{"id":50599,"date":"2023-07-06T15:36:26","date_gmt":"2023-09-02T00:58:13","guid":{"rendered":"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/"},"modified":"2024-04-30T12:17:47","modified_gmt":"2024-04-30T04:17:47","slug":"%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/","title":{"rendered":"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP"},"content":{"rendered":"<p>\u56e0\u4e3a\u6211\u5e2e\u5fd9\u4e86\uff0c\u6240\u4ee5\u5148\u5199\u4e2a\u5907\u5fd8\u5f55\u3002\u4e0d\u5199\u4e0b\u6765\u5c31\u4f1a\u5fd8\u8bb0\u3002<\/p>\n<p>\u6839\u636e\u60c5\u51b5\u4e0d\u540c\uff0c\u901a\u8fc7\u5728WEB\u63a7\u5236\u53f0\u754c\u9762\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5c31\u4f1a\u51fa\u73b0CLI\u548cRest\u7684\u94fe\u63a5\uff0c\u8fd9\u6837\u53ef\u4ee5\u65b9\u4fbf\u5730\u4fdd\u7559\u8bc1\u636e\u5e76\u786e\u4fdd\u53ef\u518d\u73b0\u6027\uff0c\u6211\u89c9\u5f97\u8fd9\u5f88\u65b9\u4fbf\u548c\u53cb\u597d\u3002<br \/>\n\u53e6\u5916\uff0c\u624b\u518c\u5199\u5f97\u5f88\u8be6\u7ec6\uff0c\u770b\u8d77\u6765\u503c\u5f97\u4ed4\u7ec6\u9605\u8bfb\u3002<\/p>\n<h4>\u00b7 \u4e91\u57df\u540d\u89e3\u6790\u670d\u52a1<\/h4>\n<p>\u9996\u5148\uff0c\u901a\u8fc7 CloudDNS \u8d2d\u4e70\u57df\u540d\uff08\u7531\u4e8e\u8fd9\u4e2a\u8fc7\u7a0b\u9700\u8981\u624b\u52a8\u64cd\u4f5c\uff0c\u5c31\u4e0d\u8be6\u7ec6\u4ecb\u7ecd\u4e86\uff09\u3002\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\uff1a<br \/>\nhttps:\/\/qiita.com\/NagaokaKenichi\/items\/95052742d40392f3215e<br \/>\n<iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"Google Cloud Storage \u3067\u72ec\u81ea\u30c9\u30e1\u30a4\u30f3\u3067\u9759\u7684\u30b5\u30a4\u30c8\u30db\u30b9\u30c6\u30a3\u30f3\u30b0 - \u7d9a \u30ab\u30c3\u30b3\u306e\u4ed8\u3051\u65b9\" src=\"https:\/\/hatenablog-parts.com\/embed?url=http%3A%2F%2Figa-ninja.hatenablog.com%2Fentry%2F2015%2F01%2F24%2F171524#?secret=xUjjpFb6Wl\" data-secret=\"xUjjpFb6Wl\" scrolling=\"no\" frameborder=\"0\"><\/iframe><\/p>\n<h4>\u00b7 \u7f51\u7edc\uff1a\u4f8b\u5982VPC<\/h4>\n<p>\u53ea\u8981\u9ed8\u8ba4\u89c4\u5219\u8db3\u591f\u6ee1\u8db3\u73b0\u6709\u7684\u9632\u706b\u5899\u89c4\u5219\uff0c\u5176\u5b9e\u4e5f\u4e0d\u9700\u8981\u505a\u592a\u591a\u4e8b\u60c5\uff0c\u6bd5\u7adf\u9ed8\u8ba4\u8bbe\u7f6e\u5df2\u7ecf\u8db3\u591f\u597d\u4e86\u3002<br \/>\n\uff08\u542c\u8bf4AWS\u7b49\u7684\u9ed8\u8ba4\u7f51\u7edc\u8bbe\u7f6e\u4e0d\u592a\u5feb\uff0c\u4f46\u6211\u81ea\u5df1\u5e76\u6ca1\u6709\u6d4b\u8bd5\u8fc7\u3002\u3002\u3002\uff09<\/p>\n<pre class=\"post-pre\"><code>gcloud compute --project=$mypj networks create ${myvpc1} --description=${mypj}-${myvpc1} --mode=custom\r\n\r\ngcloud compute --project=$mypj networks subnets create ${mypj}-subnet1 --network=${myvpc1} --region=${myregion} --range=10.0.0.0\/22 --enable-private-ip-google-access\r\n<\/code><\/pre>\n<h4>\u9632\u706b\u5899<\/h4>\n<p>\u7f51\u7edc\u5b89\u5168\u7ec4\uff08\u5373AWS\u4e2d\u7684ACL\uff09\u548cVPC\u83dc\u5355\u4e2d\u7684\u9632\u706b\u5899\uff08\u5373AWS\u4e2d\u7684\u5b89\u5168\u7ec4\uff09\u662f\u5b58\u5728\u7684\uff0c\u5bf9\u4e8e\u9632\u706b\u5899\u6765\u8bf4\uff0c\u5b83\u662f\u9488\u5bf9\u6bcf\u4e2a\u5b9e\u4f8b\u8fdb\u884c\u914d\u7f6e\u7684\uff0c\u4e0d\u80fd\u8bbe\u7f6e\u5728HTTP\u8d1f\u8f7d\u5747\u8861\u5668\u4e0a\uff0c\u800cHTTP\u8d1f\u8f7d\u5747\u8861\u5668\u53ef\u4ee5\u5728\u540e\u7aef\u670d\u52a1\u4e0a\u8bbe\u7f6e\u7f51\u7edc\u5b89\u5168\u7ec4\uff0c\u4f46\u7f51\u7edc\u5b89\u5168\u7ec4\u53ea\u80fd\u5904\u7406IP\uff0c\u65e0\u6cd5\u5904\u7406TCP\u7b49\uff0c\u8fd9\u662f\u5176\u7279\u70b9\u3002\uff08AWS\u4e2dELB\u4e5f\u53ef\u4ee5\u8fdb\u884c\u5b89\u5168\u7ec4\u914d\u7f6e\uff0c\u5b9e\u9645\u4e0a\u53ef\u4ee5\u4e3a\u6240\u6b32\u4e3a\uff0c\u4f46\u9009\u62e9\u5b50\u7f51\u6307\u5b9a\u66f4\u5feb\u901f\uff0c\u4e00\u6761\u89c4\u5219\u53ea\u5206\u914d\u7ed9\u4e00\u4e2a\u5bf9\u8c61\u66f4\u597d\uff0c\u9700\u8981\u6ce8\u610f\u907f\u514d\u590d\u6742\u5316\u3002\u53e6\u5916\uff0c\u53ef\u80fd\u9700\u8981\u5728nginx\u65b9\u9762\u8fdb\u884c\u9650\u5236\uff0c\u56e0\u4e3a\u65e0\u6cd5\u50cfBigIP\u90a3\u6837\u6ce8\u518c\u5927\u91cf\u7684\u6e90IP\u3002\uff09<\/p>\n<p>\u53e6\u5916\uff0c\u5982\u679c\u60f3\u8981\u6279\u91cf\u5904\u7406\uff0c\u53ef\u4ee5\u5728\u5b9e\u4f8b\uff08\u5bbf\u4e3b\u7aef\uff09\u548c\u89c4\u5219\u4e2d\u8bbe\u7f6eNW\u6807\u7b7e\uff0c\u4ee5\u4fbf\u4e0e\u5339\u914d\u9879\u53d7\u5230\u9650\u5236\u3002\u5982\u679c\u662f\u901a\u7528\u89c4\u5219\uff0c\u8fd8\u53ef\u4ee5\u9002\u7528\u4e8e\u6574\u4e2a\u9879\u76ee\u3002<\/p>\n<p>\u9ed8\u8ba4\u7684SSH\u89c4\u5219\u662f\u5f00\u653e\u7684\uff0c\u6240\u4ee5\u6700\u597d\u8fdb\u884c\u9650\u5236\u3002<br \/>\n\u9ed8\u8ba4\u89c4\u5219\u9002\u7528\u4e8e\u9ed8\u8ba4\u7684VPC\u548c\u5b50\u7f51\uff0c\u6240\u4ee5\u5982\u679c\u521b\u5efa\u4e86\u5b83\u4eec\uff0c\u5219\u9700\u8981\u4e3a\u9879\u76ee\u65b0\u5efa\u89c4\u5219\u3002<\/p>\n<pre class=\"post-pre\"><code>gcloud compute --project=$mypj firewall-rules create ${allow-company} --description=${allow-from-company-ssh-web} --direction=INGRESS --priority=1000 --network=${myvpc1} --action=ALLOW --rules=icmp,tcp:80,tcp:443,tcp:22 --source-ranges=${source-ip-range1},${source-ip-range2} --target-tags=web\r\n<\/code><\/pre>\n<p>\u5982\u679c\u5728\u8fdb\u884c\u51c6\u5907\u671f\u95f4\u7b49\u60c5\u51b5\u4e0b\u4e0d\u5168\u529b\u524d\u8fdb\uff0c\u672a\u7ecf\u8fc7\u8d1f\u8f7d\u5747\u8861\u5668\u7684\u5065\u5eb7\u68c0\u67e5\uff0c\u5c06\u65e0\u6cd5\u8fde\u63a5\u5230\u540e\u7aef\u670d\u52a1\u5668\u5e76\u4f7f\u540e\u7aef\u670d\u52a1\u4fdd\u6301\u65e0\u6548\u72b6\u6001\uff0c\u56e0\u6b64\u8bf7\u6ce8\u610f\u3002<br \/>\nhttps:\/\/cloud.google.com\/compute\/docs\/load-balancing\/health-checks?hl=ja<\/p>\n<h4>\u8ba1\u7b97\u5f15\u64ce<\/h4>\n<p>\u53c2\u8003\uff1ahttps:\/\/qiita.com\/kazunori279\/items\/c35cbc24c5b93df3ee6b<\/p>\n<p>\u8bf7\u53c2\u8003\u8fd9\u4e2a\u94fe\u63a5\uff1ahttps:\/\/qiita.com\/kazunori279\/items\/c35cbc24c5b93df3ee6b<\/p>\n<p>\u4ee5\u4e0b\u662f\u5bf9&#8221;ssh\u9375\u8a8d\u8a3c\u307e\u308f\u308a&#8221;\u7684\u4e2d\u6587\u672c\u5730\u5316\u8868\u8fbe\u65b9\u5f0f\uff1a<\/p>\n<p>SSH\u5bc6\u94a5\u8ba4\u8bc1\u76f8\u5173<br \/>\nhttps:\/\/qiita.com\/NewGyu\/items\/3a65e837519297951e79<br \/>\nhttps:\/\/cloud.google.com\/compute\/docs\/ssh-in-browser?hl=ja<br \/>\nhttps:\/\/cloud.google.com\/compute\/docs\/instances\/connecting-to-instance#generatesshkeypair<\/p>\n<p>\u5c31\u50cf\u6240\u8c13\u7684\u5b9e\u4f8b\u670d\u52a1\u5668IaaS\u90a3\u6837\u3002\u5f53\u60f3\u8981\u4f7f\u7528GCP\u7684\u5b9e\u4f8b\u542f\u52a8\u901f\u5ea6\u5f88\u5feb\u65f6\uff0c\u53ef\u4ee5\u4f7f\u7528\u5b83\u3002<br \/>\n\u5982\u679c\u5c06\u5bc6\u94a5\u6ce8\u518c\u5230\u5143\u6570\u636e\u4e2d\uff0c\u53ef\u4ee5\u5c06\u5176\u4f5c\u4e3a\u5bc6\u94a5\u8ba4\u8bc1\u7528\u4e8e\u8d26\u6237\u3002<br \/>\n\u53ef\u4ee5\u4ece\u5404\u79cd\u5b98\u65b9\u955c\u50cf\u6b63\u5e38\u542f\u52a8\u3002<br \/>\n\u901a\u8fc7CloudShell\uff08\u5728\u53f3\u4e0a\u89d2\u70b9\u51fb[&gt;_]\u7b26\u53f7\uff0c\u4f1a\u51fa\u73b0\u53ef\u4f7f\u7528gcloud\u547d\u4ee4\u7684CUI\u63a7\u5236\u53f0\uff09\u8fdb\u884c\u8fde\u63a5\u548c\u8bbe\u7f6e\u3002<br \/>\n\u4f46\u662f\u5728CloudShell\u4e2d\u521b\u5efa\u7684\u5bc6\u94a5\u53ef\u80fd\u65e0\u6cd5\u6210\u529f\u590d\u5236\u7c98\u8d34\uff0c\u56e0\u6b64\u4f3c\u4e4e\u6700\u597d\u901a\u8fc7\u5176\u4ed6\u65b9\u6cd5\u8fdb\u884c\u4f20\u8f93\u3002<\/p>\n<pre class=\"post-pre\"><code>$ gcloud beta compute --project \"$mypj\" instances create \"$mynode1\" \\\r\n--zone \"${myregion}-a\" --machine-type \"n1-standard-1\" --subnet \"$mysubnet1\" \\\r\n--maintenance-policy \"MIGRATE\" \\\r\n--service-account \"$myaccount\" \\\r\n--scopes \"https:\/\/www.googleapis.com\/auth\/datastore\" \\\r\n--min-cpu-platform \"Automatic\" --tags \"web\" --image \"centos-7-v20180314\" --image-project \"centos-cloud\" \\\r\n--boot-disk-size \"20\" --boot-disk-type \"pd-standard\" --boot-disk-device-name \"$mydisc1\"\r\n<\/code><\/pre>\n<p>\u9700\u8981\u6ce8\u610f\u9632\u706b\u5899\u89c4\u5219\u7684\u9650\u5236\u624d\u80fd\u767b\u5f55\u5230\u5df2\u7ecf\u542f\u52a8\u7684\u5b9e\u4f8b\u3002\uff08\u7531\u4e8e\u4e0d\u662f\u9ed8\u8ba4\u7f51\u7edc\uff0c\u6240\u4ee5SSH\u7aef\u53e3\u4e0d\u662f\u5b8c\u5168\u5f00\u653e\u7684\uff09<br \/>\n\u901a\u8fc7\u4ee5\u4e0b\u547d\u4ee4\u4eceCloudShell\u8fde\u63a5\uff0c\u5e76\u4e14\u5141\u8bb8tcp:22\u4f20\u5165\u672c\u5730\u7684\u5168\u5c40IP\u503c\uff0c\u53ef\u4ee5\u901a\u8fc7wget -q -O &#8211; http:\/\/taruo.net\/ip\/?raw\u6765\u83b7\u53d6\u3002<\/p>\n<pre class=\"post-pre\"><code>$ gcloud compute --project \"$mypj\" ssh --zone \"${myregion}-a\" \"$mynode1\"\r\n<\/code><\/pre>\n<p>\u6267\u884c\u6b64\u64cd\u4f5c\u540e\uff0c\u4f1a\u81ea\u52a8\u5728\u5b9e\u4f8b\u4e0a\u4f7f\u7528Gmail\u5728GCP\u4e0a\u6ce8\u518c\u5e76\u767b\u5f55\u5230\u63a7\u5236\u53f0\u7684\u540c\u540d\u64cd\u4f5c\u7cfb\u7edf\u5e10\u6237\uff0c\u8be5\u5e10\u6237\u5177\u6709sudo\u6743\u9650\uff0c\u5e76\u4e14\u8fd8\u4f1a\u521b\u5efa\u5bc6\u94a5\u5e76\u8fdb\u884c\u5bc6\u94a5\u6ce8\u518c\u3002<\/p>\n<p>\u6bcf\u6b21\u8fde\u63a5 CloudShell \u65f6\uff0c\u5b83\u7684 IP \u5730\u5740\u90fd\u4f1a\u53d1\u751f\u53d8\u5316\uff0c\u4f46\u662f\u5728\u4f7f\u7528 ANSIWHOIS \u8fdb\u884c\u641c\u7d22\u540e\u53d1\u73b0 GCP \u7684 IP \u8303\u56f4\u4f3c\u4e4e\u662f\u4ee5\u4e0b\u6240\u793a\uff0c\u6240\u4ee5\u6211\u8ba4\u4e3a\u5141\u8bb8 SSH \u7684\u9ed8\u8ba4\u8303\u56f4\u6bd4\u5168\u5f00\u8fd8\u662f\u8981\u597d\u4e00\u4e9b\u3002<\/p>\n<pre class=\"post-pre\"><code>NetRange:       35.192.0.0 - 35.207.255.255\r\nCIDR:           35.192.0.0\/12\r\nNetName:        GOOGLE-CLOUD\r\n<\/code><\/pre>\n<p>\u5728\u83b7\u53d6\u673a\u5668\u955c\u50cf\u65f6\uff0c\u5efa\u8bae\u8981\u505c\u6b62\u64cd\u4f5c\uff0c\u4f46\u4e5f\u53ef\u4ee5\u4e0d\u505c\u6b62\u8fdb\u884c\u83b7\u53d6\uff08\u867d\u7136\u4e0d\u80fd\u4fdd\u8bc1\u4e00\u81f4\u6027\uff0c\u4f46\u5982\u679c\u4e0d\u662f\u6709\u72b6\u6001\u7684\u8bdd\u5e94\u8be5\u6ca1\u95ee\u9898\uff09\u3002<\/p>\n<h4>\u30fbHTTP\u8d1f\u8f7d\u5747\u8861\u5668<\/h4>\n<p>\u6709\u5927\u7ea63\u79cd\u7c7b\u578b\u7684\u8d1f\u8f7d\u5747\u8861\u5668\uff0c\u5176\u4e2d\u6709http(s)\u8d1f\u8f7d\u5747\u8861\u5668\uff08\u4ec5\u9650\u4e8eL7\u7684http\u548chttps\uff09\u4ee5\u53cassl\u4ee3\u7406\uff08\u53ef\u4ee5\u9009\u62e9\u51e0\u79cdL7\uff0cTCP\u534f\u8bae\uff09\u548c\u7f51\u7edc\u8d1f\u8f7d\u5747\u8861\u5668\uff08L4\uff09\u3002\u6bcf\u79cd\u8d1f\u8f7d\u5747\u8861\u5668\u7684\u8bbe\u7f6e\u9009\u9879\u4f3c\u4e4e\u90fd\u4e0d\u540c\u3002<br \/>\n\u672c\u6b21\u6211\u9009\u62e9\u4e86http(s)\u8d1f\u8f7d\u5747\u8861\u5668\u3002<\/p>\n<p>\u5982\u679c\u5c06SSL\u7b56\u7565\u8bbe\u7f6e\u4e3aBeta\uff0c\u5e76\u4e14\u6700\u4f4eTLS\u7248\u672c\u8bbe\u7f6e\u4e3aTLS 1.2\uff0c\u4e5f\u662f\u53ef\u80fd\u7684\u3002\uff08\u4ec5\u9650CLI\u8bbe\u7f6e\uff09<\/p>\n<p>\u8fdb\u884c\u8bc1\u4e66\u6ce8\u518c\u540e\u521b\u5efa\u5b9e\u4f8b\u7ec4\uff0c\u7136\u540e\u6ce8\u518c\u5b9e\u4f8b\u5e76\u521b\u5efa\u540e\u7aef\u670d\u52a1\uff0c\u7136\u540e\u53ef\u4ee5\u901a\u8fc7\u521b\u5efa\u8d1f\u8f7d\u5747\u8861\u5668\u6765\u8bbe\u7f6e\u524d\u7aef\u670d\u52a1\u548cURL\u6620\u5c04\u7b49\u3002\u7531\u4e8e\u540e\u7aef\u670d\u52a1\u901a\u8fc780\u7aef\u53e3\u8bbf\u95ee\uff0c\u5982\u679c\u4e0d\u76f4\u63a5\u8bbf\u95ee\u670d\u52a1\u5668\u7aef\uff0c\u5c31\u4e0d\u9700\u8981\u8fdb\u884c\u8bc1\u4e66\u6ce8\u518c\uff08\u672c\u6b21\u4f7f\u7528pgadmin4\u5171\u5b58\uff0c\u670d\u52a1\u5668\u7aef\u4e5f\u542f\u7528\u4e86SSL\uff09\u3002<\/p>\n<h5>\u4f7f\u7528letsencrypt\u548cclouddns\u521b\u5efa\u901a\u914d\u7b26\u548cSAN\u8bc1\u4e66\u3002<\/h5>\n<p>\u597d\u50cf\u539f\u672c\u5e94\u8be5\u662f\u901a\u914d\u7b26\u7684\uff0c\u4f46\u662f\u51fa\u73b0\u4e86\u540d\u5b57\u4e0d\u5339\u914d\u7684\u9519\u8bef\uff0c\u6240\u4ee5\u6839\u636eSAN\uff08ServerAliasName\uff09\u6dfb\u52a0\u4e86-d\u91cd\u65b0\u521b\u5efa\u4e4b\u7c7b\u7684\u64cd\u4f5c\u3002<\/p>\n<p>\u5728\u4ee5\u4e0bACME v2\u901a\u914d\u7b26\u6587\u6863\u4e2d\uff08https:\/\/letsencrypt.jp\/docs\/acme-v2-wildcards.html\uff09\u89e3\u91ca\u4e86\u5982\u4f55\u4f7f\u7528Let&#8217;s Encrypt\u8bc1\u4e66\u6765\u8bbe\u7f6e\u901a\u914d\u7b26\u57df\u540d\uff08https:\/\/advanceffort.com\/lets-encrypt-%E3%83%AF%E3%82%A4%E3%83%AB%E3%83%89%E3%82%AB%E3%83%BC%E3%83%89%E8%A8%AD%E5%AE%9A%E6%89%8B%E9%A0%86\/\uff09\u3002<\/p>\n<pre class=\"post-pre\"><code>sudo certbot certonly --manual --agree-tos --manual-public-ip-logging-ok \\\r\n -d \"*.