LinuCエヴァンジェリスト・Open Source Summit Japanボランティアリーダーの鯨井貴博@opensourcetechです。
はじめに
以下の記事でインストールしたUbuntuにWebサーバ(apache2)を構築してみます。
Ubuntu Server 22.04.3 LTSのインストール on Virtualbox 7.0.12(Windows)
Apache2のインストール
APTパッケージリストの最新化
ubuntu@host1example1jp:~$ sudo apt update [sudo] password for ubuntu: Hit:1 http://jp.archive.ubuntu.com/ubuntu jammy InRelease Get:2 http://jp.archive.ubuntu.com/ubuntu jammy-updates InRelease [119 kB] Hit:3 http://jp.archive.ubuntu.com/ubuntu jammy-backports InRelease Get:4 http://jp.archive.ubuntu.com/ubuntu jammy-security InRelease [110 kB] Fetched 229 kB in 3s (77.8 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 35 packages can be upgraded. Run 'apt list --upgradable' to see them.
apache2パッケージのインストール
ubuntu@host1example1jp:~$ sudo apt install apache2 Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: apache2-bin apache2-data apache2-utils bzip2 file libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4 liblua5.3-0 libmagic-mgc libmagic1 mailcap mime-support ssl-cert Suggested packages: apache2-doc apache2-suexec-pristine | apache2-suexec-custom www-browser ufw bzip2-doc The following NEW packages will be installed: apache2 apache2-bin apache2-data apache2-utils bzip2 file libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libjansson4 liblua5.3-0 libmagic-mgc libmagic1 mailcap mime-support ssl-cert 0 upgraded, 17 newly installed, 0 to remove and 35 not upgraded. Need to get 2537 kB of archives. After this operation, 16.2 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libapr1 amd64 1.7.0-8ubuntu0.22.04.1 [108 kB] Get:2 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libaprutil1 amd64 1.6.1-5ubuntu4.22.04.2 [92.8 kB] Get:3 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libaprutil1-dbd-sqlite3 amd64 1.6.1-5ubuntu4.22.04.2 [11.3 kB] Get:4 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libaprutil1-ldap amd64 1.6.1-5ubuntu4.22.04.2 [9170 B] Get:5 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 libjansson4 amd64 2.13.1-1.1build3 [32.4 kB] Get:6 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 liblua5.3-0 amd64 5.3.6-1build1 [140 kB] Get:7 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 apache2-bin amd64 2.4.52-1ubuntu4.7 [1346 kB] Get:8 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 apache2-data all 2.4.52-1ubuntu4.7 [165 kB] Get:9 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 apache2-utils amd64 2.4.52-1ubuntu4.7 [88.8 kB] Get:10 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 mailcap all 3.70+nmu1ubuntu1 [23.8 kB] Get:11 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 mime-support all 3.66 [3696 B] Get:12 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 apache2 amd64 2.4.52-1ubuntu4.7 [97.8 kB] Get:13 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libmagic-mgc amd64 1:5.41-3ubuntu0.1 [257 kB] Get:14 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libmagic1 amd64 1:5.41-3ubuntu0.1 [87.2 kB] Get:15 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 file amd64 1:5.41-3ubuntu0.1 [21.5 kB] Get:16 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 bzip2 amd64 1.0.8-5build1 [34.8 kB] Get:17 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 ssl-cert all 1.1.2 [17.4 kB] Fetched 2537 kB in 3s (765 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libapr1:amd64. (Reading database ... 