Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to build/ops websites safety (2020-12-10)

Avatar for Daiji Hirata Daiji Hirata
December 10, 2020
Business
0
100

How to build/ops websites safety (2020-12-10)

ウェブサイト運用にともなうリスクと安定運用のコツ
2020.12.10 シックス・アパート オンラインミニセミナー スライド
Avatar for Daiji Hirata

Daiji Hirata

December 10, 2020
Tweet

More Decks by Daiji Hirata

See All by Daiji Hirata
MTDDC Meetup TOKYO 2024 Keynote
Avatar for Daiji Hirata hirata
1
610
MTDDC Meetup TOHOKU 2024 Keynote Speech
Avatar for Daiji Hirata hirata
1
660
MTDDC Meetup Tokyo 2023 Keynote
Avatar for Daiji Hirata hirata
0
870
MTDDC Meetup Tokyo 2022 Keynote
Avatar for Daiji Hirata hirata
0
82
MTDDC meetup Tokyo 2021 Keynote
Avatar for Daiji Hirata hirata
0
1.3k
How to build a Robust Website for Peak Traffics (2021-02-12)
Avatar for Daiji Hirata hirata
0
83
MTDDC Meetup Tokyo 2020 Keynote
Avatar for Daiji Hirata hirata
0
190
MTDDC Meetup Tokyo 2019 Closing Session
Avatar for Daiji Hirata hirata
0
1.4k
AWS-ISV-SaaS-Seminar-2019-10-28-Tokyo
Avatar for Daiji Hirata hirata
0
77

Other Decks in Business

See All in Business
採用ピッチブック
Avatar for M&A Cloud macloud
3
72k
株式会社メディアドゥ 中期経営計画 2026-2030年2月期(5ヵ年)
Avatar for MEDIA DO Co., Ltd. mediado_ir
0
380
株式会社ゼロフィールド 会社紹介
Avatar for 株式会社ゼロフィールド zerofield
0
280
イグニション・ポイント株式会社/採用エントランスBook_2025
Avatar for Ignition Point-HR ignitionpointhr
2
98k
株式会社CINC 会社案内/Company introduction
Avatar for M.Mitsuo cinchr
6
56k
新しいAI体験を生み出すための v0プロトタイプ駆動型開発
Avatar for inagaki inagakikay
0
1.2k
株式会社AGRI SMILE - Culture Deck
Avatar for AGRI SMILE agrismile
0
33k
THE BINGO - サービス紹介・実績 資料
Avatar for OH MY GOD Inc fujiyamayuta
0
660k
株式会社Domuz会社紹介資料(採用)
Avatar for Kimpachi Kadoike kimpachi_d
0
28k
Fantia株式会社 会社紹介資料
Avatar for Fantia株式会社 fantia
0
1.3k
営業AIエージェント「アポドリ」のつくりかた
Avatar for Shota Ikeyatsu ikeyatsu
8
3.8k
会社紹介資料【ギバーテイクオール株式会社】
Avatar for Giver Take All givertakeall
0
2.1k

Featured

See All Featured
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
378
70k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
798
220k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
28
5.3k
Reflections from 52 weeks, 52 projects
Avatar for Jefferson Lam jeffersonlam
349
20k
Being A Developer After 40
Avatar for Adrian Kosmaczewski akosma
91
590k
Documentation Writing (for coders)
Avatar for Carmen Chung carmenintech
71
4.7k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
Avatar for Eileen M. Uchitelle eileencodes
137
33k
Art, The Web, and Tiny UX
Avatar for Lynn Fisher lynnandtonic
298
20k
The MySQL Ecosystem @ GitHub 2015
Avatar for Sam Lambert samlambert
251
12k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.6k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
23
1.6k

Transcript

  1. γοΫεɾΞύʔτ ฏా େ࣏ ΢ΣϒαΠτӡ༻ʹͱ΋ͳ͏ϦεΫͱ҆ఆӡ༻ͷίπ ΢ΣϒαΠτΛ҆৺ͯ͠׆༻͢ΔͨΊʹ஌͓͖͍ͬͯͨ͜ͱ

  2. ͻΒ͍ͨͩ͡ 4JY"QBSU %JSFDUPS $50 !IJSBUB

  3. ࠓ೔ͷ࿩ • ΢ΣϒαΠτӡ༻্ͷϦεΫͱݪҼ • جຊతͳରࡦ • ରࡦͷҰྫɺެ։αʔόͷ෼཭ • ͦͷଞɺؾΛ͚ͭΔ͜ͱ

  4. ΢ΣϒαΠτͷϦεΫ͍Ζ͍Ζ • αΠτͷվ᜵ɺ৐ͬऔΓ • αΠτͷμ΢ϯ • ৘ใ࿙Ӯ • ౿Έ୆ʹ࢖ΘΕ͍ͯͨ •

    ߋ৽͕Ͱ͖ͳ͘ͳͬͨ

  5. αΠτͷվ᜵ɺ৐ͬऔΓ • ৘ใͷૢ࡞ • Ϛϧ΢ΣΞ͕഑෍͞Ε͍ͯͨ • ѱҙͷ͋ΔϓϩάϥϜΛΫϥΠΞϯτʹ࣮ߦͤ͞Δ • ϑΟογϯά࠮ٗʹ࢖ΘΕ͍ͯͨ •

