From 64e90bb8e2e9784306af3b1af48ace92e68a4272 Mon Sep 17 00:00:00 2001
From: krasi <i@tkrasilnikov.ru>
Date: Fri, 15 Nov 2024 15:12:23 +0300
Subject: [PATCH] =?UTF-8?q?=D0=97=D0=B0=D0=B3=D1=80=D1=83=D0=B7=D0=B8?=
 =?UTF-8?q?=D1=82=D1=8C=20=D1=84=D0=B0=D0=B9=D0=BB=D1=8B=20=D0=B2=20=C2=AB?=
 =?UTF-8?q?src/content/blog=C2=BB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...τ�ﾑひｰﾐｽﾐｾﾐｲﾐｺﾐｰ ﾐｸ ﾐｽﾐｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ.md | 299 ++++++++++++++++++
 1 file changed, 299 insertions(+)
 create mode 100644 src/content/blog/Django server ﾑτ�ﾑひｰﾐｽﾐｾﾐｲﾐｺﾐｰ ﾐｸ ﾐｽﾐｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ.md

diff --git a/src/content/blog/Django server ﾑτ�ﾑひｰﾐｽﾐｾﾐｲﾐｺﾐｰ ﾐｸ ﾐｽﾐｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ.md b/src/content/blog/Django server ﾑτ�ﾑひｰﾐｽﾐｾﾐｲﾐｺﾐｰ ﾐｸ ﾐｽﾐｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ.md
new file mode 100644
index 0000000..2fee82e
--- /dev/null
+++ b/src/content/blog/Django server ﾑτ�ﾑひｰﾐｽﾐｾﾐｲﾐｺﾐｰ ﾐｸ ﾐｽﾐｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ.md	
@@ -0,0 +1,299 @@
+## ﾐ�ﾐｰﾐｱﾐｾﾑ�ﾐｸﾐｵ ﾐｺﾐｾﾐｴﾑ� 
+
+```sh
+sudo apt-get install -y zsh wget build-essential tree redis-server nginx zlib1g-dev libbz2-dev libreadline-dev llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev liblzma-dev python3-dev python3-pip python3-venv python3-pil python3-lxml libxslt-dev python3-libxml2 libffi-dev libssl-dev python3-dev gnumeric libsqlite3-dev libpq-dev libxml2-dev libxslt1-dev libjpeg-dev libfreetype6-dev libcurl4-openssl-dev libgdbm-dev libc6-dev supervisor
+```
+ﾐ｣ﾑ�ﾑひｰﾐｽﾐｰﾐｲﾐｻﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｸ ﾐｲﾐｺﾐｻﾑ紗�ﾐｰﾐｵﾐｼ ﾐｿﾐｾ ﾑσｼﾐｾﾐｻﾑ�ﾐｰﾐｽﾐｸﾑ� `Oh-my-zsh`
+```sh
+sh -c "$(curl -fsSL https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh)"
+zsh
+chsh -s $(which zsh)
+sudo chsh -s $(which zsh)
+```