64011 files and directories currently installed.) Preparing to unpack .../00-libapr1_1.7.0-8ubuntu0.22.04.1_amd64.deb ... Unpacking libapr1:amd64 (1.7.0-8ubuntu0.22.04.1) ... Selecting previously unselected package libaprutil1:amd64. Preparing to unpack .../01-libaprutil1_1.6.1-5ubuntu4.22.04.2_amd64.deb ... Unpacking libaprutil1:amd64 (1.6.1-5ubuntu4.22.04.2) ... Selecting previously unselected package libaprutil1-dbd-sqlite3:amd64. Preparing to unpack .../02-libaprutil1-dbd-sqlite3_1.6.1-5ubuntu4.22.04.2_amd64.deb ... Unpacking libaprutil1-dbd-sqlite3:amd64 (1.6.1-5ubuntu4.22.04.2) ... Selecting previously unselected package libaprutil1-ldap:amd64. Preparing to unpack .../03-libaprutil1-ldap_1.6.1-5ubuntu4.22.04.2_amd64.deb ... Unpacking libaprutil1-ldap:amd64 (1.6.1-5ubuntu4.22.04.2) ... Selecting previously unselected package libjansson4:amd64. Preparing to unpack .../04-libjansson4_2.13.1-1.1build3_amd64.deb ... Unpacking libjansson4:amd64 (2.13.1-1.1build3) ... Selecting previously unselected package liblua5.3-0:amd64. Preparing to unpack .../05-liblua5.3-0_5.3.6-1build1_amd64.deb ... Unpacking liblua5.3-0:amd64 (5.3.6-1build1) ... Selecting previously unselected package apache2-bin. Preparing to unpack .../06-apache2-bin_2.4.52-1ubuntu4.7_amd64.deb ... Unpacking apache2-bin (2.4.52-1ubuntu4.7) ... Selecting previously unselected package apache2-data. Preparing to unpack .../07-apache2-data_2.4.52-1ubuntu4.7_all.deb ... Unpacking apache2-data (2.4.52-1ubuntu4.7) ... Selecting previously unselected package apache2-utils. Preparing to unpack .../08-apache2-utils_2.4.52-1ubuntu4.7_amd64.deb ... Unpacking apache2-utils (2.4.52-1ubuntu4.7) ... Selecting previously unselected package mailcap. Preparing to unpack .../09-mailcap_3.70+nmu1ubuntu1_all.deb ... Unpacking mailcap (3.70+nmu1ubuntu1) ... Selecting previously unselected package mime-support. Preparing to unpack .../10-mime-support_3.66_all.deb ... Unpacking mime-support (3.66) ... Selecting previously unselected package apache2. Preparing to unpack .../11-apache2_2.4.52-1ubuntu4.7_amd64.deb ... Unpacking apache2 (2.4.52-1ubuntu4.7) ... Selecting previously unselected package libmagic-mgc. Preparing to unpack .../12-libmagic-mgc_1%3a5.41-3ubuntu0.1_amd64.deb ... Unpacking libmagic-mgc (1:5.41-3ubuntu0.1) ... Selecting previously unselected package libmagic1:amd64. Preparing to unpack .../13-libmagic1_1%3a5.41-3ubuntu0.1_amd64.deb ... Unpacking libmagic1:amd64 (1:5.41-3ubuntu0.1) ... Selecting previously unselected package file. Preparing to unpack .../14-file_1%3a5.41-3ubuntu0.1_amd64.deb ... Unpacking file (1:5.41-3ubuntu0.1) ... Selecting previously unselected package bzip2. Preparing to unpack .../15-bzip2_1.0.8-5build1_amd64.deb ... Unpacking bzip2 (1.0.8-5build1) ... Selecting previously unselected package ssl-cert. Preparing to unpack .../16-ssl-cert_1.1.2_all.deb ... Unpacking ssl-cert (1.1.2) ... Setting up libmagic-mgc (1:5.41-3ubuntu0.1) ... Setting up libmagic1:amd64 (1:5.41-3ubuntu0.1) ... Setting up libapr1:amd64 (1.7.0-8ubuntu0.22.04.1) ... Setting up file (1:5.41-3ubuntu0.1) ... Setting up bzip2 (1.0.8-5build1) ... Setting up libjansson4:amd64 (2.13.1-1.1build3) ... Setting up ssl-cert (1.1.2) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.) debconf: falling back to frontend: Readline Setting up liblua5.3-0:amd64 (5.3.6-1build1) ... Setting up apache2-data (2.4.52-1ubuntu4.7) ... Setting up mailcap (3.70+nmu1ubuntu1) ... Setting up libaprutil1:amd64 (1.6.1-5ubuntu4.22.04.2) ... Setting up mime-support (3.66) ... Setting up libaprutil1-ldap:amd64 (1.6.1-5ubuntu4.22.04.2) ... Setting up libaprutil1-dbd-sqlite3:amd64 (1.6.1-5ubuntu4.22.04.2) ... Setting up apache2-utils (2.4.52-1ubuntu4.7) ... Setting up apache2-bin (2.4.52-1ubuntu4.7) ... Setting up apache2 (2.4.52-1ubuntu4.7) ... Enabling module mpm_event. Enabling module authz_core. Enabling module authz_host. Enabling module authn_core. Enabling module auth_basic. Enabling module access_compat. Enabling module authn_file. Enabling module authz_user. Enabling module alias. Enabling module dir. Enabling module autoindex. Enabling module env. Enabling module mime. Enabling module negotiation. Enabling module setenvif. Enabling module filter. Enabling module deflate. Enabling module status. Enabling module reqtimeout. Enabling conf charset. Enabling conf localized-error-pages. Enabling conf other-vhosts-access-log. Enabling conf security. Enabling conf serve-cgi-bin. Enabling site 000-default. Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service. Created symlink /etc/systemd/system/multi-user.target.wants/apache-htcacheclean.service → /lib/systemd/system/apache-htcacheclean.service. Processing triggers for libc-bin (2.35-0ubuntu3.5) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.) debconf: falling back to frontend: Readline Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host.
Apache2の起動
インストール後の状態で既に起動済みとなっていました。
ubuntu@host1example1jp:~$ systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: en
abled)
Active: active (running) since Tue 2024-01-02 07:24:53 UTC; 1min 35s
ago
Docs: https://httpd.apache.org/docs/2.4/
Main PID: 1585 (apache2)
Tasks: 55 (limit: 2202)
Memory: 5.1M
CPU: 107ms
CGroup: /system.slice/apache2.service
├─1585 /usr/sbin/apache2 -k start
├─1587 /usr/sbin/apache2 -k start
└─1588 /usr/sbin/apache2 -k start
Jan 02 07:24:53 host1example1jp systemd[1]: Starting The Apache HTTP Server...
Jan 02 07:24:53 host1example1jp apachectl[1584]: AH00558: apache2: Could not reliabl
y determine the server's fully qualified domain name, using 127.0.1.1. Set the 'Serv
erName' directive globally to suppress this message
Jan 02 07:24:53 host1example1jp systemd[1]: Started The Apache HTTP Server.
まず、curlコマンドでアクセスします。
ubuntu@host1example1jp:~$ curl localhost
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<!--
Modified from the Debian original for Ubuntu
Last updated: 2022-03-22
See: https://launchpad.net/bugs/1966004
-->
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache2 Ubuntu Default Page: It works</title>
<style type="text/css" media="screen">
* {
margin: 0px 0px 0px 0px;
padding: 0px 0px 0px 0px;
}
body, html {
padding: 3px 3px 3px 3px;
background-color: #D8DBE2;
font-family: Ubuntu, Verdana, sans-serif;
font-size: 11pt;
text-align: center;
}
div.main_page {
position: relative;
display: table;
width: 800px;
margin-bottom: 3px;
margin-left: auto;
margin-right: auto;
padding: 0px 0px 0px 0px;
border-width: 2px;
border-color: #212738;
border-style: solid;
background-color: #FFFFFF;
text-align: center;
}
div.page_header {
height: 180px;
width: 100%;
background-color: #F5F6F7;
}
div.page_header span {
margin: 15px 0px 0px 50px;
font-size: 180%;
font-weight: bold;
}
div.page_header img {
margin: 3px 0px 0px 40px;
border: 0px 0px 0px;
}
div.banner {
padding: 9px 6px 9px 6px;
background-color: #E9510E;
color: #FFFFFF;
font-weight: bold;
font-size: 112%;
text-align: center;
position: absolute;
left: 40%;
bottom: 30px;
width: 20%;
}
div.table_of_contents {
clear: left;
min-width: 200px;
margin: 3px 3px 3px 3px;
background-color: #FFFFFF;
text-align: left;
}
div.table_of_contents_item {
clear: left;
width: 100%;
margin: 4px 0px 0px 0px;
background-color: #FFFFFF;
color: #000000;