    ݸਓ৘ใ΍ΫϨδοτΧʔυ৘ใΛ౪·ΕΔ
  6. None

  7. ෛͷ࿈࠯ • Ϛϧ΢ΣΞ / ϑΟογϯάʹ࢖ΘΕΔ • ϒϩοΫϦετʹొ࿥͞ΕΔ • Safe Browsing

    ػೳͰαΠτ͕දࣔ͞Εͳ͘ͳΔ…

  8. αΠτͷμ΢ϯ • αΠτ͕ਅͬനʹͳͬͨ • 404 Not Found ΍φκͷΤϥʔը໘

  9. ৘ใ࿙Ӯ • αʔόʹอଘ͍ͯͨ͠ݸਓ৘ใ͕… • ·ͩެ։͍ͯ͠ͳ͍͸ͣͷ PDF ϑΝΠϧ͕…

  10. ౿Έ୆ʹ͞Ε͍ͯͨ? ඪతܕ߈ܸʹ࢖ΘΕͨྫ • ஌Βͳ͍ϑΝΠϧ͕ࣾ಺͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍αʔό͔ΒͷΞΫηεͰμ΢ϯϩʔυ͞Ε͍ͯͨ • ஌Βͳ͍ϑΝΠϧ͕ࣾ֎͔ΒΞοϓϩʔυ͞Ε͍ͯͨ • ࣾ಺ͷPC͔ΒφκͷΞΫηε͕…

  11. ߋ৽͕Ͱ͖ͳ͍ • CMS ͷ؅ཧը໘ʹϩάΠϯͰ͖ͳ͍ • αʔόͷΞΧ΢ϯτ͕Θ͔Βͳ͍

  12. ͞·͟·ͳݪҼ • ֎෦͔ΒͷͳΜΒ͔ͷΞΫγϣϯ (߈ܸ) • ނো • ୯७ͳϛε • ಺෦൜ߦ

    • ͳʹ΋͍ͯ͠ͳ͍ͷʹ……

  13. جຊతͳରࡦͷߟ͔͑ͨ • ݪҼΛ༧૝͠ɺͦΕͧΕͷରࡦΛߟ͑Δ • ϦεΫΛࣄલʹݮΒ͢ • ΋͠ൃੜͨ͠ͱ͖ͷϦΧόϦʔํ๏Λࣄલʹ༻ҙ͓ͯ͘͠ • ӡ༻ʹؾΛ෷͏ •

    αʔόɺΞϓϦέʔγϣϯΛ҆શʹอͭ • े෼ͳϦιʔεΛख౰͢Δ • ීஈ͔ΒϦεΫʹඋ͑Δ

  14. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • Ұൠ΁ͷ৘ใఏڙͷͨΊͷ΢Σϒαʔό • ίʔϙϨʔταΠτͳͲ • ߋ৽͸ਵ࣌ɺσβΠϯมߋͳͲ͸සൟͰ͸ͳ͍ • ड͚Δͷ͸໰͍߹ΘͤϑΥʔϜఔ౓

  15. Ұൠతͳ΢ΣϒαΠτͰͷߟ͔͑ͨ • ެ։༻αʔόͱΞϓϦέʔγϣϯ༻αʔόΛ෼཭͢Δ • CMS αʔό͸Ұൠ͔ΒΞΫηεͰ͖ͳ͍Α͏ʹɺ੍ݶ͢Δ • ΞΫηε੍ݶɺωοτϫʔΫͷ෼཭ • ެ։༻αʔόʹ͸ɺඞཁͳΞϓϦέʔγϣϯͷΈઃஔ͢Δ

    • ੩తίϯςϯπͷΈͩͱɺ͔ͳΓ҆શ

  16. 010111……… ެ։ྖҬ CMS 1୆ͷαʔόʹ͢΂ͯࠞࡏ html, image, css, js, etc.

