転載・引用について

ユーザ用ツール

サイト用ツール


tweet:2020:1215_01

差分

このページの2つのバージョン間の差分を表示します。

この比較画面にリンクする

次のリビジョン
前のリビジョン
tweet:2020:1215_01 [2020/12/15 03:13]
seirios 作成
tweet:2020:1215_01 [2020/12/16 22:20] (現在)
seirios
行 15: 行 15:
 ==== Binary PackageのInstall ==== ==== Binary PackageのInstall ====
  
-標準状態で ZFS を root にして Install する +  * 標準状態で ZFS を root にして Install する 
- +  * 必要最小限のPackageを投入 
-<code>+    <code>
 # pkg install sudo postgresql12-client postgresql12-server nginx-devel memcached php74 php74-pecl-memcached php74-pdo_pgsql php74-pgsql # pkg install sudo postgresql12-client postgresql12-server nginx-devel memcached php74 php74-pecl-memcached php74-pdo_pgsql php74-pgsql
 </code> </code>
- +    * 本当はpostgresql13を利用したかったが、pkgでpdo-pgsqlを利用する関係で、postgresql12を利用することにした。将来更新で面倒なことになる可能性があるので悩ましいが、とりあえず現時点ではどうなるかの確認を兼ねてPGSQL12で試してみる。 
-本当はpostgresql13を利用したかったが、pkgでpdo-pgsqlを利用する関係で、postgresql12を利用することにした。将来更新で面倒なことになる可能性があるので悩ましいが、とりあえず現時点ではどうなるかの確認を兼ねてPGSQL12で試してみる。 +      <WRAP>
- +
-<WRAP>+
 FreeBSDのportsやNetBSDのpkgsrc、RHE系のyum等、Binary Package管理システムはこういうときに融通が効きにくいという辛みがある。 FreeBSDのportsやNetBSDのpkgsrc、RHE系のyum等、Binary Package管理システムはこういうときに融通が効きにくいという辛みがある。
 しかし、こうしないと派生のBinary Packageが大量に発生するという問題もあるので痛し痒しというところか... しかし、こうしないと派生のBinary Packageが大量に発生するという問題もあるので痛し痒しというところか...
行 29: 行 27:
 まぁ、そのために、portsでCompileする部分が残っているというのはあるが... まぁ、そのために、portsでCompileする部分が残っているというのはあるが...
 </WRAP> </WRAP>
- +  * NextCloud用の追加Packageを投入 
-次に、PGSQLおよび格納ファイル用のzpoolを作成する +    * <code> 
-<code>+# pkg install php74-extensions php74-zip php74-mbstring php74-gd php74-curl php74-openssl php74-fileinfo php74-bz2 php74-intl php74-bcmath php74-ftp php74-gmp php74-exif php74-pecl-memcache php74-pecl-memcached php74-pecl-imagick-im7 php74-pecl-APCu 
 +</code> 
 +  次に、PGSQLおよび格納ファイル用のzpoolを作成する 
 +    <code>
 # zpool create -m none zdata /dev/ada1 # zpool create -m none zdata /dev/ada1
 # zfs create zdata/pgsql # zfs create zdata/pgsql
行 37: 行 38:
 # zfs set recordsize=8k zdata/pgsql # zfs set recordsize=8k zdata/pgsql
 # chown -R postgres:postgres /var/db/postgres # chown -R postgres:postgres /var/db/postgres
 +# zfs create zdata/www
 +# zfs set mountpoint=/home/www zdata/www
 +# chown www:www /home/www
 +# chown -R www:www /home/www
 </code> </code>
  