text-align: left;
}
div.table_of_contents_item a {
margin: 6px 0px 0px 6px;
}
div.content_section {
margin: 3px 3px 3px 3px;
background-color: #FFFFFF;
text-align: left;
}
div.content_section_text {
padding: 4px 8px 4px 8px;
color: #000000;
font-size: 100%;
}
div.content_section_text pre {
margin: 8px 0px 8px 0px;
padding: 8px 8px 8px 8px;
border-width: 1px;
border-style: dotted;
border-color: #000000;
background-color: #F5F6F7;
font-style: italic;
}
div.content_section_text p {
margin-bottom: 6px;
}
div.content_section_text ul, div.content_section_text li {
padding: 4px 8px 4px 16px;
}
div.section_header {
padding: 3px 6px 3px 6px;
background-color: #8E9CB2;
color: #FFFFFF;
font-weight: bold;
font-size: 112%;
text-align: center;
}
div.section_header_grey {
background-color: #9F9386;
}
.floating_element {
position: relative;
float: left;
}
div.table_of_contents_item a,
div.content_section_text a {
text-decoration: none;
font-weight: bold;
}
div.table_of_contents_item a:link,
div.table_of_contents_item a:visited,
div.table_of_contents_item a:active {
color: #000000;
}
div.table_of_contents_item a:hover {
background-color: #000000;
color: #FFFFFF;
}
div.content_section_text a:link,
div.content_section_text a:visited,
div.content_section_text a:active {
background-color: #DCDFE6;
color: #000000;
}
div.content_section_text a:hover {
background-color: #000000;
color: #DCDFE6;
}
div.validator {
}
</style>
</head>
<body>
<div class="main_page">
<div class="page_header floating_element">
<img src="icons/ubuntu-logo.png" alt="Ubuntu Logo"
style="width:184px;height:146px;" class="floating_element" />
<div>
<span style="margin-top: 1.5em;" class="floating_element">
Apache2 Default Page
</span>
</div>
<div class="banner">
<div id="about"></div>
It works!
</div>
</div>
<div class="content_section floating_element">
<div class="content_section_text">
<p>
This is the default welcome page used to test the correct
operation of the Apache2 server after installation on Ubuntu systems.
It is based on the equivalent page on Debian, from which the Ubuntu Apache
packaging is derived.
If you can read this page, it means that the Apache HTTP server installed at
this site is working properly. You should <b>replace this file</b> (located at
<tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
</p>
<p>
If you are a normal user of this web site and don't know what this page is
about, this probably means that the site is currently unavailable due to
maintenance.
If the problem persists, please contact the site's administrator.
</p>
</div>
<div class="section_header">
<div id="changes"></div>
Configuration Overview
</div>
<div class="content_section_text">
<p>
Ubuntu's Apache2 default configuration is different from the
upstream default configuration, and split into several files optimized for
interaction with Ubuntu tools. The configuration system is
<b>fully documented in
/usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
documentation. Documentation for the web server itself can be
found by accessing the <a href="/manual">manual</a> if the <tt>apache2-doc</tt>
package was installed on this server.
</p>
<p>
The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
</p>
<pre>
/etc/apache2/
|-- apache2.conf
| `-- ports.conf
|-- mods-enabled
| |-- *.load
| `-- *.conf
|-- conf-enabled
| `-- *.conf
|-- sites-enabled
| `-- *.conf
</pre>
<ul>
<li>
<tt>apache2.conf</tt> is the main configuration
file. It puts the pieces together by including all remaining configuration
files when starting up the web server.
