LaravelでWEB開発 - 2.VueとjQueryの共存

<script>タグ内で jqueryを importし、 mounted() メソッドに処理を書けばOK。

Vueのンストール

Vueインストール
$ npm install vue
npm notice created a lockfile as package-lock.json. You should commit this file.
+ vue@2.6.11
added 1 package from 1 contributor and audited 1 package in 0.598s
found 0 vulnerabilities

jQueryのインポートと利用

.vueファイル修正
$ vi resources/js/components/Sample.vue
<table>の <thead>を固定させるスクリプトを jQueryで実装。
<template>
<div>
<p v-if="errored">{{ error }}</p>
<p v-if="loading">Loading...</p>
・
・
</div>
</template>
<script>
import $ from "jquery";
export default{
  data() {
    return {
      loading: true,
      errored: false,
      error: false,
  },
  mounted() {
    $(function () {
      var _window = $(window);
      $('.area1').css('color','red');
      var bottom;
        _window.on('scroll',function(){
          bottom = $('.vgt-global-search').height() + 50 + $('header').height();
          if(_window.scrollTop() > bottom){
            $('thead').css('position','fixed').css('top','0');
          }
          else{
            $('thead').css('position','static');
          }
        });
      _window.trigger('scroll');
    });
  }
};
</script>

CentOS8でサーバー構築 - 10.ApacheのDoS攻撃対策(mod_evasive)

mod_evasiveのインストール

2020/07/15現在、オフィシャルの CentOS8用のリポジトリに rpmは存在しないので、
同じカーネルの Fedora29のアーカイブページの rpmからネットワーク経由でインストールする。
Linuxカーネルを確認
# rpm -q kernel
kernel-4.18.0-147.3.1.el8_1.x86_64
kernel-4.18.0-147.8.1.el8_1.x86_64
kernel-4.18.0-193.6.3.el8_2.x86_64
  4.18なので、Fedora29(kernel4.18)のrpmでインストールする。
インストール
# rpm -ivh https://archives.fedoraproject.org/pub/archive/fedora/linux/updates/29/Everything/x86_64/Packages/m/mod_evasive-1.10.1-31.fc29.x86_64.rpm
インストール確認
# httpd -M | grep evasive
 evasive20_module (shared)

mod_evasiveの設定

mod_evasive.conf設定
# vi /etc/httpd/conf.d/mod_evasive.conf
# mod_evasive configuration
LoadModule evasive20_module modules/mod_evasive24.so

<IfModule mod_evasive24.c>
    # The hash table size defines the number of top-level nodes for each
    # child's hash table.  Increasing this number will provide faster
    # performance by decreasing the number of iterations required to get to the
    # record, but consume more memory for table space.  You should increase
    # this if you have a busy web server.  The value you specify will
    # automatically be tiered up to the next prime number in the primes list
    # (see mod_evasive.c for a list of primes used).
     DOSHashTableSize    3097

    # This is the threshhold for the number of requests for the same page (or
    # URI) per page interval.  Once the threshhold for that interval has been
    # exceeded, the IP address of the client will be added to the blocking
    # list.
     DOSPageCount        10

    # This is the threshhold for the total number of requests for any object by
    # the same client on the same listener per site interval.  Once the
    # threshhold for that interval has been exceeded, the IP address of the
    # client will be added to the blocking list.
     DOSSiteCount        5

    # The interval for the page count threshhold; defaults to 1 second
    # intervals.
     DOSPageInterval     2

    # The interval for the site count threshhold; defaults to 1 second
    # intervals.
     DOSSiteInterval     1

    # The blocking period is the amount of time (in seconds) that a client will
    # be blocked for if they are added to the blocking list.  During this time,
    # all subsequent requests from the client will result in a 403 (Forbidden)
    # and the timer being reset (e.g. another 10 seconds).  Since the timer is
    # reset for every subsequent request, it is not necessary to have a long
    # blocking period; in the event of a DoS attack, this timer will keep
    # getting reset.
     DOSBlockingPeriod   60

    # If this value is set, an email will be sent to the address specified
    # whenever an IP address becomes blacklisted.  A locking mechanism using
    # /tmp prevents continuous emails from being sent.
    #
    # NOTE: Requires /bin/mail (provided by mailx)
     DOSEmailNotify      "-s '[mod_evasive] Alert' メールアドレス"

    # If this value is set, the system command specified will be executed
    # whenever an IP address becomes blacklisted.  This is designed to enable
    # system calls to ip filter or other tools.  A locking mechanism using /tmp
    # prevents continuous system calls.  Use %s to denote the IP address of the
    # blacklisted IP.
    #DOSSystemCommand    "su - someuser -c '/sbin/... %s ...'"