行 102: 行 107:
 ==== NGINX ==== ==== NGINX ====
  
-==== Service Certificate ====+  * NGINXのlogファイルを格納するDirectoryのOwner/Groupをwww:wwwに変更 
 +    * <code> 
 +# chown www:www /var/log/nginx 
 +</code> 
 +  * /usr/local/etc/nginx/nginx.confを作成 
 +    * <code - nginx.conf> 
 +user www; 
 +worker_processes 4; 
 +worker_rlimit_nofile 51200; 
 +error_log /var/log/nginx/error.log; 
 + 
 +events { 
 +  worker_connections 1024; 
 +
 + 
 +http { 
 +  include mime.types; 
 +  default_type application/octet-stream; 
 +  log_format main '$remote_addr - $remote_user [$time_local] "$request" '; 
 +  access_log /var/log/nginx/access.log main; 
 +  sendfile on; 
 +  keepalive_timeout 65; 
 + 
 +  upstream php-handler { 
 +    server 127.0.0.1:9000; 
 +  } 
 + 
 +  server { 
 +    # ENFORCE HTTPS 
 +    listen 80; 
 +    server_name nextcloud.domain.com; 
 +    return 301 https://$server_name$request_uri; 
 +  } 
 + 
 +  server { 
 +    listen 443 ssl http2; 
 +    server_name nextcloud.domain.com; 
 +    ssl_certificate /usr/local/etc/nginx/ssl/ssl-bundle.crt; 
 +    ssl_certificate_key /usr/local/etc/nginx/ssl/server.key; 
 + 
 +    # HEADERS SECURITY RELATED 
 +    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; 
 +    add_header Referrer-Policy "no-referrer"; 
 + 
 +    # HEADERS 
 +    add_header X-Content-Type-Options nosniff; 
 +    add_header X-XSS-Protection "1; mode=block"; 
 +    add_header X-Robots-Tag none; 
 +    add_header X-Download-Options noopen; 
 +    add_header X-Permitted-Cross-Domain-Policies none; 
 + 
 +    # PATH TO THE ROOT OF YOUR INSTALLATION 
 +    root /usr/local/www/nextcloud/; 
 + 
 +    location /robots.txt { 
 +      allow all; 
 +      log_not_found off; 
 +      access_log off; 
 +    } 
 + 
 +    location /.well-known/carddav { 
 +      return 301 $scheme://$host/remote.php/dav; 
 +    } 
 + 
 +    location /.well-known/caldav { 
 +      return 301 $scheme://$host/remote.php/dav; 
 +    } 
 + 
 +    # BUFFERS TIMEOUTS UPLOAD SIZES 
 +    client_max_body_size 16400M; 
 +    client_body_buffer_size 1048576k; 
 +    send_timeout 3000; 
 + 
 +    # ENABLE GZIP BUT DO NOT REMOVE ETag HEADERS 
 +    gzip on; 
 +    gzip_vary on; 
 +    gzip_comp_level 4; 
 +    gzip_min_length 256; 
 +    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; 
 +    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; 
 + 
 +    location / { 
 +      rewrite ^ /index.php$request_uri; 
 +    } 
 + 
 +    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/
 +      deny all; 
 +    } 
 + 
 +    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { 
 +      deny all; 
 +    } 
 + 
 +    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { 
 +      fastcgi_split_path_info ^(.+\.php)(/.*)$; 
 +      include fastcgi_params; 
 +      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 +      fastcgi_param PATH_INFO $fastcgi_path_info; 
 +      fastcgi_param HTTPS on; 
 +      fastcgi_param modHeadersAvailable true; 
 +      fastcgi_param front_controller_active true; 
 +      fastcgi_pass php-handler; 
 +      fastcgi_intercept_errors on; 
 +      fastcgi_request_buffering off; 
 +      fastcgi_keep_conn off; 
 +      fastcgi_buffers 16 256K; 
 +      fastcgi_buffer_size 256k; 
 +      fastcgi_busy_buffers_size 256k; 
 +      fastcgi_temp_file_write_size 256k; 
 +      fastcgi_send_timeout 3000s; 
 +      fastcgi_read_timeout 3000s; 
 +      fastcgi_connect_timeout 3000s; 
 +    } 
 + 
 +    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { 
 +      try_files $uri/ =404; 
 +      index index.php; 
 +    } 
 + 
 +    # ADDING THE CACHE CONTROL HEADER FOR JS AND CSS FILES 
 +    # MAKE SURE IT IS BELOW PHP BLOCK 
 +    location ~ \.(?:css|js|woff2?|svg|gif)$ { 
 +      try_files $uri /index.php$uri$is_args$args; 
 +      add_header Cache-Control "public, max-age=15778463"; 
 +      # HEADERS SECURITY RELATED 
 +      # IT IS INTENDED TO HAVE THOSE DUPLICATED TO ONES ABOVE 
 +      add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; 
 +      # HEADERS 
 +      add_header X-Content-Type-Options nosniff; 
 +      add_header X-XSS-Protection "1; mode=block"; 
 +      add_header X-Robots-Tag none; 
 +      add_header X-Download-Options noopen; 
 +      add_header X-Permitted-Cross-Domain-Policies none; 
 +      # OPTIONAL: DONT LOG ACCESS TO ASSETS 
 +      access_log off; 
 +    } 
 + 
 +    location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { 
 +      try_files $uri /index.php$uri$is_args$args; 
 +      # OPTIONAL: DONT LOG ACCESS TO OTHER ASSETS 
 +      access_log off; 
 +    } 
 +  } 
 +
 +</code> 
 + 
 +==== サーバ証明書の入手 ==== 
 +  * 今時はいろいろな方法があるが、今回はLet's Encryptで取得した。 
 +  * 詳細は割愛
  