</li>
<li>
<tt>ports.conf</tt> is always included from the
main configuration file. It is used to determine the listening ports for
incoming connections, and this file can be customized anytime.
</li>
<li>
Configuration files in the <tt>mods-enabled/</tt>,
<tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain
particular configuration snippets which manage modules, global configuration
fragments, or virtual host configurations, respectively.
</li>
<li>
They are activated by symlinking available
configuration files from their respective
*-available/ counterparts. These should be managed
by using our helpers
<tt>
a2enmod,
a2dismod,
</tt>
<tt>
a2ensite,
a2dissite,
</tt>
and
<tt>
a2enconf,
a2disconf
</tt>. See their respective man pages for detailed information.
</li>
<li>
The binary is called apache2 and is managed using systemd, so to
start/stop the service use <tt>systemctl start apache2</tt> and
<tt>systemctl stop apache2</tt>, and use <tt>systemctl status apache2</tt>
and <tt>journalctl -u apache2</tt> to check status. <tt>system</tt>
and <tt>apache2ctl</tt> can also be used for service management if
desired.
<b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the
default configuration.
</li>
</ul>
</div>
<div class="section_header">
<div id="docroot"></div>
Document Roots
</div>
<div class="content_section_text">
<p>
By default, Ubuntu does not allow access through the web browser to
<em>any</em> file outside of those located in <tt>/var/www</tt>,
<a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
directories (when enabled) and <tt>/usr/share</tt> (for web
applications). If your site is using a web document root
located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your
document root directory in <tt>/etc/apache2/apache2.conf</tt>.
</p>
<p>
The default Ubuntu document root is <tt>/var/www/html</tt>. You
can make your own virtual hosts under /var/www.
</p>
</div>
<div class="section_header">
<div id="bugs"></div>
Reporting Problems
</div>
<div class="content_section_text">
<p>
Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
Apache2 package with Ubuntu. However, check <a
href="https://bugs.launchpad.net/ubuntu/+source/apache2"
rel="nofollow">existing bug reports</a> before reporting a new bug.
</p>
<p>
Please report bugs specific to modules (such as PHP and others)
to their respective packages, not to the web server itself.
</p>
</div>
</div>
</div>
<div class="validator">
</div>
</body>
</html>
続いて、クライアント(別端末のブラウザ)からアクセスします。
デフォルトのテストページが表示されます。
Firewall(ufw)によるアクセス制限
ufwをインストールして、http/httpsとリモートアクセス(ssh)のみアクセス許可するようにします。
ubuntu@host1example1jp:~$ sudo apt install ufw Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: iptables libip6tc2 libnetfilter-conntrack3 libnfnetlink0 libnftnl11 Suggested packages: firewalld nftables rsyslog The following NEW packages will be installed: iptables libip6tc2 libnetfilter-conntrack3 libnfnetlink0 libnftnl11 ufw 0 upgraded, 6 newly installed, 0 to remove and 35 not upgraded. Need to get 763 kB of archives. After this operation, 4266 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libip6tc2 amd64 1.8.7-1ubuntu5.1 [20.2 kB] Get:2 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 libnfnetlink0 amd64 1.0.1-3build3 [14.6 kB] Get:3 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 libnetfilter-conntrack3 amd64 1.0.9-1 [45.3 kB] Get:4 http://jp.archive.ubuntu.com/ubuntu jammy/main amd64 libnftnl11 amd64 1.2.1-1build1 [65.5 kB] Get:5 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 iptables amd64 1.8.7-1ubuntu5.1 [455 kB] Get:6 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 ufw all 0.36.1-4ubuntu0.1 [162 kB] Fetched 763 kB in 4s (170 kB/s) debconf: delaying package configuration, since apt-utils is not installed Selecting previously unselected package libip6tc2:amd64. (Reading database ... 