${mydomain1}\" -d \"${mydomain1}\" -d \"${mydomain2}\" -d \"${mydomain3}\" \\\r\n --preferred-challenges dns -m ${my_mailaddr} --server https:\/\/acme-v02.api.letsencrypt.org\/directory\r\n<\/code><\/pre>\n<p>\u5982\u679cDNS\u6210\u529f\u5730\u8bb0\u5f55\u5e76\u4f20\u64ad\u4e86\u7ed9\u5b9a\u7684\u5b50\u57df\u540d\u548c\u4ee4\u724c\u7684TXT\u8bb0\u5f55\uff0c\u5c31\u6839\u636e&#8221;-d&#8221;\u7684\u6570\u91cf\u91cd\u590d\u6309\u4e0bEnter\u952e\u3002<\/p>\n<h5>\u5c06\u8bc1\u4e66\u6ce8\u518c\u5230LB\u4e0a\u3002<\/h5>\n<p>\u4f7f\u7528\u65e5\u671f\u8fdb\u884c\u6ce8\u518c\u5e76\u8fdb\u884c\u66ff\u6362\uff0c\u66f4\u65b0\u65f6\u4e0d\u4f1a\u4e2d\u65ad\uff08\u63d0\u4f9b\u5305\u542b\u4e2d\u95f4\u8bc1\u4e66\u7684fullchain.pem\u8fdb\u884c\u4e0a\u4f20\uff09\u3002<\/p>\n<pre class=\"post-pre\"><code>#\u65e5\u4ed8\u3064\u304d\u306e\u540d\u524d\u3067\u8a3c\u660e\u66f8\u767b\u9332\r\nsudo gcloud compute ssl-certificates create ${mydomain1}-cert-$(\/bin\/date +%Y%m%d) \\\r\n    --certificate \/etc\/letsencrypt\/live\/${mydomain1}\/fullchain.pem \\\r\n    --private-key \/etc\/letsencrypt\/live\/${mydomain1}\/privkey.pem \\\r\n    --description \"$(\/bin\/date +%Y%m%d) ${mydomain1} wildcard certification.\"\r\n\r\n#\u30bf\u30fc\u30b2\u30c3\u30c8HTTP\u30d7\u30ed\u30ad\u30b7\u30ea\u30bd\u30fc\u30b9\u306e\u8a3c\u660e\u66f8\u3092\u66f4\u65b0\u3059\u308b\r\nsudo gcloud compute target-https-proxies update $my-lb1-target-proxy \\\r\n --ssl-certificates ${mydomain1}-cert-$(\/bin\/date +%Y%m%d) --url-map $my-lb1\r\n\r\n# \u30bf\u30fc\u30b2\u30c3\u30c8HTTP\u30d7\u30ed\u30ad\u30b7\u30ea\u30bd\u30fc\u30b9\u3092\u30d5\u30ed\u30f3\u30c8\u30a8\u30f3\u30c9\u306b\u5272\u308a\u5f53\u3066\u308b\r\nsudo gcloud compute forwarding-rules set-target $my-fs --target-https-proxy $my-lb1-target-proxy --global\r\n\r\n# \u3075\u308b\u3044\u8a3c\u660e\u66f8\u30ea\u30bd\u30fc\u30b9\u3092\u524a\u9664\r\n$ sudo gcloud compute ssl-certificates delete ${mydomain1}-cert-yyyymmdd -q\r\n<\/code><\/pre>\n<h5>\u521b\u5efa\u5468\u56f4\u7684LB<\/h5>\n<p>\u521b\u5efa\u5b9e\u4f8b\u7ec4<\/p>\n<p>\u770b\u8d77\u6765\u4f3c\u4e4e\u5728\u63a7\u5236\u53f0\u4e0a\u663e\u793a\u53ea\u6709\u5728\u5355\u4e00\u533a\u57df\u624d\u80fd\u9009\u62e9\u672a\u7ba1\u7406\u7684\u9009\u9879\u3002<br \/>\n\uff08\u81ea\u52a8\u6269\u5c55\u3001\u81ea\u52a8\u6062\u590d\u3001\u56fe\u50cf\u6a21\u677f\u6ce8\u518c\u7b49\u6258\u7ba1\u529f\u80fd\u53ef\u4ee5\u5728\u5355\u4e00\u6216\u591a\u4e2a\u533a\u57df\u9009\u62e9\uff0c\u4f46\u672a\u53d7\u7ba1\u7406\u7684\u9009\u9879\u53ea\u80fd\u9009\u62e9\u5355\u4e00\u533a\u57df\uff09<\/p>\n<pre class=\"post-pre\"><code>$ sudo gcloud compute --project=$mypj instance-groups unmanaged \\\r\n   create ${my-ins-group1} --zone=${myregion}-a\r\n\r\n$ sudo gcloud compute --project=$mypj instance-groups unmanaged \\\r\n   add-instances ${my-ins-group1} --zone=${myregion}-a --instances=${myhost1}\r\n<\/code><\/pre>\n<p>\u5236\u4f5c\u5065\u5eb7\u68c0\u67e5<\/p>\n<pre class=\"post-pre\"><code>sudo gcloud compute --project \"$mypj\" http-health-checks create \"$my-helthchk-1\" --port \"80\" \\\r\n --request-path \"\/\" --check-interval \"60\" --timeout \"60\" --unhealthy-threshold \"2\" --healthy-threshold \"5\"\r\n<\/code><\/pre>\n<p>\u521b\u5efa\u540e\u7aef\u670d\u52a1<\/p>\n<pre class=\"post-pre\"><code>my-http-bs\r\n\u30d7\u30ed\u30c8\u30b3\u30ebHTTP\u3001\u540d\u524d\u4ed8\u304d\u30dd\u30fc\u30c8http\u3001\u30bf\u30a4\u30e0\u30a2\u30a6\u30c830\u79d2\u3001\r\n\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\uff1a${my-ins-group1}\r\n\u30d8\u30eb\u30b9\u30c1\u30a7\u30c3\u30af\uff1a$my-helthchk-1\r\n\u30bb\u30c3\u30b7\u30e7\u30f3\u30a2\u30d5\u30a3\u30cb\u30c6\u30a3\uff1a\u306a\u3057\uff08\u30bb\u30c3\u30b7\u30e7\u30f3\u7ba1\u7406\u3068\u304b\u9001\u4fe1\u5143\u540c\u3058\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306f\u540c\u3058\u30b5\u30fc\u30d0\u306b\u632f\u308b\u3068\u304b\uff09\r\n\u63a5\u7d9a\u30c9\u30ec\u30a4\u30f3\u306e\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\uff1a300\u79d2\r\n<\/code><\/pre>\n<p>\u5728\u4e2d\u56fd\uff0c\u53ea\u9700\u8981\u4e00\u79cd\u9009\u62e9\u6765\u91ca\u4e49\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n<p>\u30fb\u8fd8\u53ef\u4ee5\u521b\u5efa\u540e\u7aef\u6876<br \/>\n\u8981\u4e3aGCS\uff08\u4e91\u5b58\u50a8\uff09\u547d\u540d\u57df\u540d\uff0c\u9700\u8981\u8fdb\u884c\u57df\u540d\u6240\u6709\u8005\u8eab\u4efd\u9a8c\u8bc1\u3002<br \/>\n\u53ea\u6709\u5728\u547d\u540d\u57df\u540d\u65f6\u624d\u80fd\u4f7f\u7528\u70b9\u53f7\uff0c\u5426\u5219\u53ea\u80fd\u4f7f\u7528\u8fde\u5b57\u7b26\u6216\u4e0b\u5212\u7ebf\u4f5c\u4e3a\u7b26\u53f7\u3002<br \/>\n\u53e6\u5916\uff0c\u5982\u679c\u8981\u5c06\u5176\u4f5c\u4e3aLB\u7684\u540e\u7aef\uff0c\u5c31\u4e0d\u9700\u8981\u4e3a\u5176\u547d\u540d\u57df\u540d\u3002<\/p>\n<p>\u5916\u90e8IP\u5730\u5740\u9700\u8981\u4fdd\u7559\u4f5c\u4e3a\u9759\u6001IP\u7528\u4e8e\u8d1f\u8f7d\u5747\u8861\u3002\u542c\u8d77\u6765\u4f3c\u4e4e\u53ef\u4ee5\u968f\u65f6\u66f4\u6539\u4e3a\u6c38\u4e45\u4e0d\u53d8\u7684\u9759\u6001IP\uff0c\u800c\u4e0d\u662f\u4e34\u65f6\u7684\uff08\u56e0\u91cd\u65b0\u542f\u52a8\u800c\u53d8\u5316\u7684\uff09\uff08\u6839\u636eVPC&gt;\u5916\u90e8IP\u5730\u5740\uff09<\/p>\n<p>\u4f7f\u7528A\u8bb0\u5f55\u5c06LB\u7684IP\u6ce8\u518c\u5230CloudDNS\u4e2d<br \/>\n${mydomain1} 10.xx.xx.xx<\/p>\n<p>\u4ece\u521b\u5efa\u65b0\u7684HTTP(S)\u8d1f\u8f7d\u5747\u8861\u5668\u5f00\u59cb\u3002<\/p>\n<pre class=\"post-pre\"><code>\u540d\u524d\uff1amy-lb1\r\n\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306e\u8a2d\u5b9a\uff1a\u3055\u3063\u304d\u3064\u304f\u3063\u305f\u3082\u306e\u3092\u9078\u629e\r\n\u30db\u30b9\u30c8\u3068\u30d1\u30b9\u306e\u30eb\u30fc\u30eb\uff1a\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u3092\u8a2d\u5b9a\u3059\u308b\u3068\u540c\u6642\u306b\u3059\u3079\u3066\u901a\u3059\u30eb\u30fc\u30eb\u304c\u4f5c\u6210\u3055\u308c\u308b\u305f\u3081\u305d\u306e\u307e\u307e\u3067OK\r\n\u30d5\u30ed\u30f3\u30c8\u30a8\u30f3\u30c9\uff08\u30b0\u30ed\u30fc\u30d0\u30eb\u8ee2\u9001\u30eb\u30fc\u30eb\uff09\u306e\u8a2d\u5b9a\uff1a\r\n\u3000\u540d\u524d\uff1amy-fs\r\n\u3000\u30d7\u30ed\u30c8\u30b3\u30eb\uff1aHTTPS\r\n\u3000IP\uff1a\u3055\u3063\u304d\u78ba\u4fdd\u3057\u3066\u304a\u3044\u305fstaticip\r\n\u3000\u30dd\u30fc\u30c8\uff1a443\r\n\u3000\u8a3c\u660e\u66f8\uff1a\u3055\u3063\u304d\u767b\u9332\u3057\u305f$my-cert-yyyymmdd\r\n<\/code><\/pre>\n<p>\u30fb\u5141\u8bb8\u6765\u81eaLB\u548c\u5065\u5eb7\u68c0\u67e5API\u670d\u52a1\u5668\u7684HTTP\u8bbf\u95ee\u901a\u8fc7\u9632\u706b\u5899\u8bbe\u7f6e<br \/>\n\u7531\u4e8e\u4e0e\u540e\u7aef\u5b9e\u4f8b\u7684\u8fde\u63a5\u4f3c\u4e4e\u5b58\u5728\u95ee\u9898\uff0c\u56e0\u6b64\u8fdb\u884c\u4e86\u4ee5\u4e0b\u9632\u706b\u5899\u5141\u8bb8\u6ce8\u518c\u3002<\/p>\n<pre class=\"post-pre\"><code>gcloud compute --project=$mypj firewall-rules create allow-gcp-http-lb \\\r\n --description=allow\\ from\\ gcp\\ http\\ load\\ balancer \\\r\n --direction=INGRESS --priority=1002 --network=${myvpc1} --action=ALLOW --rules=tcp:80,tcp:443 \\\r\n --source-ranges=130.211.0.0\/22,35.191.0.0\/16 --target-tags=web\r\n<\/code><\/pre>\n<h5>\u00b7 SSL\u653f\u7b56\u5206\u914d<\/h5>\n<p>\u901a\u8fc7CLI\u8fdb\u884c\u8bbe\u7f6e\uff08\u6d4b\u8bd5\u7248\uff09\uff0c\u5bf9TLS1.2\u8fdb\u884c\u9650\u5236\uff0c\u5426\u5219\u4f1a\u62a5\u9519\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo gcloud beta compute ssl-policies create ${my-custom-sslpolicy} --profile  MODERN --min-tls-version 1.2 \r\n$ sudo gcloud beta compute ssl-policies list\r\nNAME                 PROFILE  MIN_TLS_VERSION\r\n${my-custom-sslpolicy}  MODERN   TLS_1_2\r\n\r\n$ sudo gcloud beta compute target-https-proxies update \\\r\n&gt;  $my-lb1-target-proxy --ssl-policy ${my-custom-sslpolicy} \r\n\r\n$ sudo gcloud beta compute target-https-proxies describe ${my-lb1}-target-proxy\r\n\r\nid: '******'\r\nkind: compute#targetHttpsProxy\r\nname: ${my-lb1}-target-proxy \r\nselfLink: https:\/\/www.googleapis.com\/compute\/beta\/projects\/${mydomain1}\/global\/targetHttpsProxies\/${my-lb1}-target-proxy\r\nsslCertificates:\r\n\r\n\r\n$ sudo gcloud beta compute ssl-policies describe ${my-custom-sslpolicy} \r\ncreationTimestamp: '2018-03-29T06:08:14.547-07:00'\r\nenabledFeatures:\r\n- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA\r\n- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\r\n- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA\r\n- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\r\n- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\r\n- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA\r\n- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\r\n- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA\r\n- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\r\n- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\r\nfingerprint: ******\r\nid: 'xxxxxxxxxxxxx'\r\nkind: compute#sslPolicy\r\nminTlsVersion: TLS_1_2\r\nname: ${my-lb1}-target-proxy\r\nprofile: MODERN\r\n<\/code><\/pre>\n<p>\u4ee5\u4e0b\u662f\u7528\u4e2d\u6587\u539f\u751f\u65b9\u5f0f\u8f6c\u8ff0\u7684\u4e00\u79cd\u9009\u9879\uff1a<\/p>\n<p>&#8220;https:\/\/cloud.google.com\/compute\/docs\/load-balancing\/ssl-policies?hl=ja&#8221; \u8fd9\u7bc7\u6587\u7ae0\u4ecb\u7ecd\u4e86\u5173\u4e8e\u8d1f\u8f7d\u5747\u8861SSL\u7b56\u7565\u7684\u5185\u5bb9\u3002<\/p>\n<p>&#8220;https:\/\/cloudplatform-jp.googleblog.com\/2018\/03\/announcing-SSL-policies-for-HTTPS-and-SSL-proxy-load-balancers.html&#8221; \u8fd9\u7bc7Google\u4e91\u5e73\u53f0\u7684\u535a\u5ba2\u516c\u544a\u4e86\u5173\u4e8eHTTPS\u548cSSL\u4ee3\u7406\u8d1f\u8f7d\u5747\u8861\u5668\u7684SSL\u7b56\u7565\u3002<\/p>\n<h4>\u5728CloudSQL\u4e2d\u521b\u5efa\u4e00\u4e2aPostgreSQL\u5b9e\u4f8b\u3002<\/h4>\n<p>\u7531\u4e8eCLI\u5904\u4e8e\u6d4b\u8bd5\u7248\u9636\u6bb5\uff0c\u6240\u4ee5\u4e0b\u9762\u662f\u8bbe\u7f6e\u7684\u914d\u7f6e\u3002<\/p>\n<pre class=\"post-pre\"><code>\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9ID\uff1a$my-csql\r\n\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30e6\u30fc\u30b6\u30fc \u30d1\u30b9\u30ef\u30fc\u30c9\uff1a*******\r\n\u30ea\u30fc\u30b8\u30e7\u30f3\uff1a${myregion}\r\n\u30be\u30fc\u30f3\uff1a${myregion}-a\r\nDB\u30d0\u30fc\u30b8\u30e7\u30f3\uff1a9.6\r\n    \u30de\u30b7\u30f3type\uff1adb-n1-standard-1\u9078\u629e\u3067\u304d\u305a\r\n\u81ea\u52d5\u30d0\u30c3\u30af\u30a2\u30c3\u30d7\uff1a2-6\u6642\r\n\u53ef\u7528\u6027\uff1a\u30b7\u30f3\u30b0\u30eb\r\n\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306e\u627f\u8a8d\uff1a\u672a\u8a2d\u5b9a\r\n\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30d5\u30e9\u30b0\u8ffd\u52a0\uff1a\u672a\u8a2d\u5b9a\r\n\u30e1\u30f3\u30c6\u30b9\u30b1\u30b8\u30e5\u30fc\u30eb\u306e\u8a2d\u5b9a\uff1a\u65e5\u66dc\u306e2-3\u6642\u3001\u9045\u3081\r\n\u30e9\u30d9\u30eb\uff1a\r\nenvironment:production\r\nrole:db\r\n<\/code><\/pre>\n<p>\u8bf7\u53c2\u8003\u4ee5\u4e0b\u94fe\u63a5\uff1a<br \/>\n1. Google Cloud SQL \u6587\u6863\u4e2d\u7684 Postgres \u8fde\u63a5\u914d\u7f6e\u6307\u5357\uff08https:\/\/cloud.google.com\/sql\/docs\/postgres\/connect-admin-proxy?hl=ja\uff09<br \/>\n2. \u4f7f\u7528 Cloud SQL \u7684 Google App Engine PHP \u6307\u5357\uff08https:\/\/blog.hrendoh.com\/google-appengine-php-using-cloud-sql\/\uff09<\/p>\n<p>\u4ee5\u4e0b\u662f\u8fde\u63a5\u5916\u90e8\u5e94\u7528\u7a0b\u5e8f\u7684\u65b9\u6cd5\uff0c\u4f46\u672c\u6848\u4ef6\u4e0d\u4f7f\u7528\u3002<br \/>\nhttps:\/\/cloud.google.com\/sql\/docs\/mysql\/connect-external-app?hl=ja&#038;_ga=2.49698144.-779814870.1500864087#proxy<\/p>\n<p>\u5bf9\u4e8e\u8fde\u63a5\u5916\u90e8\u5e94\u7528\u7a0b\u5e8f\u7684\u65b9\u6cd5\u7b49\uff0c\u8bf7\u53c2\u8003\u4e0a\u8ff0\u94fe\u63a5\uff0c\u4f46\u5728\u672c\u6848\u4e2d\u4e0d\u4f7f\u7528\u3002<\/p>\n<p>\u5728flag\u4e2d\uff0c\u66f4\u65b0\u8bbe\u7f6e\u7684\u53ef\u9009\u9879\u6709\u9650\u3002\u5bf9\u4e8epostgresql\uff0c\u5982\u679c\u8981\u66f4\u6539\u65f6\u533a\uff0c\u4f3c\u4e4e\u53ea\u80fd\u4f7f\u7528ALTER DATABASE $mydbschema SET timezone TO &#8216;Asia\/Tokyo&#8217;;\u3002\u8be5\u9009\u9879\u4e0d\u5728\u53ef\u8bbe\u7f6e\u7684\u6807\u5fd7\u5217\u8868\u4e2d\u3002\uff08\u4f3c\u4e4e\u53ea\u80fd\u505a\u4e00\u4e9b\u4e0evacuum\u76f8\u5173\u7684\u8bbe\u7f6e\uff09\u3002<\/p>\n<p>PostgreSQL 9.6.5\u6587\u6863\uff0c\u7b2c19\u7ae0\uff1a\u670d\u52a1\u5668\u914d\u7f6e<br \/>\n\u94fe\u63a5\uff1ahttps:\/\/www.postgresql.jp\/document\/9.6\/html\/runtime-config.html<br \/>\nhttps:\/\/www.postgresql.jp\/document\/9.6\/html\/config-setting.html<\/p>\n<p>\u867d\u7136\u53ef\u4ee5\u4f7f\u7528 ALTER SYSTEM \u8fdb\u884c\u8bbe\u7f6e\uff0c\u4f46\u5982\u679c\u6ca1\u6709\u8d85\u7ea7\u7528\u6237\u6743\u9650\uff0c\u5219\u65e0\u6cd5\u5b8c\u6210\u64cd\u4f5c\u3002\u5982\u9884\u671f\u90a3\u6837\uff0c\u4e91\u670d\u52a1 CloudSQL \u65e0\u6cd5\u6dfb\u52a0\u8d85\u7ea7\u7528\u6237\u6743\u9650\u3002<br \/>\n\u76f8\u5173\u94fe\u63a5\uff1a<br \/>\nhttps:\/\/www.postgresql.jp\/document\/9.6\/html\/sql-altersystem.html<br \/>\nhttps:\/\/cloud.google.com\/sql\/docs\/postgres\/users<\/p>\n<h5>\u5b89\u88c5cloud_sql_proxy\u5e76\u5c06\u5176\u8f6c\u5316\u4e3asystemd\u5355\u5143\u3002<\/h5>\n<p>\u5982\u679c\u4e0d\u5728VPC\u7684\u79c1\u6709\u5b50\u7f51\u4e0a\u521b\u5efaGCP\u670d\u52a1\uff0c\u5c31\u65e0\u6cd5\u671f\u671b\u5176\u63d0\u4f9b\u5982\u6b64\u8be6\u7ec6\u7684\u529f\u80fd\u3002\u5728\u6ca1\u6709\u5b89\u88c5cloud_sql_proxy\u7684\u60c5\u51b5\u4e0b\uff0c\u5c06\u901a\u8fc7SSL\u8fde\u63a5\u4f7f\u7528\u5168\u5c40IP\u8fdb\u884c\u8fde\u63a5\u3002\u5982\u679c\u5b89\u88c5\u4e86cloud_sql_proxy\uff0c\u53ef\u4ee5\u901a\u8fc7\u5e94\u7528\u7a0b\u5e8f\u5bf9\u672c\u5730\u8fdb\u884c\u8bbf\u95ee\uff0c\u5373\u4f7f\u5728\u6545\u969c\u8f6c\u79fb\u65f6\u53ef\u80fd\u4f1a\u4e2d\u65ad\uff0c\u4f46\u4ecd\u53ef\u4ee5\u4f7f\u7528\u76f8\u540c\u7684\u8fde\u63a5\u540d\u79f0\u8fdb\u884c\u8bbf\u95ee\u3002<\/p>\n<p>https:\/\/cloud.google.com\/sql\/docs\/postgres\/sql-proxy<br \/>\nhttps:\/\/cloud.google.com\/sql\/docs\/postgres\/connect-admin-proxy?hl=ja<\/p>\n<p>https:\/\/cloud.google.com\/sql\/docs\/postgres\/sql-proxy<br \/>\nhttps:\/\/cloud.google.com\/sql\/docs\/postgres\/connect-admin-proxy?hl=ja<\/p>\n<pre class=\"post-pre\"><code>$ sudo wget https:\/\/dl.google.com\/cloudsql\/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy\r\n\r\n$ sudo chmod +x cloud_sql_proxy\r\n<\/code><\/pre>\n<p>\u6b64\u5916\uff0c\u6211\u5df2\u7ecf\u542f\u7528\u4e86Google Cloud SQL API\u3002<br \/>\nhttps:\/\/console.developers.google.com\/apis\/api\/sqladmin.googleapis.com\/overview?project=649697318341<\/p>\n<p>\u5177\u4f53\u6765\u8bf4\u5728\u6b64\u5904<br \/>\nhttps:\/\/www.googleapis.com\/auth\/sqlservice.admin<\/p>\n<pre class=\"post-pre\"><code>$ .\/cloud_sql_proxy -instances=${mypj}:${myregion}:${db-instance-name}=tcp:5432 &amp;\r\n[1] 29343\r\n$ 2018\/03\/27 19:57:49 Listening on 127.0.0.1:5432 for ${mypj}:${myregion}:${db-instance-name}\r\n2018\/03\/27 19:57:49 Ready for new connections\r\n\r\n$ netstat -lnpt\r\nProto Recv-Q Send-Q Local Address           Foreign Address         State       PID\/Program name    \r\ntcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      29343\/.\/cloud_sql_p \r\n\r\n$ psql \"host=127.0.0.1 sslmode=disable dbname=postgres user=postgres\"\r\n\u30d1\u30b9\u30ef\u30fc\u30c9:\r\npostgres=&gt; \\l\r\npostgres-&gt; \\du\r\n<\/code><\/pre>\n<p>\u5982\u679c\u7ee7\u7eed\u8fd9\u6837\uff0c\u64cd\u4f5c\u7cfb\u7edf\u65e0\u6cd5\u91cd\u65b0\u542f\u52a8\uff0c\u6240\u4ee5\u9700\u8981\u8fdb\u884csystemd\u5316\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo ln -s \/usr\/local\/src\/cloud_sql_proxy \/usr\/bin\/cloud_sql_proxy\r\nsudo mkdir \/etc\/systemd\/system\/cloud_sql_proxy\\@.service.d\r\nsudo vi \/etc\/systemd\/system\/cloud_sql_proxy\\@.service.d\/limits.conf\r\n\r\nsudo vi \/etc\/systemd\/system\/cloud_sql_proxy\\@.service\r\n------------\r\n[Unit]\r\nDescription = CloudSQL Proxy %i\r\nAfter = network.target\r\n\r\n[Service]\r\nEnvironmentFile = \/etc\/sysconfig\/cloud_sql_proxy\/%i.conf\r\nExecStart = \/usr\/bin\/cloud_sql_proxy -instances=${PROJECT_ID}:${REGION}:${INSTANCE_NAME}=tcp:${PORT}\r\nExecStop = \/bin\/kill ${MAINPID}\r\nExecReload = \/bin\/kill -HUP ${MAINPID}\r\nRestart = always\r\nType = simple\r\n\r\n[Install]\r\nWantedBy = multi-user.target\r\n------------\r\n<\/code><\/pre>\n<p>\u8fd9\u53e5\u8bdd\u4e3b\u8981\u662f\u5173\u4e8e\u6307\u5b9a\u4e00\u4e2a\u5b9e\u4f8b\u540d\u79f0\uff08instance_name\uff09\uff0c\u53ef\u80fd\u4e5f\u662fsystemd\u7cfb\u7edf\u4e3a\u4e86\u786e\u4fdd\u5185\u5b58\u7a7a\u95f4\u7684\u540d\u79f0\uff0c\u5e76\u5728\u542f\u52a8\u65f6\u5728\u201c@\u201d\u540e\u9762\u6307\u5b9a\u3002<br \/>\n\u5982\u679c\u8981\u8fde\u63a5\u5230\u53e6\u4e00\u4e2aSQL\u5b9e\u4f8b\uff0c\u53ef\u4ee5\u5728instances\u4e2d\u7528\u9017\u53f7\u5206\u9694\u6307\u5b9a\u8fde\u63a5\u540d\uff08\u5982\u679c\u4e0d\u66f4\u6539\u7aef\u53e3\u7684\u8bdd\u53ef\u80fd\u4f1a\u6709\u95ee\u9898\uff09\u3002<br \/>\n\u76f8\u5173\u94fe\u63a5\uff1a<br \/>\nhttps:\/\/cloud.google.com\/sql\/docs\/postgres\/sql-proxy#multiple-instances<br \/>\nhttps:\/\/www.freedesktop.org\/software\/systemd\/man\/systemd.unit.html<br \/>\n<iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"Systemd\u5165\u9580(4) - service\u30bf\u30a4\u30d7Unit\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb - \u3081\u3082\u3081\u3082\" src=\"https:\/\/hatenablog-parts.com\/embed?url=http%3A%2F%2Fenakai00.hatenablog.com%2Fentry%2F20130917%2F1379374797#?secret=JbbVZnckGK\" data-secret=\"JbbVZnckGK\" scrolling=\"no\" frameborder=\"0\"><\/iframe><\/p>\n<pre class=\"post-pre\"><code>sudo mkdir \/etc\/sysconfig\/cloud_sql_proxy\r\nsudo vi \/etc\/sysconfig\/cloud_sql_proxy\/${db-instance-name}.conf\r\n------------\r\nPROJECT_ID=\"${mypj}\"\r\nREGION=\"${myregion}\"\r\nINSTANCE_NAME=\"${db-instance-name}\"\r\nPORT=\"5432\"\r\n------------\r\n\r\n$ sudo systemctl start cloud_sql_proxy@${db-instance-name}.service\r\n$ sudo systemctl status cloud_sql_proxy@${db-instance-name}.service\r\n\r\n$ sudo systemctl is-enabled cloud_sql_proxy@${db-instance-name}.service\r\n$ sudo systemctl enable cloud_sql_proxy@${db-instance-name}.service\r\n$ sudo systemctl is-enabled cloud_sql_proxy@${db-instance-name}.service\r\n<\/code><\/pre>\n<h5>\u4ec5\u63d0\u4f9b\u4e00\u79cd\u9009\u9879\uff0c\u4ee5\u4e0b\u662f\u5bf9\u8be5\u53e5\u7684\u6c49\u8bed\u672c\u5730\u5316\u6539\u5199:<\/h5>\n<p>\u5c06pgadmin4\u4e0eApache\u8fde\u63a5\uff08\u4e0eGCP\u65e0\u5173\uff09<\/p>\n<p>\u56e0\u4e3a\u6211\u89c9\u5f97phppgadmin\u4f3c\u4e4e\u6ca1\u6709\u9002\u914dphp7.1\u548cpostgresql9.6\uff0c\u6240\u4ee5\u6211\u5c06pgadmin4\u4e0emod_wsgi\u8fdb\u884c\u4e86\u96c6\u6210\u3002<\/p>\n<p>Source: http:\/\/www.youyoukankan.net\/cms\/postgresql-pgadmin4-install.html<\/p>\n<pre class=\"post-pre\"><code>$ sudo yum install pgadmin4-v2 mod_wsgi\r\n$ rpm -ql pgadmin4-v2\r\n\r\n$ cat \/etc\/pgadmin\/pgadmin4.conf\r\nApplicationPath=\"\/usr\/lib\/python2.7\/site-packages\/pgadmin4-web\/\"\r\nPythonPath=\"\/usr\/lib\/python2.7\/site-packages:\/usr\/lib64\/python2.7\/site-packages\"\r\n\r\n$ cd \/usr\/lib\/python2.7\/site-packages\/pgadmin4-web\/\r\n$ sudo touch config_local.py\r\n$ sudo vi config_local.py \r\n$ sudo mkdir \/var\/lib\/pgadmin4\r\n$ sudo python setup.py\r\n\u521d\u671f\u30a2\u30ab\u30a6\u30f3\u30c8\u60c5\u5831\u3092\u5165\u529b\r\n$ ls \/var\/lib\/pgadmin4\/\r\npgadmin4.db  pgadmin4.log  sessions  storage\r\n$ systemctl status pgadmin4-v2\r\n$ systemctl is-enabled pgadmin4-v2\r\ndisabled\r\n$ sudo chown -R apache:apache \/var\/lib\/pgadmin4\r\n$ sudo systemctl start pgadmin4-v2\r\n$ sudo systemctl status pgadmin4-v2\r\ncd \/etc\/httpd\/conf.d\/\r\n$ sudo cp -p pgadmin4-v2.conf{.sample,}\r\n$ sudo vim pgadmin4-v2.conf\r\n$ diff pgadmin4-v2.conf{.sample,}\r\n1c1\r\n&lt; LoadModule wsgi_module modules\/mod_wsgi.so\r\n---\r\n&gt; #LoadModule wsgi_module modules\/mod_wsgi.so\r\n10c10,14\r\n&lt;               Require all granted\r\n---\r\n&gt;               #Require all granted\r\n&gt;                 Require local\r\n&gt;                 # allow from companys office\r\n&gt;                 Require ip ${myip1}\r\n&gt;                 Require ip ${myip2}\r\n$ sudo systemctl restart httpd\r\n$ sudo systemctl status httpd\r\n<\/code><\/pre>\n<p>\u767b\u5165\u540e\u53ef\u4ee5\u521b\u5efa\u8d26\u6237\u548c\u8bbe\u7f6e\u8fde\u63a5\u4fe1\u606f\u3002\u7531\u4e8e\u4f7f\u7528cloud_sql_proxy\u8fdb\u884c\u8fde\u63a5\uff0c\u6240\u4ee5\u53ef\u4ee5\u5728pgadmin4\u4e2d\u6307\u5b9a\u672c\u5730\u4e3b\u673a\u8fdb\u884c\u8fde\u63a5\u3002<\/p>\n<p>\u5728\u8fd9\u91cc\u542f\u7528SELinux\u53ef\u80fd\u4f1a\u5bfc\u81f4\u65e0\u6cd5\u767b\u5f55\uff0c\u8bf7\u6ce8\u610f\u3002<\/p>\n<h4>\u30fb\u5728Apache\u670d\u52a1\u5668\u4e0a\u5c06IP\u548cHTTP\u8bbf\u95ee\u91cd\u5199\u4e3aHTTPS\u3002<\/h4>\n<p>Apache\u548cPHP\u7684\u5b89\u88c5\u65b9\u6cd5\u4e0d\u5728\u6b64\u8fdb\u884c\u8ba8\u8bba\uff0c\u63a8\u8350\u4f7f\u7528Remi\u8fdb\u884c\u5b89\u88c5\u3002\u81f3\u4e8e\u5b89\u88c5php-pgsql\uff0c\u5efa\u8bae\u5728\u5b89\u88c5\u4e86PostgreSQL\u5ba2\u6237\u7aef\u4e4b\u540e\u518d\u8fdb\u884c\u5b89\u88c5\u3002<\/p>\n<p>\u5728\u8fdb\u884c\u91cd\u5199\u4e4b\u524d\uff0c\u5fc5\u987b\u5c06\u8d1f\u8f7d\u5747\u8861\uff08LB\uff09\u7684\u5065\u5eb7\u68c0\u67e5IP\u6392\u9664\u5728\u5916\uff0c\u4ee5\u514d\u5bfc\u81f4\u91cd\u5b9a\u5411\uff0c\u4ece\u800c\u4f7f\u5f97LB\u7684\u540e\u7aef\u670d\u52a1\u65e0\u6cd5\u6b63\u5e38\u8fd0\u4f5c\uff0c\u6d4f\u89c8\u5668\u5c06\u663e\u793a\u670d\u52a1\u5668\u9519\u8bef\uff08ServerError\uff09\u3002<\/p>\n<p>\u57282.4\u7248\u672c\u4e2d\uff0cIP\u9650\u5236\u7684\u5199\u6cd5\u4e0eNameVirtualHost\u4e0d\u518d\u9700\u8981\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo cat \/etc\/httpd\/conf.d\/rewrite.conf \r\n&lt;ifModule mod_rewrite.c&gt;\r\n      RewriteEngine On\r\n      LogLevel alert rewrite:trace3\r\n      RewriteCond %{HTTPS} off\r\n      RewriteRule . https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]\r\n&lt;\/ifModule&gt;\r\n\r\n$ sudo cat \/etc\/httpd\/conf.d\/vhost.conf \r\n# Access using IP address to dummy\r\n&lt;VirtualHost *:80&gt;\r\n    ServerName any\r\n    RewriteEngine On\r\n    #LogLevel alert rewrite:trace3\r\n    RewriteCond %{HTTP_USER_AGENT} !^GoogleHC\r\n    RewriteCond %{REMOTE_ADDR} !^35.191.0.0\/16\r\n    RewriteCond %{REMOTE_ADDR} !^130.211.0.0\/22\r\n    RewriteCond %{REMOTE_ADDR} !^35.186.211.99\/32\r\n    RewriteCond %{REMOTE_ADDR} !^209.85.152.0\/22\r\n    RewriteCond %{REMOTE_ADDR} !^209.85.204.0\/22\r\n    RewriteCond %{HTTP_HOST} !=${mydomain}\r\n    RewriteRule . https:\/\/${mydomain}\/%{REQUEST_URI} [L,R=301]\r\n&lt;\/VirtualHost&gt;\r\n\r\n# Listen for virtual host requests on all IP addresses\r\n&lt;VirtualHost *:80&gt;\r\n    DocumentRoot \/var\/www\/vhosts\/${mydomain}\/html\r\n    ServerName ${mydomain}\r\n    ServerAlias ${mydomain1}\r\n    ErrorLog \"logs\/${mydomain}.error_log\"\r\n    CustomLog \"logs\/${mydomain}.access_log\" combined env=!nolog\r\n    RewriteEngine On\r\n    #LogLevel alert rewrite:trace3\r\n    RewriteCond %{HTTP:X-Forwarded-Proto} =http\r\n    RewriteRule . https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]\r\n    &lt;Directory \/var\/www\/vhosts\/${mydomain}\/html\/&gt;\r\n        Options FollowSymLinks\r\n        AllowOverride All\r\n    &lt;\/Directory&gt;\r\n&lt;\/VirtualHost&gt;\r\n&lt;VirtualHost *:80&gt;\r\n    ServerName admin.${mydomain}\r\n    ErrorLog logs\/admin.${mydomain}_error_log\r\n    TransferLog logs\/admin.${mydomain}_access_log\r\n    RewriteEngine On\r\n    #LogLevel alert rewrite:trace3\r\n    RewriteCond %{HTTPS} off\r\n    RewriteRule . https:\/\/%{HTTP_HOST}%{REQUEST_URI} [L,R=301]\r\n&lt;\/VirtualHost&gt;\r\n\r\n$ cat ssl.conf|grep -v '^#'|sed -e '\/^$\/d' \r\nListen 443 https\r\nSSLPassPhraseDialog exec:\/usr\/libexec\/httpd-ssl-pass-dialog\r\nSSLSessionCache         shmcb:\/run\/httpd\/sslcache(512000)\r\nSSLSessionCacheTimeout  300\r\nSSLRandomSeed startup file:\/dev\/urandom  256\r\nSSLRandomSeed connect builtin\r\nSSLCryptoDevice builtin\r\n&lt;VirtualHost *:443&gt;\r\n    ServerName any\r\n    RewriteEngine On\r\n    #LogLevel alert rewrite:trace3\r\n    RewriteCond %{HTTP_HOST} !=${mydomain}\r\n    RewriteRule ^\/?(.*) https:\/\/admin.${mydomain}\/$1 [L,R=301]\r\n    SSLEngine on\r\n    SSLCertificateFile \/etc\/letsencrypt\/live\/${mydomain}\/cert.pem\r\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/${mydomain}\/privkey.pem\r\n    SSLCertificateChainFile \/etc\/letsencrypt\/live\/${mydomain}\/chain.pem\r\n&lt;\/VirtualHost&gt;\r\n&lt;VirtualHost _default_:443&gt;\r\nErrorLog logs\/ssl_error_log\r\nTransferLog logs\/ssl_access_log\r\nLogLevel warn\r\nSSLEngine on\r\nSSLProtocol all -SSLv3 -TLSv1 -TLSv1.1\r\nSSLProxyProtocol all -SSLv3 \r\nSSLHonorCipherOrder on\r\nSSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256\r\nSSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4\r\nSSLHonorCipherOrder     on\r\nSSLCompression          off\r\nSSLCertificateFile \/etc\/letsencrypt\/live\/${mydomain}\/cert.pem\r\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/${mydomain}\/privkey.pem\r\nSSLCertificateChainFile \/etc\/letsencrypt\/live\/${mydomain}\/chain.pem\r\n&lt;FilesMatch \"\\.(cgi|shtml|phtml|php)$\"&gt;\r\n    SSLOptions +StdEnvVars\r\n&lt;\/FilesMatch&gt;\r\n&lt;Directory \"\/var\/www\/cgi-bin\"&gt;\r\n    SSLOptions +StdEnvVars\r\n&lt;\/Directory&gt;\r\nBrowserMatch \"MSIE [2-5]\" \\\r\n         nokeepalive ssl-unclean-shutdown \\\r\n         downgrade-1.0 force-response-1.0\r\nCustomLog logs\/ssl_request_log \\\r\n          \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\\"%r\\\" %b\"\r\n&lt;\/VirtualHost&gt;\r\n&lt;VirtualHost *:443&gt;\r\n    ServerName admin.