 ==== PHP configuration ==== ==== PHP configuration ====
 +  * php.ini
 +    * <code diff php.ini.diff>
 +# diff -c php.ini-production php.ini
 +*** php.ini-production  Tue Dec  8 10:31:04 2020
 +--- php.ini     Wed Dec 16 00:49:45 2020
 +***************
 +*** 212,218 ****
 +  ; Development Value: 4096
 +  ; Production Value: 4096
 +  ; http://php.net/output-buffering
 +! output_buffering = 4096
  
-==== Collaboration between PHP and PGSQL ====+  ; You can redirect all of the output of your scripts to a function.  For 
 +  ; example, if you set output_handler to "mb_output_handler", character 
 +--- 212,219 ---- 
 +  ; Development Value: 4096 
 +  ; Production Value: 4096 
 +  ; http://php.net/output-buffering 
 +! ;output_buffering 4096 
 +! output_buffering Off 
 + 
 +  ; You can redirect all of the output of your scripts to a function.  For 
 +  ; example, if you set output_handler to "mb_output_handler", character 
 +*************** 
 +*** 297,303 **** 
 +  ; The value is also used for json_encode when encoding double values. 
 +  ; If -1 is used, then dtoa mode 0 is used which automatically select the best 
 +  ; precision. 
 +! serialize_precision -1 
 + 
 +  ; open_basedir, if set, limits all file operations to the defined directory 
 +  ; and below.  This directive makes most sense if used in a per-directory 
 +--- 298,305 ---- 
 +  ; The value is also used for json_encode when encoding double values. 
 +  ; If -1 is used, then dtoa mode 0 is used which automatically select the best 
 +  ; precision. 
 +! ;serialize_precision -1 
 +! serialize_precision = 17 
 + 
 +  ; open_basedir, if set, limits all file operations to the defined directory 
 +  ; and below.  This directive makes most sense if used in a per-directory 
 +*************** 
 +*** 385,391 **** 
 +  ; Maximum execution time of each script, in seconds 
 +  ; http://php.net/max-execution-time 
 +  ; Note: This directive is hardcoded to 0 for the CLI SAPI 
 +! max_execution_time = 30 
 + 
 +  ; Maximum amount of time each script may spend parsing request data. It's a good 
 +  ; idea to limit this time on productions servers in order to eliminate unexpectedly 
 +--- 387,394 ---- 
 +  ; Maximum execution time of each script, in seconds 
 +  ; http://php.net/max-execution-time 
 +  ; Note: This directive is hardcoded to 0 for the CLI SAPI 
 +! ;max_execution_time = 60 
 +! max_execution_time = 3600 
 + 
 +  ; Maximum amount of time each script may spend parsing request data. It's a good 
 +  ; idea to limit this time on productions servers in order to eliminate unexpectedly 
 +*************** 
 +*** 395,401 **** 
 +  ; Development Value: 60 (60 seconds) 
 +  ; Production Value: 60 (60 seconds) 
 +  ; http://php.net/max-input-time 
 +! max_input_time = 60 
 + 
 +  ; Maximum input variable nesting level 
 +  ; http://php.net/max-input-nesting-level 
 +--- 398,405 ---- 
 +  ; Development Value: 60 (60 seconds) 
 +  ; Production Value: 60 (60 seconds) 
 +  ; http://php.net/max-input-time 
 +! ;max_input_time = 60 
 +! max_input_time = 30000 
 + 
 +  ; Maximum input variable nesting level 
 +  ; http://php.net/max-input-nesting-level 
 +*************** 
 +*** 406,412 **** 
 + 
 +  ; Maximum amount of memory a script may consume 
 +  ; http://php.net/memory-limit 
 +! memory_limit = 128M 
 + 
 +  ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
 +  ; Error handling and logging ; 
 +--- 410,417 ---- 
 + 
 +  ; Maximum amount of memory a script may consume 
 +  ; http://php.net/memory-limit 
 +! ;memory_limit = 128M 
 +! memory_limit = 1024M 
 + 
 +  ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 
 +  ; Error handling and logging ; 
 +*************** 
 +*** 536,541 **** 
 +--- 541,547 ---- 
 +  ; Production Value: Off 
 +  ; http://php.net/track-errors 
 +  ;track_errors = Off 
 ++ track_errors = Off 
 + 
 +  ; Turn off normal error reporting and emit XML-RPC error XML 
 +  ; http://php.net/xmlrpc-errors 
 +*************** 
 +*** 550,555 **** 
 +--- 556,562 ---- 
 +  ; Note: This directive is hardcoded to Off for the CLI SAPI 
 +  ; http://php.net/html-errors 
 +  ;html_errors = On 
 ++ html_errors = On 
 + 
 +  ; If html_errors is set to On *and* docref_root is not empty, then PHP 
 +  ; produces clickable error messages that direct to a page describing the error 
 +*************** 
 +*** 584,589 **** 
 +--- 591,597 ---- 
 +  ; http://php.net/error-log 
 +  ; Example: 
 +  ;error_log = php_errors.log 
 ++ error_log = /var/log/php.log 
 +  ; Log errors to syslog (Event Log on Windows). 
 +  ;error_log = syslog 
 + 
 +*************** 
 +*** 691,697 **** 
 +  ; Its value may be 0 to disable the limit. It is ignored if POST data reading 
 +  ; is disabled through enable_post_data_reading. 
 +  ; http://php.net/post-max-size 
 +! post_max_size = 8M 
 + 
 +  ; Automatically add files before PHP document. 
 +  ; http://php.net/auto-prepend-file 
