Diary

Repeat endlessly

# Fix config
vi /etc/postfix/main.cf


# Restart process
systemctl restart postfix

# Send test mail to root
echo testtaro | mail root

# Send test mail to external address
echo "Test mail" | mail -s "test mail from hoge.jp server." <recipient email address>

# Analyze logs
systemctl status postfix -l

Amazon Linux 2 AMI 2.0.20181008 x86_64 HVM gp2
Apache 2.4.39
PHP 7.3.6

If you only need to send mail, this configuration should be enough. Since we’re not considering relay or mail reception, you don’t need to open ports 25 or 587 in AWS Security Group [In].

If you aim to send or receive large volumes of email from within AWS VPC, you’ll need to go through AWS’s email sending limit removal request, which takes considerable effort. With current restrictions, you won’t hit limits at 200 emails per 24 hours or 1 per second, so this should be fine for administrative mail purposes.

Check mta

# Command to check installed mta
alternatives --display mta

mta - status is automatic.
Link currently points to /usr/sbin/sendmail.postfix.

sendmail.postfix should be installed, but if not, install it via yum or similar.

PHP.ini

; Change port to 587
smtp_port=587

; mta path & command settings
sendmail_path = /usr/sbin/sendmail.postfix -t -i

; Default character encoding
default_charset = UTF-8

; mbstring defaults
mbstring.language = Japanese
; Do not auto-convert HTTP input character encoding to internal character encoding

mbstring.encoding_translation = Off

; Character code detection priority order
mbstring.detect_order = UTF-8,SJIS,EUC-JP,JIS,ASCII

; Set timezone to Japan Standard Time
date.timezone = Asia/Tokyo

; Security improvement - hide PHP version info
expose_php = Off

AWS
ELB
EC2
Apache 2.4.39

When using a load balancer, web server logs like Apache only show the ELB’s IP address, not the actual client IP.

With AWS ELB, the real client IP is in the “X-Forwarded-For” header, so you need to configure your web server to log this header.

Apache conf addition sample

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common

Read more

AWS
ELB (Load Balancer)
SSL
Apache 2.4.39
Wordpress 5.1

■Communication Environment
Client PC
↓
(port:443)
↓
ELB[SSL Certificate Settings][ELB Rule: Redirect External Port 80 Access to 443]
↓
(port:80)
↓
EC2(Port 80 Only Inside EC2)

■Problem
・Browser accesses main https(443)
・Since EC2 is configured as port 80 environment, WordPress generates HTML with css and header URLs as http(80)
・Browser sees http(80) in header URL different from main URL and stops loading as security error
・HTML doesn’t display correctly in browser

■.htaccess rewrite only pattern

# BEGIN K.Miyakoshi

# Change access from AWS ELB to HTTPS
SetEnvIf X-Forwarded-Proto ^https$ HTTPS=on

# Redirect http access to https
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

# END K.Miyakoshi

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

■Full configuration pattern with vhost.conf in “conf.d” etc

#============================================
# ELB Common Logging Support K.Miyakoshi
#============================================
# AWS ELB Support - Added [%{X-Forwarded-For}i] to get client IP
LogFormat "%{X-Forwarded-For}i:%{X-Forwarded-Port}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" elb-accesslog
ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %{X-Forwarded-For}i:%{X-Forwarded-Port}i %a] %M% ,\ referer\ %{Referer}i"

# AWS ELB Support - Exclude health check access from normal logs
SetEnvIf User-Agent "ELB-HealthChecker.*" nolog
# AWS ELB Support - Output health check access to separate log file
SetEnvIf User-Agent "ELB-HealthChecker.*" elb-log
# Exclude img, js etc from logs
SetEnvIf Request_URI "\.(gif|jpg|png|ico|jpeg|js|css)$" nolog

# Normal log settings
CustomLog logs/access_log elb-accesslog env=!nolog
ErrorLog logs/error_log

#============================================
# ELB WordPress Solution - https(443)→http(80) Redirect Problem
#============================================
# Enable HTTPS when AWS ELB is receiving https
SetEnvIf X-Forwarded-Proto ^https$ HTTPS=on

# Redirect http access to https
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
	RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</IfModule>

#============================================
# default
# Used for ELB health check (Alias also works)
#============================================
<VirtualHost _default_:80>
	ServerName _default_:80
	ServerAdmin admin@hoge.com

	DocumentRoot "/opt/lampp/htdocs"
	<Directory "/opt/lampp/htdocs">
		AllowOverride All
		Options FollowSymLinks
		Require all granted

		Options +IncludesNoExec
		AddOutputFilter INCLUDES html
	</Directory>

	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
	ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/htdocs/error_%Y%m%d.log 86400 540"

</VirtualHost>

#============================================
# taro.hoge.com
#============================================
<VirtualHost *:80>
	ServerName taro.hoge.com
	ServerAdmin admin@hoge.com

	DocumentRoot "/opt/lampp/taro"
	<Directory "/opt/lampp/taro">
		AllowOverride All
		Options FollowSymLinks
		Require all granted
	</Directory>

	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
	# Logs output if [taro.hoge.com] DNS is configured in AWS ELB
	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
	ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/taro/error_%Y%m%d.log 86400 540"

</VirtualHost>

#============================================
# jiro.hoge.com
#============================================
<VirtualHost *:80>
	ServerName jiro.hoge.com
	ServerAdmin admin@hoge.com

	DocumentRoot "/opt/lampp/jiro"
	<Directory "/opt/lampp/jiro">
		AllowOverride All
		Options FollowSymLinks
		Require all granted
	</Directory>

	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/access_%Y%m%d.log 86400 540" elb-accesslog env=!nolog
	# Logs output if [jiro.hoge.com] DNS is configured in AWS ELB
	CustomLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/elb_%Y%m%d.log 86400 540" elb-accesslog env=elb-log
	ErrorLog "| /opt/lampp/bin/rotatelogs /opt/lampp/logs/jiro/error_%Y%m%d.log 86400 540"

</VirtualHost>

#============================================

Read more

chmod command

Become admin if needed

sudo su -

Syntax: the “-R” option is the recursive processing command

chmod -R 755 ディレクトリ

Sample

chmod -R 755 /home/hoge-u/tmp