+ﾐ｣ﾑ�ﾑひｰﾐｽﾐｰﾐｲﾐｻﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｸ ﾐｲﾐｺﾐｻﾑ紗�ﾐｰﾐｵﾐｼ ﾐｿﾐｾ ﾑσｼﾐｾﾐｻﾑ�ﾐｰﾐｽﾐｸﾑ� `neofetch`
+```sh
+# ﾐ渙ｵﾑ�ﾐｲﾑ巾ｹ ﾐｷﾐｰﾐｿﾑτ�ﾐｺ ﾐｴﾐｻﾑ� ﾑ�ﾐｾﾐｷﾐｴﾐｰﾐｽﾐｸﾑ� ~/.config/neofetch/config.conf
+neofetch
+# ﾐ頒ｰﾐｻﾐｵﾐｵ ﾐｴﾐｾﾐｱﾐｰﾐｲﾐｻﾑ紹ｵﾐｼ ﾐｲ .bashrc ﾐｲ ﾑ�ﾐｰﾐｼﾑ巾ｹ ﾐｺﾐｾﾐｽﾐｵﾑ� ﾑ�ﾐｰﾐｹﾐｻﾐｰ
+echo "neofetch" >> ~/.zshrc
+# ﾐ頒ｰﾐｻﾐｵﾐｵ ﾐｸﾐｴﾐｵﾐｼ ﾑ�ﾐｵﾐｴﾐｰﾐｺﾑひｸﾑ�ﾐｾﾐｲﾐｰﾑび� ﾐｺﾐｾﾐｽﾑ�ﾐｸﾐｳ
+nano ~/.config/neofetch/config.conf
+```
+[ﾐ斷ｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ ﾐｾﾐｿﾐｸﾑ�ﾐｰﾐｽﾐｰ ﾐｲﾐｾﾑ� ﾐｲ ﾑ采ひｾﾐｹ ﾑ�ﾑひｰﾑび糊ｵ](https://xn----7sbabksvrfvnenyr4r.xn--p1ai/blog/09-graylog/#:~:text=cmd%20%2D%2Dreload-,%D0%9D%D0%B0%D1%81%D1%82%D0%BE%D0%B9%D0%BA%D0%B0%20neofetch,-%23%20%D0%9F%D0%B5%D1%80%D0%B2%D1%8B%D0%B9%20%D0%B7%D0%B0%D0%BF%D1%83%D1%81%D0%BA%20%D0%B4%D0%BB%D1%8F)
+ﾐ�ﾐｵﾐｴﾐｰﾐｺﾑひｸﾑ�ﾑσｵﾐｼ ﾑ�ﾐｾﾐｾﾐｱﾑ禍ｵﾐｽﾐｸﾐｵ ﾐｿﾑ�ﾐｸﾐｲﾐｵﾑび�ﾑひｲﾐｸﾑ�
+```sh
+sudo nano /etc/motd
+```
+## ﾐ頒ｾﾐｱﾐｰﾐｲﾐｻﾑ紹ｵﾐｼ ﾐｱﾐｵﾐｺﾑ災ｽﾐｴ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑ�
+ﾐ湲�ﾐｸﾑ�ﾑびσｿﾐｰﾐｵﾐｼ ﾐｺ ﾑτ�ﾑひｰﾐｽﾐｾﾐｲﾐｺﾐｸ ﾐｲﾐｸﾑ�ﾑびσｰﾐｻﾑ糊ｽﾐｾﾐｳﾐｾ ﾐｾﾐｺﾑ�ﾑσｶﾐｵﾐｽﾐｸﾑ�
+```sh
+python3 -m venv env
+source env/bin/activate
+pip install django
+```
+ﾐ｡ﾐｾﾐｷﾐｴﾐｰﾐｵﾐｼ ﾐｺﾐｰﾑひｰﾐｻﾐｾﾐｳ
+```sh 
+mkdir /var/www/project
+# ﾐｴﾐｰﾐｵﾐｼ ﾐｿﾑ�ﾐｰﾐｲﾐｰ ﾐｽﾐｰ ﾐｳﾑ�ﾑσｿﾐｿﾑ�
+sudo chown -R root:users /var/www/project
+sudo chmod 775 /var/www/project
+cd /var/www/project
+```
+ﾐ｡ﾐｺﾐｰﾑ�ﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｽﾑσｶﾐｽﾑτ� ﾐｲﾐｵﾑ�ﾑ�ﾐｸﾑ� python ﾐｸ ﾑ�ﾐｰﾐｷﾐｲﾐｾﾑ�ﾐｰﾑ�ﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｵﾑ�
+```sh
+wget https://www.python.org/ftp/python/3.11.10/Python-3.11.10.tgz ; \
+tar xvf Python-3.11.* ; \
+cd Python-3.11.10 ; \
+mkdir ~/.python ; \
+./configure --enable-optimizations --prefix=/home/<username>/.python ; \
+make -j8 ; \
+sudo make altinstall
+###
+sudo /home/<username>/.python/bin/python3.11 -m pip install -U pip
+```
+ﾐ�ﾐｰﾐｷﾐｲﾐｾﾑ�ﾐｰﾑ�ﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｲﾐｸﾑ�ﾑびσｰﾐｻﾑ糊ｽﾑτ� ﾑ�ﾑ�ﾐｵﾐｴﾑ� ﾐｸ ﾐｾﾐｱﾐｽﾐｾﾐｲﾐｻﾑ紹ｵﾐｼ ﾐｵﾐｳﾐｾ