${mydomain}\r\n    SSLEngine on\r\n    ErrorLog logs\/ssl_admin.${mydomain}_error_log\r\n    TransferLog logs\/ssl_admin.${mydomain}_access_log\r\n    SSLCertificateFile \/etc\/letsencrypt\/live\/${mydomain}\/cert.pem\r\n    SSLCertificateKeyFile \/etc\/letsencrypt\/live\/${mydomain}\/privkey.pem\r\n    SSLCertificateChainFile \/etc\/letsencrypt\/live\/${mydomain}\/chain.pem\r\n    # Uncomment the following directive when using client certificate authentication\r\n    #SSLCACertificateFile    \/path\/to\/ca_certs_for_client_authentication\r\n    # HSTS (mod_headers is required) (15768000 seconds = 6 months)\r\n    Header always set Strict-Transport-Security \"max-age=15768000\"\r\n&lt;\/VirtualHost&gt;\r\n<\/code><\/pre>\n<p>\u4ee5\u4e0b\u662fSSL\u8a2d\u5b9a\u751f\u6210\u7684\u53c3\u8003\u8cc7\u6599:<br \/>\nhttps:\/\/mozilla.github.io\/server-side-tls\/ssl-config-generator\/<br \/>\nhttps:\/\/qiita.com\/nightyknite\/items\/36cc1d4d067def437e04<\/p>\n<p>\u5982\u679c\u4f7f\u7528LB\uff0c\u5219\u5982\u679c%{HTTP:X-Forwarded-Proto} =http\uff0c\u5219\u8fdb\u884chttps\u91cd\u5b9a\u5411\uff1b<br \/>\n\u5982\u679c\u4e0d\u4f7f\u7528LB\uff0c\u5219\u5982\u679c%{HTTPS} off\uff0c\u5219\u8fdb\u884c\u91cd\u5b9a\u5411\u3002<\/p>\n<p>\u5728mod_rewrite\u7684\u624b\u518c\u4e2d\u5217\u4e3e\u4e86\u53ef\u7528\u7684\u53d8\u91cf\u3002<br \/>\nhttp:\/\/httpd.apache.org\/docs\/current\/mod\/mod_rewrite.html<br \/>\n\u7531\u4e8erewrite:trace3\u4f1a\u4ea7\u751f\u5927\u91cf\u65e5\u5fd7\u8bb0\u5f55\uff0c\u56e0\u6b64\u5728\u9a8c\u8bc1\u5b8c\u4e4b\u540e\u6700\u597d\u505c\u6b62\u4f7f\u7528\u3002<\/p>\n<p>\u6b64\u5916\uff0c\u7531\u4e8eLB\u7684\u6307\u793a\uff0c\u624b\u518c\u4e0a\u5199\u7740\u5c06KeepAliveTimeout\u8bbe\u7f6e\u4e3a620\uff0c\u6240\u4ee5\u6211\u5c31\u8fd9\u6837\u505a\u4e86\u3002<br \/>\n\uff08\u624b\u518c\u4e0a\u8fd8\u5199\u7740AWS\u4e5f\u5e94\u8be5\u8bbe\u7f6e\u4e3a120\uff0c\u56e0\u6b64\u5982\u679c\u5728LB\u4e0b\uff0c\u957f\u4e00\u70b9\u5e94\u8be5\u66f4\u597d\u5427\uff09<\/p>\n<h4>\u7531\u4e8email\u5728OP25B\u4e0a\u65e0\u6cd5\u6b63\u5e38\u53d1\u9001\uff0c\u6240\u4ee5\u9700\u8981\u901a\u8fc7SendGlid\u6216\u5176\u4ed6\u65b9\u5f0f\u8fdb\u884c\u4e2d\u7ee7\u3002<\/h4>\n<p>\u5728AWS\u4e2d\uff0c\u6709SES\u5e76\u4e14\u53ef\u4ee5\u8fdb\u884cMTA\u7684\u53cd\u5411DNS\u6ce8\u518c\u4ee5\u89e3\u9664\u9650\u5236\u7533\u8bf7\u3002\u800c\u5728Azure\u4e2d\uff0c\u53ef\u80fd\u9700\u8981\u4f7f\u7528SendGlid\u6216\u8005Exchange Online\u3002\u800c\u5728GCP\u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7SendGlid\u6216\u8005mailgun\u3001mailiet\u7b49\u670d\u52a1\u6765\u901a\u8fc7\u65e5\u672c\u7684\u624b\u673a\u8fd0\u8425\u5546\u7684\u9ed1\u540d\u5355IP\u9650\u5236\u3002\u7136\u800c\uff0c\u4f7f\u7528SendGlid\u7684\u8bdd\u9700\u8981\u652f\u4ed8\u8d39\u7528\uff0c\u800c\u4e14\u72ec\u7acb\u57df\u540d\u7684\u4f7f\u7528\u4e5f\u662f\u6536\u8d39\u7684\u3002<\/p>\n<h4>\u8bf7\u5b89\u88c5StackDriver\uff08Google Cloud Monitoring\uff09\u7684\u4ee3\u7406\u3002<\/h4>\n<p>\u5728https:\/\/cloud.google.com\/logging\/docs\/agent\/installation?hl=ja \u548chttps:\/\/cloud.google.com\/monitoring\/agent\/install-agent?hl=ja \u8fd9\u4e24\u4e2a\u94fe\u63a5\u4e2d\uff0c\u9996\u5148\u9700\u8981\u8fdb\u884c\u670d\u52a1\u5e10\u53f7\u6ce8\u518c\uff0c\u7136\u540e\u5c31\u53ef\u4ee5\u5b89\u88c5\u4ee3\u7406\u5e94\u7528\u7a0b\u5e8f\u3002<\/p>\n<pre class=\"post-pre\"><code>$ cd \/usr\/local\/src\r\n$ sudo curl -sSO \"https:\/\/dl.google.com\/cloudagents\/install-logging-agent.sh\"\r\n$ sudo bash install-logging-agent.sh\r\n$ rpm -qa|grep google-fluentd\r\ngoogle-fluentd-catch-all-config-0.7-1.noarch\r\ngoogle-fluentd-1.5.29-1.el7.x86_64\r\n$ sudo systemctl status google-fluentd\r\n\u25cf google-fluentd.service - LSB: data collector for Treasure Data\r\n   Loaded: loaded (\/etc\/rc.d\/init.d\/google-fluentd; bad; vendor preset: disabled)\r\n   Active: active (running) since \u6c34 2018-04-11 08:32:09 JST; 3h 35min ago\r\n\r\n$ sudo curl -sSO https:\/\/dl.google.com\/cloudagents\/install-monitoring-agent.sh\r\n$ sudo bash install-monitoring-agent.sh\r\n$ rpm -qa|grep stackdriver\r\nstackdriver-agent-5.5.2-379.el7.centos.x86_64\r\n$ systemctl status stackdriver-agent\r\n\u25cf stackdriver-agent.service - LSB: start and stop Stackdriver Agent\r\n   Loaded: loaded (\/etc\/rc.d\/init.d\/stackdriver-agent; bad; vendor preset: disabled)\r\n   Active: active (running) since \u6c34 2018-04-11 11:37:43 JST; 4min 38s ago\r\n\uff5e\u7565\uff5e\r\n<\/code><\/pre>\n<p>\u8be6\u7ec6\u6587\u7ae0\u7684\u7ee7\u7eed\u90e8\u5206\u5728\u4ee5\u4e0b\u94fe\u63a5\u4e2d\u53ef\u4ee5\u627e\u5230\uff1a<br \/>\nhttps:\/\/qiita.com\/FumihikoSHIROYAMA\/items\/6846630b44fbc3f22b8e<\/p>\n<p>\u5173\u4e8e\u65e5\u5fd7\u8fd9\u4e00\u70b9\uff0c\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4f3c\u4e4e\u6bcf\u6708\u670950GB\u7684\u514d\u8d39\u5bb9\u91cf\u53ef\u4f9b\u4f7f\u7528\uff0c\u76f8\u5f53\u4e8eCloudTrail\u7684Auditlogging\u529f\u80fd\uff0c\u5728https:\/\/cloud.google.com\/stackdriver\/pricing?hl=ja#logs-allotments \u4e0a\u6709\u8be6\u7ec6\u8bf4\u660e\u3002<br \/>\n\u4e00\u65e6\u5b89\u88c5\u4e86\u4ee3\u7406\u7a0b\u5e8f\uff0c\u5c31\u4f1a\u81ea\u52a8\u5e94\u7528\u9ed8\u8ba4\u914d\u7f6e\uff0c\u7136\u540e\u53ef\u4ee5\u901a\u8fc7\u81ea\u5b9a\u4e49\u8def\u5f84\u7b49\u6765\u8fdb\u884c\u4e2a\u6027\u5316\u8bbe\u7f6e\uff0c\u6216\u8005\u81ea\u5df1\u7f16\u5199\u8bbe\u7f6e\u6765\u5904\u7406\u7279\u6b8a\u60c5\u51b5\u3002<br \/>\n\u901a\u8fc7\u6dfb\u52a0\u6807\u7b7e\uff0c\u53ef\u4ee5\u5728StackDriver\u7aef\u8fdb\u884c\u8fc7\u6ee4\u663e\u793a\u3002<\/p>\n<pre class=\"post-pre\"><code>$ sudo ls -l \/etc\/google-fluentd\/config.d\r\n\u5408\u8a08 112\r\n-rw-r-----. 1 root root  515  2\u6708 22 02:29 apache.conf\r\n-rw-r-----. 1 root root  624  2\u6708 22 02:29 cassandra.conf\r\n-rw-r-----. 1 root root 2471  2\u6708 22 02:29 chef.conf\r\n-rw-r-----. 1 root root  162  2\u6708 22 02:29 forward.conf\r\n-rw-r-----. 1 root root 1614  2\u6708 22 02:29 gitlab.conf\r\n-rw-r-----. 1 root root  238  2\u6708 22 02:29 jenkins.conf\r\n-rw-r-----. 1 root root  537  2\u6708 22 02:29 jetty.conf\r\n-rw-r-----. 1 root root  322  2\u6708 22 02:29 joomla.conf\r\n-rw-r-----. 1 root root  747  2\u6708 22 02:29 magento.conf\r\n-rw-r-----. 