 +--- 699,706 ---- 
 +  ; Its value may be 0 to disable the limit. It is ignored if POST data reading 
 +  ; is disabled through enable_post_data_reading. 
 +  ; http://php.net/post-max-size 
 +! ;post_max_size = 8M 
 +! post_max_size = 16400M 
 + 
 +  ; Automatically add files before PHP document. 
 +  ; http://php.net/auto-prepend-file 
 +*************** 
 +*** 843,852 **** 
 + 
 +  ; Maximum allowed size for uploaded files. 
 +  ; http://php.net/upload-max-filesize 
 +! upload_max_filesize = 2M 
 + 
 +  ; Maximum number of files that can be uploaded via a single request 
 +! max_file_uploads = 20 
 + 
 +  ;;;;;;;;;;;;;;;;;; 
 +  ; Fopen wrappers ; 
 +--- 852,863 ---- 
 + 
 +  ; Maximum allowed size for uploaded files. 
 +  ; http://php.net/upload-max-filesize 
 +! ;upload_max_filesize = 2M 
 +! upload_max_filesize = 16400M 
 + 
 +  ; Maximum number of files that can be uploaded via a single request 
 +! ;max_file_uploads = 20 
 +! max_file_uploads = 64 
 + 
 +  ;;;;;;;;;;;;;;;;;; 
 +  ; Fopen wrappers ; 
 +*************** 
 +*** 871,877 **** 
 + 
 +  ; Default timeout for socket based streams (seconds) 
 +  ; http://php.net/default-socket-timeout 
 +! default_socket_timeout = 60 
 + 
 +  ; If your scripts have to deal with files from Macintosh systems, 
 +  ; or you are running on a Mac and need to deal with files from 
 +--- 882,889 ---- 
 + 
 +  ; Default timeout for socket based streams (seconds) 
 +  ; http://php.net/default-socket-timeout 
 +! ;default_socket_timeout = 60 
 +! default_socket_timeout = 300 
 + 
 +  ; If your scripts have to deal with files from Macintosh systems, 
 +  ; or you are running on a Mac and need to deal with files from 
 +*************** 
 +*** 960,965 **** 
 +--- 972,978 ---- 
 +  ; Defines the default timezone used by the date functions 
 +  ; http://php.net/date.timezone 
 +  ;date.timezone = 
 ++ date.timezone = Asia/Tokyo 
 + 
 +  ; http://php.net/date.default-latitude 
 +  ;date.default_latitude = 31.7667 
 +*************** 
 +*** 1053,1058 **** 
 +--- 1066,1072 ---- 
 +  [Pdo_mysql] 
 +  ; Default socket name for local MySQL connects.  If empty, uses the built-in 
 +  ; MySQL defaults. 
 ++ pdo_mysql.cache_size = 2000 
 +  pdo_mysql.default_socket= 
 + 
 +  [Phar] 
 +*************** 
 +*** 1085,1091 **** 
 +  ;mail.force_extra_parameters = 
 + 
 +  ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 
 +! mail.add_x_header = Off 
 + 
 +  ; The path to a log file that will log all mail() calls. Log entries include 
 +  ; the full path of the script, line number, To address and headers. 
 +--- 1099,1106 ---- 
 +  ;mail.force_extra_parameters = 
 + 
 +  ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 
 +! ;mail.add_x_header = Off 
 +! mail.add_x_header = On 
 + 
 +  ; The path to a log file that will log all mail() calls. Log entries include 
 +  ; the full path of the script, line number, To address and headers. 
 +*************** 
 +*** 1340,1345 **** 
 +--- 1355,1361 ---- 
 +  ; does not overwrite the process's umask. 
 +  ; http://php.net/session.save-path 
 +  ;session.save_path = "/tmp" 
 ++ session.save_path = "/tmp" 
 + 
 +  ; Whether to use strict session mode. 
 +  ; Strict session mode does not accept an uninitialized session ID, and 
 +*************** 
 +*** 1767,1785 **** 
 +--- 1783,1806 ---- 
 +  [opcache] 
 +  ; Determines if Zend OPCache is enabled 
 +  ;opcache.enable=1 
 ++ opcache.enable=1 
 + 
 +  ; Determines if Zend OPCache is enabled for the CLI version of PHP 
 +  ;opcache.enable_cli=0 
 ++ opcache.enable_cli=1 
 + 
 +  ; The OPcache shared memory storage size. 
 +  ;opcache.memory_consumption=128 
 ++ opcache.memory_consumption=128 
 + 
 +  ; The amount of memory for interned strings in Mbytes. 
 +  ;opcache.interned_strings_buffer=8 
 ++ opcache.interned_strings_buffer=8 
 + 
 +  ; The maximum number of keys (scripts) in the OPcache hash table. 
 +  ; Only numbers between 200 and 1000000 are allowed. 
 +  ;opcache.max_accelerated_files=10000 
 ++ opcache.max_accelerated_files=10000 
 + 
 +  ; The maximum percentage of "wasted" memory until a restart is scheduled. 
 +  ;opcache.max_wasted_percentage=5 
 +*************** 
 +*** 1798,1803 **** 
 +--- 1819,1825 ---- 
 +  ; memory storage allocation. ("1" means validate once per second, but only 
 +  ; once per request. "0" means always validate) 
 +  ;opcache.revalidate_freq=2 
 ++ opcache.revalidate_freq=1 
 + 
 +  ; Enables or disables file search in include_path optimization 
 +  ;opcache.revalidate_path=
 +*************** 
 +*** 1805,1810 **** 
 +--- 1827,1833 ---- 
 +  ; If disabled, all PHPDoc comments are dropped from the code to reduce the 
 +  ; size of the optimized code. 
 +  ;opcache.save_comments=
 ++ opcache.save_comments=
 + 
 +  ; Allow file existence override (file_exists, etc.) performance feature. 
 +  ;opcache.enable_file_override=
 +</code>
  