64819 files and directories currently installed.) Preparing to unpack .../0-libip6tc2_1.8.7-1ubuntu5.1_amd64.deb ... Unpacking libip6tc2:amd64 (1.8.7-1ubuntu5.1) ... Selecting previously unselected package libnfnetlink0:amd64. Preparing to unpack .../1-libnfnetlink0_1.0.1-3build3_amd64.deb ... Unpacking libnfnetlink0:amd64 (1.0.1-3build3) ... Selecting previously unselected package libnetfilter-conntrack3:amd64. Preparing to unpack .../2-libnetfilter-conntrack3_1.0.9-1_amd64.deb ... Unpacking libnetfilter-conntrack3:amd64 (1.0.9-1) ... Selecting previously unselected package libnftnl11:amd64. Preparing to unpack .../3-libnftnl11_1.2.1-1build1_amd64.deb ... Unpacking libnftnl11:amd64 (1.2.1-1build1) ... Selecting previously unselected package iptables. Preparing to unpack .../4-iptables_1.8.7-1ubuntu5.1_amd64.deb ... Unpacking iptables (1.8.7-1ubuntu5.1) ... Selecting previously unselected package ufw. Preparing to unpack .../5-ufw_0.36.1-4ubuntu0.1_all.deb ... Unpacking ufw (0.36.1-4ubuntu0.1) ... Setting up libip6tc2:amd64 (1.8.7-1ubuntu5.1) ... Setting up libnftnl11:amd64 (1.2.1-1build1) ... Setting up libnfnetlink0:amd64 (1.0.1-3build3) ... Setting up libnetfilter-conntrack3:amd64 (1.0.9-1) ... Setting up iptables (1.8.7-1ubuntu5.1) ... update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode Setting up ufw (0.36.1-4ubuntu0.1) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.) debconf: falling back to frontend: Readline Creating config file /etc/ufw/before.rules with new version Creating config file /etc/ufw/before6.rules with new version Creating config file /etc/ufw/after.rules with new version Creating config file /etc/ufw/after6.rules with new version Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service → /lib/systemd/system/ufw.service. Processing triggers for libc-bin (2.35-0ubuntu3.5) ... debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 78.) debconf: falling back to frontend: Readline Scanning processes... Scanning linux images... Running kernel seems to be up-to-date. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. No VM guests are running outdated hypervisor (qemu) binaries on this host.
ufwのステータス確認。
inactive(disable、無効)となっています。
ubuntu@host1example1jp:~$ sudo ufw status Status: inactive
ufwを有効にしてみます。
ubuntu@host1example1jp:~$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? n Aborted
「ssh接続が切れるかもしれんけどいいか?」というので、
先にssh・http・httpsのポートを開放します。
ubuntu@host1example1jp:~$ sudo ufw allow proto tcp port 22 ERROR: Need 'to' or 'from' clause ubuntu@host1example1jp:~$ sudo ufw allow proto tcp to 0.0.0.0/0 port 22 Rules updated ubuntu@host1example1jp:~$ sudo ufw allow proto tcp to 0.0.0.0/0 port 80 Rules updated ubuntu@host1example1jp:~$ sudo ufw allow proto tcp to 0.0.0.0/0 port 443 Rules updated
改めて、ufwを有効化。
ubuntu@host1example1jp:~$ sudo ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup ubuntu@host1example1jp:~$ sudo ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere
ufwとapache2の自動起動設定の確認。
両プログラムともに、自動起動Onになってますね。
ubuntu@host1example1jp:~$ systemctl is-enabled ufw enabled ubuntu@host1example1jp:~$ systemctl is-enabled apache2 enabled
Webページ(コンテンツ)の変更
デフォルトページから変更してみます。
ubuntu@host1example1jp:~$ echo "Hello, ubuntu!" > index.html ubuntu@host1example1jp:~$ cat index.html Hello, ubuntu! ubuntu@host1example1jp:~$ sudo mv index.html /var/www/html/ ubuntu@host1example1jp:~$ cat /var/www/html/index.html Hello, ubuntu!
変更OK!