1 root root  368  2\u6708 22 02:29 mediawiki.conf\r\n-rw-r-----. 1 root root  167  2\u6708 22 02:29 memcached.conf\r\n-rw-r-----. 1 root root  163  2\u6708 22 02:29 mongodb.conf\r\n-rw-r-----. 1 root root  936  2\u6708 22 02:29 mysql.conf\r\n-rw-r-----. 1 root root  350  2\u6708 22 02:29 nginx.conf\r\n-rw-r-----. 1 root root  192  2\u6708 22 02:29 postgresql.conf\r\n-rw-r-----. 1 root root 5197  2\u6708 22 02:29 puppet-enterprise.conf\r\n-rw-r-----. 1 root root  485  2\u6708 22 02:29 puppet.conf\r\n-rw-r-----. 1 root root 1096  2\u6708 22 02:29 rabbitmq.conf\r\n-rw-r-----. 1 root root  177  2\u6708 22 02:29 redis.conf\r\n-rw-r-----. 1 root root  163  2\u6708 22 02:29 redmine.conf\r\n-rw-r-----. 1 root root  674  2\u6708 22 02:29 salt.conf\r\n-rw-r-----. 1 root root  154  2\u6708 22 02:29 solr.conf\r\n-rw-r-----. 1 root root  166  2\u6708 22 02:29 sugarcrm.conf\r\n-rw-r-----. 1 root root  273  2\u6708 22 02:30 syslog.conf\r\n-rw-r-----. 1 root root  271  2\u6708 22 02:29 syslog_endpoint.conf\r\n-rw-r-----. 1 root root  639  2\u6708 22 02:29 tomcat.conf\r\n-rw-r-----. 1 root root  373  2\u6708 22 02:29 zookeeper.conf\r\n$ sudo cat \/etc\/google-fluentd\/config.d\/syslog.conf\r\n&lt;source&gt;\r\n  @type tail\r\n\r\n  # Parse the timestamp, but still collect the entire line as 'message'\r\n  format \/^(?&lt;message&gt;(?&lt;time&gt;[^ ]*\\s*[^ ]* [^ ]*) .*)$\/\r\n\r\n  path \/var\/log\/messages\r\n  pos_file \/var\/lib\/google-fluentd\/pos\/syslog.pos\r\n  read_from_head true\r\n  tag syslog\r\n&lt;\/source&gt;\r\n<\/code><\/pre>\n<p>\u53ea\u662f\u6dfb\u52a0\u4e86\u4e0a\u8ff0\u4ee3\u7406\uff0c\u7136\u540e\u6ca1\u6709\u7279\u522b\u505a\u4ec0\u4e48\u3002\uff08\u4f46\u4f1a\u5728Web\u63a7\u5236\u53f0\u4e0a\u663e\u793a\u3002\u5982\u679cApache\u5212\u5206virtual host\u5e76\u66f4\u6539\u65e5\u5fd7\u6587\u4ef6\u540d\uff0c\u5219\u9700\u8981\u66f4\u6539\u8def\u5f84\u6216\u589e\u52a0\u6e90\u4ee3\u7801\u5757\u5e76\u542f\u52a8Google Fluentd\u4ee3\u7406\uff09<br \/>\n\u636e\u542c\u8bf4\uff0c\u4ece\u8d1f\u8f7d\u7684\u89d2\u5ea6\u6765\u770b\uff0c\u6700\u591a\u53ea\u80fd\u5904\u7406\u5927\u7ea6100\u53f0\u8bbe\u5907\uff0c\u6211\u6ca1\u6709\u8fdb\u884c\u8fc7\u6d4b\u8bd5\u3002<\/p>\n<p>\u603b\u4e4b\u5c31\u662f\u8fd9\u6837\u4e86\u3002<br \/>\n\u987a\u4fbf\u63d0\u4e00\u4e0b\uff0c\u76f8\u5f53\u4e8e CloudFormation \u7684\u4e1c\u897f\u53eb\u505a CloudDeploymentManager\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u56e0\u4e3a\u6211\u5e2e\u5fd9\u4e86\uff0c\u6240\u4ee5\u5148\u5199\u4e2a\u5907\u5fd8\u5f55\u3002\u4e0d\u5199\u4e0b\u6765\u5c31\u4f1a\u5fd8\u8bb0\u3002 \u6839\u636e\u60c5\u51b5\u4e0d\u540c\uff0c\u901a\u8fc7\u5728WEB\u63a7\u5236\u53f0\u754c\u9762\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5c31\u4f1a\u51fa\u73b0CL [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-50599","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u7b2c\u4e00\u6b21\u4f7f\u7528GCP - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/\u7b2c\u4e00\u6b21\u4f7f\u7528gcp\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP\" \/>\n<meta property=\"og:description\" content=\"\u56e0\u4e3a\u6211\u5e2e\u5fd9\u4e86\uff0c\u6240\u4ee5\u5148\u5199\u4e2a\u5907\u5fd8\u5f55\u3002\u4e0d\u5199\u4e0b\u6765\u5c31\u4f1a\u5fd8\u8bb0\u3002 \u6839\u636e\u60c5\u51b5\u4e0d\u540c\uff0c\u901a\u8fc7\u5728WEB\u63a7\u5236\u53f0\u754c\u9762\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5c31\u4f1a\u51fa\u73b0CL [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/\u7b2c\u4e00\u6b21\u4f7f\u7528gcp\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-02T00:58:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-30T04:17:47+00:00\" \/>\n<meta name=\"author\" content=\"\u6e05, \u626c\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u6e05, \u626c\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/\",\"name\":\"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-09-02T00:58:13+00:00\",\"dateModified\":\"2024-04-30T04:17:47+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461\",\"name\":\"\u6e05, \u626c\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g\",\"caption\":\"\u6e05, \u626c\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/\u7b2c\u4e00\u6b21\u4f7f\u7528gcp\/","og_locale":"zh_CN","og_type":"article","og_title":"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP","og_description":"\u56e0\u4e3a\u6211\u5e2e\u5fd9\u4e86\uff0c\u6240\u4ee5\u5148\u5199\u4e2a\u5907\u5fd8\u5f55\u3002\u4e0d\u5199\u4e0b\u6765\u5c31\u4f1a\u5fd8\u8bb0\u3002 \u6839\u636e\u60c5\u51b5\u4e0d\u540c\uff0c\u901a\u8fc7\u5728WEB\u63a7\u5236\u53f0\u754c\u9762\u8fdb\u884c\u8bbe\u7f6e\uff0c\u5c31\u4f1a\u51fa\u73b0CL [&hellip;]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/\u7b2c\u4e00\u6b21\u4f7f\u7528gcp\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-09-02T00:58:13+00:00","article_modified_time":"2024-04-30T04:17:47+00:00","author":"\u6e05, \u626c","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u6e05, \u626c","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"11 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/","name":"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-09-02T00:58:13+00:00","dateModified":"2024-04-30T04:17:47+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"\u7b2c\u4e00\u6b21\u4f7f\u7528GCP"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/cb5556d2501da73d864cac945e8d9461","name":"\u6e05, \u626c","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/32a4239de8ff29adace466261d309424a1e5fe9f7e3036bf89fe03f2e3dbe717?s=96&d=mm&r=g","caption":"\u6e05, \u626c"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/qingyang\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/%e7%ac%ac%e4%b8%80%e6%ac%a1%e4%bd%bf%e7%94%a8gcp\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/50599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=50599"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/50599\/revisions"}],"predecessor-version":[{"id":91867,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/50599\/revisions\/91867"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=50599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=50599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=50599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}