+```sh
+/home/<username>/.python/bin/python3 -m venv env
+source env/bin/activate
+git clone https://github.com/Project1.git
+pip install -U pip
+pip install -r requirements.txt
+```
+ﾐ｡ﾐｾﾐｷﾐｴﾐｰﾑ岱ｼ ﾑ�ﾐｲﾑ紹ｷﾑ� ﾑ� ﾐ岱�
+```shell
+python.exe manage.py makemigrations accounts media main articles todos tenants teams properties goods documentsflow contracts techfeatures histories comments editors functionaldiagram
+python manage.py migrate
+python manage.py createsuperuser
+### ﾐ｣ﾐｶﾐｵ ﾐｼﾐｾﾐｶﾐｵﾐｼ ﾐｿﾑ�ﾐｾﾐｲﾐｵﾑ�ﾐｸﾑび� ﾑ�ﾑひｰﾑ�ﾑ� ﾐｿﾑ�ﾐｸﾐｻﾐｾﾐｶﾐｵﾐｽﾐｸﾑ�
+python manage.py runserver 0.0.0.0:8000
+```
+ﾐ頒ｾﾐｱﾐｰﾐｲﾐｻﾑ紹ｵﾐｼ ﾐｴﾐｾﾑ�ﾑびσｿ ﾐｺ ﾐｿﾐｾﾑ�ﾑ� ﾐｵﾑ�ﾐｻﾐｸ ﾐｵﾑ�ﾑび� ﾑ�ﾐｰﾐｵﾑ�ﾐｲﾐｾﾐｻ
+```sh
+sudo firewall-cmd --permanent --add-port=8000/tcp
+sudo firewall-cmd --permanent --add-port=8001/tcp
+sudo firewall-cmd --permanent --add-service=https
+sudo firewall-cmd --permanent --add-service=http
+sudo firewall-cmd --reload
+```
+ﾐ｣ﾑ�ﾑひｰﾐｽﾐｰﾐｲﾐｻﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｸ ﾐｽﾐｰﾑ�ﾑび�ﾐｰﾐｸﾐｲﾐｰﾐｵﾐｼ `gunicorn`
+ﾐ旃σｶﾐｽﾐｾ ﾑ�ﾐｾﾐｷﾐｴﾐｰﾑび� 2 ﾑ�ﾐｰﾐｹﾐｻﾐｰ ﾐｾﾐｴﾐｸﾐｽ ﾐｲ ﾐｴﾐｸﾑ�ﾐｵﾐｺﾑひｾﾑ�ﾐｸﾐｸ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑひｰ, ﾐｲﾑひｾﾑ�ﾐｾﾐｹ ﾐｽﾐｰ ﾑτ�ﾐｾﾐｲﾐｽﾐｵ env
+ﾐ渙ｵﾑ�ﾐｲﾑ巾ｹ ﾑ�ﾐｰﾐｹﾐｻ `/var/www/project1/gunicorn_config.py`
+```python
+command = '/var/www/env/bin/gunicorn'
+pythonpath = '/var/www/project1'
+bind = '127.0.0.1:8001'
+workers = 5
+user = '<username>'
+limit_request_fields = 32000
+limit_request_field_size = 0
+raw_env = 'DJANGO_SETTINGS_MODULE=project1.settings'
+```
+ﾐ柘ひｾﾑ�ﾐｾﾐｹ ﾑ�ﾐｰﾐｹﾐｻ
+```sh
+#!/bin/bash
+source /var/www/env/bin/activate
+source /var/www/env/bin/postactivate
+exec gunicorn -c "/var/www/project1/gunicorn_config.py" project1.wsgi
+```
+ﾐ頒ｵﾐｻﾐｰﾐｵﾐｼ ﾑ�ﾐｰﾐｹﾐｻ ﾐｸﾑ�ﾐｿﾐｾﾐｻﾐｽﾑ紹ｵﾐｼﾑ巾ｼ
+```sh
+chmod +x gunicorn_start.sh
+```
+ﾐ｣ﾑ�ﾑひｰﾐｽﾐｰﾐｲﾐｻﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｸ ﾐｽﾐｰﾑ�ﾑび�ﾐｰﾐｸﾐｲﾐｰﾐｵﾐｼ `supervisior`