  17. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ެ։༻αʔόͱ CMS Λ෼཭͢Δ

  18. ެ։༻αʔόͷ෼཭ • αΠτΛ੩తίϯςϯπͱͯ͠४උ͠ɺެ։༻αʔόʹసૹ͢Δ • MT ͩͱϓϥάΠϯΛར༻͢Δ͜ͱ͕Ұൠత • Uploader, SmartSyncPack, Movable

    Type Premium (SiteSync) • MT Ϋϥ΢υʹ͸ඪ४Ͱαʔό഑৴Λ༻ҙ͍ͯ͠Δ • సૹઌͱରԠ͢Δϓϩτίϧʹ஫ҙ • FTPS, SFTP, rsync, S3 (AWS) ͳͲ

  19. ެ։༻αʔό CMS ެ։ྖҬ 010111……… ඇެ։ྖҬ ഑৴ ࠶ߏங (੩తϑΝΠϧߏங)

  20. ഑৴ػೳͷϝϦοτ • ഑৴ઌΛෳ਺༻ҙ͢Δ͜ͱͰɺεςʔδϯάͷΑ͏ʹར༻Ͱ͖Δ • ίϯςϯπΛ෼཭ͯ͠؅ཧ͢Δ͜ͱ͕Ͱ͖Δ • େن໛αΠτͷҰ෦͚ͩΛ MT Ϋϥ΢υͰ؅ཧ͢Δ •

    ෦໳ຖʹ഑৴Λ෼͚Δ

  21. ެ։༻αʔό ඇެ։ྖҬ ഑৴ ֬ೝ༻αʔό ഑৴ CMS

  22. ެ։༻αʔό CMS ඇެ։ྖҬ Ұ෦ͷྖҬʹ͚ͩ഑৴

  23. CMS ͷΞΫηε੍ݶ΍ηΩϡϦςΟڧԽ • IP ΞυϨεͷ੍ݶ • ύεϫʔυอޢ • WAF ͷར༻

  24. CMS ͷӅṭ • CMS ΞϓϦέʔγϣϯ΁ͷΞΫηεΛ੍ݶ͢Δ • ϗετͷӅṭ • ϓϥΠϕʔτωοτϫʔΫʹઃஔͯ͠ VPN

    ܦ༝ͰΞΫηε • ެ։αʔό΁ͷίϯςϯπ഑৴Ҏ֎ΛڐՄ͠ͳ͍ • ֎෦΁ͷτϥϑΟοΫͷ؂ࢹ͕༰қʹ
 ౿Έ୆ʹͳΔϦεΫΛܰݮͰ͖Δ

  25. ެ։༻αʔό CMS VPN ͳͲͰΞΫηεΛ੍ݶɾ؅ཧ ഑৴ (Ұํ޲) ֎෦͔Βͷ௨৴͸ःஅ 010111………

  26. ެ։αʔόͷߏ੒ྫ • Apache • SSI ΍ htaccess ͸࢖͍͍ͨ • Amazon

    S3 • + CDN • + CDN + WAF + DDoS ରࡦ

  27. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  28. ެ։༻αʔό iframe Ͱ૊ΈࠐΈ

  29. ެ։༻αʔόΛηΩϡΞʹ • ΞϓϦέʔγϣϯͷઃஔΛߦΘͳ͍ɺ΋͘͠͸੍ݶ͢Δ • PHP ͷར༻΍εΫϦϓτͷઃஔ͸ܧଓϝϯςφϯεͰ͖Δ͔Ͳ͏͔ • SSI ΍ .htaccess

    ΋࢖Θͳ͍ͳΒɺS3 ͷར༻΋ࢹ໺ʹೖΔ • ϑΥʔϜɺݕࡧͳͲ͸αʔϏεΛར༻͢Δ͜ͱΛߟ͑Δ • ಠࣗΞϓϦέʔγϣϯ͸αʔόΛ෼཭ͯ͠
 CORS ΍ ReverseProxy Ͱͷӡ༻΋ߟ͑Δ

  30. ΑΓ஫ҙ͢Δ͜ͱ • ނো΍ࣄނʹඋ͑ͨ৑௕ߏ੒ • ೋॏԽ…ϗετɺωοτϫʔΫɺσʔληϯλ • γεςϜͷఆظతͳϝϯςφϯε • ϛυϧ΢ΣΞ΍ΞϓϦέʔγϣϯͷΞοϓσʔτɺઃఆͷ֬ೝ •

    ϩάͷ֬ೝ • ఆظతͳόοΫΞοϓ • όοΫΞοϓͷೖखੑɺੈ୅ • ϦετΞखॱͷ֬ೝ΍τϨʔχϯά

  31. ࣗ෼Ͱ΍Δͷ͕େมͩͱࢥͬͨΒ • ϚωʔδυαʔϏε΍ SaaS ͷ CMS Λར༻͢Δ • Movable Type

    Ϋϥ΢υ൛ • αʔό഑৴ػೳΛඪ४૷උ • MovableType.net • αʔϏεͱͯ͠ɺ͞·͟·ͳϦεΫʹ഑ྀͯ͠ӡӦ͍ͯ͠·͢

  32. ͝੩ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