʔό ඇެ։ྖҬ ഑৴ ֬ೝ༻αʔό ഑৴ CMS

  22. ެ։༻αʔό CMS ඇެ։ྖҬ Ұ෦ͷྖҬʹ͚ͩ഑৴

  23. CMS ͷΞΫηε੍ݶ΍ηΩϡϦςΟڧԽ • IP ΞυϨεͷ੍ݶ • ύεϫʔυอޢ • WAF ͷར༻

  24. CMS ͷӅṭ • CMS ΞϓϦέʔγϣϯ΁ͷΞΫηεΛ੍ݶ͢Δ • ϗετͷӅṭ • ϓϥΠϕʔτωοτϫʔΫʹઃஔͯ͠ VPN

    ܦ༝ͰΞΫηε • ެ։αʔό΁ͷίϯςϯπ഑৴Ҏ֎ΛڐՄ͠ͳ͍ • ֎෦΁ͷτϥϑΟοΫͷ؂ࢹ͕༰қʹ
 ౿Έ୆ʹͳΔϦεΫΛܰݮͰ͖Δ

  25. ެ։༻αʔό CMS VPN ͳͲͰΞΫηεΛ੍ݶɾ؅ཧ ഑৴ (Ұํ޲) ֎෦͔Βͷ௨৴͸ःஅ 010111………

  26. ެ։αʔόͷߏ੒ྫ • Apache • SSI ΍ htaccess ͸࢖͍͍ͨ • Amazon

    S3 • + CDN • + CDN + WAF + DDoS ରࡦ

  27. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  28. ެ։༻αʔό iframe Ͱ૊ΈࠐΈ

  29. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  30. ΑΓ஫ҙ͢Δ͜ͱ • ނো΍ࣄނʹඋ͑ͨ৑௕ߏ੒ • ೋॏԽ…ϗετɺωοτϫʔΫɺσʔληϯλ • γεςϜͷఆظతͳϝϯςφϯε • ϛυϧ΢ΣΞ΍ΞϓϦέʔγϣϯͷΞοϓσʔτɺઃఆͷ֬ೝ •

    ϩάͷ֬ೝ • ఆظతͳόοΫΞοϓ • όοΫΞοϓͷೖखੑɺੈ୅ • ϦετΞखॱͷ֬ೝ΍τϨʔχϯά

  31. ࣗ෼Ͱ΍Δͷ͕େมͩͱࢥͬͨΒ • ϚωʔδυαʔϏε΍ SaaS ͷ CMS Λར༻͢Δ • Movable Type

    Ϋϥ΢υ൛ • αʔό഑৴ػೳΛඪ४૷උ • MovableType.net • αʔϏεͱͯ͠ɺ͞·͟·ͳϦεΫʹ഑ྀͯ͠ӡӦ͍ͯ͠·͢

  32. ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