+ﾐ｡ﾐｾﾐｷﾐｴﾐｰﾐｵﾐｼ ﾑ�ﾐｰﾐｹﾐｻ ﾐｺﾐｾﾐｽﾑ�ﾐｸﾐｳﾑτ�ﾐｰﾑ�ﾐｸﾐｸ `/etc/supervisior/conf.d/project1.conf`
+```sh
+[program:project1_gunicorn]
+command=/var/www/gunicorn_start.sh
+user=<username>
+process_name=%(program_name)s
+numprocs=1
+autostart=true
+autorestart=true
+redirect_stderr=true
+```
+ﾐ頒ｰﾐｻﾐｵﾐｵ ﾐｽﾐｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ nginx  `/etc/nginx/sites-available/default`
+```sh
+server {
+    server_name example.com;
+    # ﾐ榧ｿﾑひｸﾐｼﾐｸﾐｷﾐｰﾑ�ﾐｸﾑ� SSL
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
+    # HTTP ﾐｷﾐｰﾐｳﾐｾﾐｻﾐｾﾐｲﾐｺﾐｸ ﾐｴﾐｻﾑ� ﾐｱﾐｵﾐｷﾐｾﾐｿﾐｰﾑ�ﾐｽﾐｾﾑ�ﾑひｸ
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options DENY;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    # ﾐ樮�ﾐｽﾐｾﾐｲﾐｽﾐｾﾐｹ ﾐｺﾐｾﾑ�ﾐｽﾐｵﾐｲﾐｾﾐｹ ﾐｺﾐｰﾑひｰﾐｻﾐｾﾐｳ
+    root /var/www/html;
+    index index.html index.htm index.nginx-debian.html;
+    # ﾐ湲�ﾐｾﾐｺﾑ�ﾐｸ ﾐｴﾐｻﾑ� backend
+    location / {
+        proxy_pass http://127.0.0.1:8001;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
+        # ﾐ｣ﾐｱﾐｵﾐｴﾐｸﾑひｵﾑ�ﾑ�, ﾑ�ﾑひｾ ﾐｲﾐｰﾐｼ ﾐｴﾐｵﾐｹﾑ�ﾑひｲﾐｸﾑひｵﾐｻﾑ糊ｽﾐｾ ﾐｽﾑσｶﾐｽﾐｾ ﾑ�ﾐｰﾐｷﾑ�ﾐｵﾑ威ｸﾑび� ﾐｴﾐｾﾑ�ﾑびσｿ ﾑ� ﾐｻﾑ社ｱﾐｾﾐｳﾐｾ ﾐｴﾐｾﾐｼﾐｵﾐｽﾐｰ
+        add_header Access-Control-Allow-Origin *;
+    }
+    # ﾐ榧ｱﾑ�ﾐｰﾐｱﾐｾﾑひｺﾐｰ ﾐｼﾐｵﾐｴﾐｸﾐｰ ﾑ�ﾐｰﾐｹﾐｻﾐｾﾐｲ
+    location /media/ {
+        alias /var/www/project1/media/;
+        expires max;
+        access_log on;
+    }
+    # ﾐ嶢ｾﾐｳﾐｸ
+    error_log /var/log/nginx/backend-error.log;
+    access_log /var/log/nginx/backend-access.log;
+    # ﾐ慴ｰﾐｺﾑ�ﾐｸﾐｼﾐｰﾐｻﾑ糊ｽﾑ巾ｹ ﾑ�ﾐｰﾐｷﾐｼﾐｵﾑ� ﾐｷﾐｰﾐｳﾑ�ﾑσｶﾐｰﾐｵﾐｼﾐｾﾐｳﾐｾ ﾑ�ﾐｰﾐｹﾐｻﾐｰ
+    client_max_body_size 100M;
+    # ﾐ厘ｰﾑ禍ｸﾑひｰ ﾐｾﾑ� ﾐｼﾐｵﾐｴﾐｻﾐｵﾐｽﾐｽﾑ錦� ﾐｰﾑひｰﾐｺ (slowloris)
+    client_body_timeout 10s;
+    client_header_timeout 10s;
+    #send_timeout 10s;
+    keepalive_timeout 65;
+}
+# ﾐ�ﾐｵﾐｴﾐｸﾑ�ﾐｵﾐｺﾑ� ﾑ� HTTP ﾐｽﾐｰ HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name example.com;