 ==== PHP FPM ==== ==== PHP FPM ====
 +  * php-fpm.confの修正
 +    * <code diff php-fpm.conf.diff>
 +*** php-fpm.conf.default        Tue Dec  8 10:30:57 2020
 +--- php-fpm.conf        Wed Dec 16 00:59:40 2020
 +***************
 +*** 22,27 ****
 +--- 22,28 ----
 +  ; Note: the default prefix is /var
 +  ; Default Value: log/php-fpm.log
 +  ;error_log = log/php-fpm.log
 ++ error_log = log/php-fpm.log
 +
 +  ; syslog_facility is used to specify what type of program is logging the
 +  ; message. This lets syslogd specify that messages from different facilities
 +***************
 +*** 29,34 ****
 +--- 30,36 ----
 +  ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
 +  ; Default Value: daemon
 +  ;syslog.facility = daemon
 ++ syslog.facility = daemon
 +
 +  ; syslog_ident is prepended to every message. If you have multiple FPM
 +  ; instances running on the same server, you can change the default value
 +</code>
 +  * 以下を実行
 +    * <code>
 +# touch /var/log/php-fpm.log
 +# chown www:www /var/log/php-fpm.log
 +</code>
 +  * php-fpm.d/www.confを変更
 +    * <code diff php-fpm.d/www.conf.diff>
 +# diff -c www.conf www.conf.default
 +*** www.conf    Wed Dec 16 01:05:44 2020
 +--- www.conf.default    Tue Dec  8 10:30:57 2020
 +***************
 +*** 42,48 ****
 +  ; Set listen(2) backlog.
 +  ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
 +  ;listen.backlog = 511
 +- listen.backlog = -1
 +
 +  ; Set permissions for unix socket, if one is used. In Linux, read/write
 +  ; permissions must be set in order to allow connections from a web server. Many
 +--- 42,47 ----
 +***************
 +*** 51,61 ****
 +  ; Default Values: user and group are set as the running user
 +  ;                 mode is set to 0660
 +  ;listen.owner = www
 +- listen.owner = www
 +  ;listen.group = www
 +- listen.group = www
 +  ;listen.mode = 0660
 +- listen.mode = 0660
 +  ; When POSIX Access Control Lists are supported you can set them using
 +  ; these options, value is a comma separated list of user/group names.
 +  ; When set, listen.owner and listen.group are ignored
 +--- 50,57 ----
 +***************
 +*** 69,75 ****
 +  ; accepted from any ip address.
 +  ; Default Value: any
 +  ;listen.allowed_clients = 127.0.0.1
 +- listen.allowed_clients = 127.0.0.1
 +
 +  ; Specify the nice(2) priority to apply to the pool processes (only if set)
 +  ; The value can vary from -19 (highest priority) to 20 (lower priority)
 +--- 65,70 ----
 +***************
 +*** 109,116 ****
 +  ;             pm.process_idle_timeout   - The number of seconds after which
 +  ;                                         an idle process will be killed.
 +  ; Note: This value is mandatory.
 +! ;pm = dynamic
 +! pm = static
 +
 +  ; The number of child processes to be created when pm is set to 'static' and the
 +  ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
 +--- 104,110 ----
 +  ;             pm.process_idle_timeout   - The number of seconds after which
 +  ;                                         an idle process will be killed.
 +  ; Note: This value is mandatory.
 +! pm = dynamic
 +
 +  ; The number of child processes to be created when pm is set to 'static' and the
 +  ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
 +***************
 +*** 121,159 ****
 +  ; forget to tweak pm.* to fit your needs.
 +  ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 +  ; Note: This value is mandatory.
 +! ;pm.max_children = 5
 +! pm.max_children = 8
 +
 +  ; The number of child processes created on startup.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Default Value: (min_spare_servers + max_spare_servers) / 2