    # Choose an alternative temp directory By default "/tmp" will be used for
    # locking mechanism, which opens some security issues if your system is
    # open to shell users.
    #
    #
    #   http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
    #
    # In the event you have nonprivileged shell users, you'll want to create a
    # directory writable only to the user Apache is running as (usually root),
    # then set this in your httpd.conf.
    DOSLogDir           "/var/lock/mod_evasive"

    # You can use whitelists to disable the module for certain ranges of
    # IPs. Wildcards can be used on up to the last 3 octets if necessary.
    # Multiple DOSWhitelist commands may be used in the configuration.
    #DOSWhitelist   127.0.0.1
    #DOSWhitelist   192.168.0.*
</IfModule>
同じページに DOSPageInterval 秒に DOSPageCount 回のアクセスがあったらブラックリストへ。
同じサイトに DOSSiteInterval 秒に DOSSiteCount 回のアクセスがあったらブラックリストへ。
ブラックリストに登録された IPからは DOSBlockingPeriod 秒間 403を返す。
ロックファイル格納ディレクトリ作成
# mkdir /var/lock/mod_evasive
# chmod 777 /var/lock/mod_evasive
Apache再起動
# httpd -t
Syntax OK
# systemctl restart httpd

テストプログラムの実行

そのままでは BadRequest 400 が返ってくるので、test.plを修正。
私はPHPよりPerl歴の方が長いです・
test.pl修正
# vi /usr/share/doc/mod_evasive/test.pl
  print $SOCKET "GET /?$_ HTTP/1.0\r\n\r\n";
テスト実行
# perl /usr/share/doc/mod_evasive/test.pl
?
?
  Apacheの設定や環境によってはうまくいかないかもしれません。
  そんな時はブラウザでF5連打で試しましょう。
  成功すると、設定したアドレス宛に
To: -s '[mod_evasive] Alert' メールアドレス
Subject: HTTP BLACKLIST xxx.xxx.xxx.xxx

mod_evasive HTTP Blacklisted xxx.xxx.xxx.xxx

  とメールが届きます。

CentOS8でサーバー構築 - 9.mailmanのインストールと設定(Postfix)

メールホストkowloonet.net
URLホストadmin.kowloonet.net
URLhttps://admin.kowloonet.net/mailman/admin/
で設定します。

mailmanのインストール

mailmanインストール
# dnf -y install mailman

mailmanの設定

mm_cfg.pyの編集
# vi /etc/mailman/mm_cfg.py
DEFAULT_URL_HOST   = 'kowloonet.net'
DEFAULT_EMAIL_HOST = 'kowloonet.net'
Defaults.pyの編集
# vi /usr/lib/mailman/Mailman/Defaults.py
# Mailman needs to know about (at least) two fully-qualified domain names
# (fqdn); 1) the hostname used in your urls, and 2) the hostname used in email
# addresses for your domain.  For example, if people visit your Mailman system
# with "http://www.dom.ain/mailman" then your url fqdn is "www.dom.ain", and
# if people send mail to your system via "yourlist@dom.ain" then your email
# fqdn is "dom.ain".  DEFAULT_URL_HOST controls the former, and
# DEFAULT_EMAIL_HOST controls the latter.  Mailman also needs to know how to
# map from one to the other (this is especially important if you're running
# with virtual domains).  You use "add_virtualhost(urlfqdn, emailfqdn)" to add
# new mappings.
#
# If you don't need to change DEFAULT_EMAIL_HOST and DEFAULT_URL_HOST in your
# mm_cfg.py, then you're done; the default mapping is added automatically.  If
# however you change either variable in your mm_cfg.py, then be sure to also
# include the following:
#
#     add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
#
# because otherwise the default mappings won't be correct.
DEFAULT_EMAIL_HOST = 'kowloonet.net'
DEFAULT_URL_HOST = 'admin.kowloonet.net'
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
# MTA -- but then also see POSTFIX_STYLE_VIRTUAL_DOMAINS.
MTA = 'Postfix'
・
・
# The default language for this server.  Whenever we can't figure out the list
# context or user context, we'll fall back to using this language.  See
# LC_DESCRIPTIONS below for legal values.
DEFAULT_SERVER_LANGUAGE = 'ja'
・
・
# Set this variable to Yes to allow list owners to delete their own mailing
# lists.  You may not want to give them this power, in which case, setting
# this variable to No instead requires list removal to be done by the site
# administrator, via the command line script bin/rmlist.
OWNERS_CAN_DELETE_THEIR_OWN_LISTS = Yes
・
・
# These format strings will be expanded w.r.t. the dictionary for the
# mailing list instance.
DEFAULT_SUBJECT_PREFIX  = "[%(real_name)s: %%d] "