 +! ;pm.start_servers = 2
 +! pm.start_servers = 4
 +
 +  ; The desired minimum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! ;pm.min_spare_servers = 1
 +! pm.min_spare_servers = 4
 +
 +  ; The desired maximum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! ;pm.max_spare_servers = 3
 +! pm.max_spare_servers = 32
 +
 +  ; The number of seconds after which an idle process will be killed.
 +  ; Note: Used only when pm is set to 'ondemand'
 +  ; Default Value: 10s
 +  ;pm.process_idle_timeout = 10s;
 +- pm.process_idle_timeout = 1000s;
 +
 +  ; The number of requests each child process should execute before respawning.
 +  ; This can be useful to work around memory leaks in 3rd party libraries. For
 +  ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 +  ; Default Value: 0
 +  ;pm.max_requests = 500
 +- pm.max_requests = 500
 +
 +  ; The URI to view the FPM status page. If this value is not set, no URI will be
 +  ; recognized as a status page. It shows the following informations:
 +--- 115,147 ----
 +  ; forget to tweak pm.* to fit your needs.
 +  ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 +  ; Note: This value is mandatory.
 +! pm.max_children = 5
 +
 +  ; The number of child processes created on startup.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Default Value: (min_spare_servers + max_spare_servers) / 2
 +! pm.start_servers = 2
 +
 +  ; The desired minimum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! pm.min_spare_servers = 1
 +
 +  ; The desired maximum number of idle server processes.
 +  ; Note: Used only when pm is set to 'dynamic'
 +  ; Note: Mandatory when pm is set to 'dynamic'
 +! pm.max_spare_servers = 3
 +
 +  ; The number of seconds after which an idle process will be killed.
 +  ; Note: Used only when pm is set to 'ondemand'
 +  ; Default Value: 10s
 +  ;pm.process_idle_timeout = 10s;
 +
 +  ; The number of requests each child process should execute before respawning.
 +  ; This can be useful to work around memory leaks in 3rd party libraries. For
 +  ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
 +  ; Default Value: 0
 +  ;pm.max_requests = 500
 +
 +  ; The URI to view the FPM status page. If this value is not set, no URI will be
 +  ; recognized as a status page. It shows the following informations:
 +***************
 +*** 355,361 ****
 +  ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
 +  ; Default Value: 0
 +  ;request_terminate_timeout = 0
 +- request_terminate_timeout = 0
 +
 +  ; The timeout set by 'request_terminate_timeout' ini option is not engaged after
 +  ; application calls 'fastcgi_finish_request' or when application has finished and
 +--- 343,348 ----
 +***************
 +*** 368,374 ****
 +  ; Set open file descriptor rlimit.
 +  ; Default Value: system defined value
 +  ;rlimit_files = 1024
 +- rlimit_files = 51200
 +
 +  ; Set max core size rlimit.
 +  ; Possible Values: 'unlimited' or an integer greater or equal to 0
 +--- 355,360 ----
 +***************
 +*** 426,440 ****
 +  ; the current environment.
 +  ; Default Value: clean env
 +  ;env[HOSTNAME] = $HOSTNAME
 +- env[HOSTNAME] = $HOSTNAME
 +  ;env[PATH] = /usr/local/bin:/usr/bin:/bin
 +- env[PATH] = /usr/local/bin:/usr/bin:/bin
 +  ;env[TMP] = /tmp
 +- env[TMP] = /tmp
 +  ;env[TMPDIR] = /tmp
 +- env[TMPDIR] = /tmp
 +  ;env[TEMP] = /tmp
 +- env[TEMP] = /tmp
 +
 +  ; Additional php.ini defines, specific to this pool of workers. These settings
 +  ; overwrite the values previously defined in the php.ini. The directives are the
 +--- 412,421 ----
 +</code>
  