# What should happen to non-member posts which are do not match explicit
# non-member actions?
# 0 = Accept
# 1 = Hold
# 2 = Reject
# 3 = Discard
DEFAULT_GENERIC_NONMEMBER_ACTION = 0
・
・
# Mailman can be configured to "munge" Reply-To: headers for any passing
# messages.  One the one hand, there are a lot of good reasons not to munge
# Reply-To: but on the other, people really seem to want this feature.  See
# the help for reply_goes_to_list in the web UI for links discussing the
# issue.
# 0 - Reply-To: not munged
# 1 - Reply-To: set back to the list
# 2 - Reply-To: set to an explicit value (reply_to_address)
DEFAULT_REPLY_GOES_TO_LIST = 0
・
・
# SUBSCRIBE POLICY
# 0 - open list (only when ALLOW_OPEN_SUBSCRIBE is set to 1) **
# 1 - confirmation required for subscribes
# 2 - admin approval required for subscribes
# 3 - both confirmation and admin approval required
#
# ** please do not choose option 0 if you are not allowing open
# subscribes (next variable)
DEFAULT_SUBSCRIBE_POLICY = 2
・
・
 Are archives on or off by default?
DEFAULT_ARCHIVE = Off
・
・
# Will list be available in digested form?
DEFAULT_DIGESTABLE = No
エイリアス作成
# /usr/lib/mailman/bin/genaliases
管理者パスワード作成
# /usr/lib/mailman/bin/mmsitepass
管理用メーリングリスト作成
# /usr/lib/mailman/bin/newlist mailman
Enter the email of the person running the list: example@example.com
Initial mailman password:
Hit enter to notify mailman owner...
パーミッション修正
# /usr/lib/mailman/bin/check_perms -f
/etc/mailman/aliases bad group (has: root, expected mailman) (fixing)
/etc/mailman/adm.pw bad group (has: root, expected mailman) (fixing)
/usr/lib/mailman/Mailman/Defaults.pyc bad group (has: root, expected mailman) (fixing)
/usr/lib/mailman/Mailman/mm_cfg.pyc bad group (has: root, expected mailman) (fixing)
/var/log/mailman/error bad group (has: root, expected mailman) (fixing)
Problems found: 5
Re-run as mailman (or root) with -f flag to fix
# chown apache /etc/mailman/aliases
# chmod 664 /etc/mailman/aliases*
# chmod 2775 /etc/mailman
パーミッション修正確認
# /usr/lib/mailman/bin/check_perms
No problems found
mailman起動と自動起動設定
# systemctl enable --now mailman
# /usr/lib/mailman/bin/newlist mailman
Enter the email of the person running the list: example@example.com
Initial mailman password:
postalias: fatal: open /etc/mailman/aliases.db: Permission denied
Traceback (most recent call last):
  File "/usr/lib/mailman/bin/newlist", line 274, in 
    main()
  File "/usr/lib/mailman/bin/newlist", line 240, in main
    sys.modules[modname].create(mlist)
  File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 342, in create
    _update_maps()
  File "/usr/lib/mailman/Mailman/MTA/Postfix.py", line 78, in _update_maps
    raise RuntimeError, msg % (acmd, status, errstr)
RuntimeError: command failed: /usr/sbin/postalias /etc/mailman/aliases (status: 1, Operation not permitted)
などとエラーが出た場合は。
# /usr/lib/mailman/bin/check_perms -f
を実行してパーミッションを修正する。
管理者パスワードの変更
/usr/lib/mailman/bin/mmsitepass
メーリングリストの削除
# /usr/lib/mailman/bin/rmlist メーリングリスト名

Postfixの設定

mailman起動とサービス追加
# vi /etc/postfix/main.cf
#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
alias_maps = hash:/etc/aliases, hash:/etc/mailman/aliases
・
・
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
alias_database = hash:/etc/aliases, hash:/etc/mailman/aliases
postfix再起動
 # systemctl restart postfix

Apacheの設定

mailman.confや他の .confを状況に応じて修正後Apache再起動
mailman.conf
# cd /etc/httpd/conf.d/
# cp mailman.conf mailman.conf.org
# vi mailman.conf
Apache再起動
# httpd -t
Syntax OK
# systemctl restart httpd

ブラウザでアクセス

https://ホスト名/mailman/admin/
にアクセス。