 ==== Start Backend service ==== ==== Start Backend service ====
 +  * Backend Service を開始する
 +<code>
 +# service postgresql start
 +# service postgresql status
 +# service php-fpm start
 +# service php-fpm status
 +# service memcached start
 +# service memcached status
 +# service nginx start
 +</code>
  
 ===== Nextcloud Configuration ===== ===== Nextcloud Configuration =====
  
 +  * nextcloud/config/config.phpを編集(以下を追加)
 +    * <code>
 +  'trusted_proxies'   => ['10.1.201.128','10.1.201.129','10.1.201.130'],
 +  'overwriteprotocol' => 'https',
 +  'overwritehost'     => 'hostname',
 +  'memcache.local'       => '\OC\Memcache\APCu',
 +  'memcache.distributed' => '\OC\Memcache\Memcached',
 +  'memcached_servers'    => [
 +       [ '127.0.0.1', 11211 ],
 +  ],
 +</code>
 +  * BrowserからNextCloudにアクセスする
 +  * Top Pageに初期設定の画面が出力される
 +    * DB設定をPgSQLに変更する
 +    * Administrator Accountを作成する
 +  * loginしたら、設定から各種設定を確認し、挙動確認を行う
  
 +==== Log rotation ====
 +  * newsyslogでlogをRotationする設定を投入
 +<code>
 +# mkdir /usr/local/etc/newsyslog.conf.d
 +# cd /usr/local/etc/newsyslog.conf.d
 +# vi nextcloud.conf nginx.conf php-fpm.conf
 +</code>
  
-==== Config trusted domains ====+<code - nextcloud.conf> 
 +/some/where/nextcloud/data/nextcloud.log www:www 640 7 * @T00  JC 
 +</code> 
 +<code - nginx.conf> 
 +/var/log/nginx/error.log          www:www     640  7        @T00  JC 
 +/var/log/nginx/access.log         www:www     640  7        @T00  JC
  
-==== Log rotation ====+/var/log/nginx/nextcloud.err      www:www     640  7        @T00  JC 
 +/var/log/nginx/nextcloud.acc      www:www     640  7        @T00  JC 
 +</code>
  
 +<code - php-fpm.conf>
 +/var/log/php-fpm.log                         www:www     640  7        @T00  JC
 +</code>
tweet/2020/1215_01.1607969597.txt.gz · 最終更新: 2020/12/15 03:13 by seirios