+    return 301 https://$host$request_uri;
+}
+```
+ﾐ頒ｰﾐｻﾐｵﾐｵ ﾐｿﾐｵﾑ�ﾐｵﾐｷﾐｰﾐｳﾑ�ﾑσｶﾐｰﾐｵﾐｼ nginx
+```sh
+sudo service nginx restart
+```
+ﾐ頒ｰﾐｻﾐｵﾐｵ ﾐｴﾐｻﾑ� ﾐｺﾐｾﾑ�ﾑ�ﾐｵﾐｺﾑひｽﾐｾﾐｹ ﾑ�ﾐｰﾐｱﾐｾﾑび� ﾐｽﾑσｶﾐｽﾐｾ ﾑτ�ﾑひｰﾐｽﾐｾﾐｲﾐｸﾑび� ﾑ�ﾐｵﾑ�ﾑひｸﾑ�ﾐｸﾐｺﾐｰﾑ� LetsEncrypt ssl, ﾑτ�ﾑひｰﾐｽﾐｾﾐｲﾐｺﾐｰ ﾐｱﾑσｴﾐｵﾑ� ﾑ� ﾐｿﾐｾﾐｼﾐｾﾑ禾袴� `certbot`
+[ﾐ侑ｽﾑ�ﾑび�ﾑσｺﾑ�ﾐｸﾑ� ﾑ� ﾐｾﾑ�ﾐｸﾑ�ﾐｸﾐｰﾐｻﾑ糊ｽﾐｾﾐｳﾐｾ ﾑ�ﾐｰﾐｹﾑひｰ]([ﾐ侑ｽﾑ�ﾑび�ﾑσｺﾑ�ﾐｸﾐｸ Certbot | Certbot](https://certbot.eff.org/instructions?ws=nginx&os=pip))
+```sh
+sudo apt update
+sudo apt install python3 python3-venv libaugeas0
+sudo /home/<username>/.python/bin/python3 -m venv /opt/certbot/
+sudo /opt/certbot/bin/pip install --upgrade pip
+sudo /opt/certbot/bin/pip install certbot certbot-nginx
+sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot
+sudo certbot --nginx
+```
+ﾐ頒ｰﾐｻﾐｵﾐｵ ﾐｾﾑひｲﾐｵﾑ�ﾐｰﾐｵﾐｼ ﾐｽﾐｰ ﾐｲﾑ�ﾐｵ ﾐｲﾐｾﾐｿﾑ�ﾐｾﾑ�ﾑ�, ﾐｲﾐｾﾑ� ﾑ�ﾐｿﾐｸﾑ�ﾐｾﾐｺ ﾐｾﾑ�ﾐｾﾐｱﾐｾ ﾐｸﾐｽﾑひｵﾑ�ﾐｵﾑ�ﾐｽﾑ錦�
+ﾐ頒ｾﾐｱﾐｰﾐｲﾐｻﾑ紹ｵﾐｼ ﾐｰﾐｲﾑひｾ ﾐｿﾐｵﾑ�ﾐｵﾐｲﾑ巾ｿﾑτ�ﾐｺ ﾑ�ﾐｵﾑ�ﾑひｸﾑ�ﾐｸﾐｺﾐｰﾑひｰ 
+```
+echo "0 0,12 * * * root /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo certbot renew -q" | sudo tee -a /etc/crontab > /dev/null
+```
+## ﾐｴﾐｾﾐｱﾐｰﾐｲﾐｻﾑ紹ｵﾐｼ ﾑ�ﾑ�ﾐｾﾐｽﾑひｵﾐｽﾐｴ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑ�
+```sh
+git clone https://github.com/Project2.git
+cd project2
+```
+ﾐ｣ﾑ�ﾑひｰﾐｽﾐｰﾐｲﾐｻﾐｸﾐｲﾐｰﾐｵﾐｼ `npm`
+```sh
+sudo apt install -y npm
+```
+ﾐ｣ﾑ�ﾑひｰﾐｽﾐｰﾐｲﾐｻﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｱﾐｸﾐｱﾐｻﾐｸﾐｾﾑひｵﾐｺﾐｸ ﾐｸﾐｷ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑひｰ
+```sh
+npm install
+```
+ﾐ｡ﾑひｰﾑ�ﾑびσｵﾐｼ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑ� ﾐｲ ﾑ�ﾐｵﾐｶﾐｸﾐｼﾐｵ ﾑ�ﾐｰﾐｷﾑ�ﾐｰﾐｱﾐｾﾑび�ﾐｸﾐｺﾐｰ
+```sh
+npm run dev
+```
+ﾐ� ﾐｾﾐｿﾑ肖び� ﾐｲﾐｾﾐｷﾐｲﾑ�ﾐｰﾑ禍ｰﾐｵﾐｼﾑ�ﾑ� ﾐｺ ﾑ威ｰﾐｳﾑ� ﾐｴﾐｾﾐｱﾐｰﾐｲﾐｻﾐｵﾐｽﾐｸﾑ� ﾐｿﾐｾﾑ�ﾑひｰ ﾐｲ ﾑ�ﾐｰﾐｵﾑ�ﾐｲﾐｾﾐｻ
+```sh
+sudo firewall-cmd --permanent --add-port=8002/tcp
+sudo firewall-cmd --reload
+```
+ﾐ｡ﾐｾﾐｷﾐｴﾐｰﾐｵﾐｼ ﾐｽﾐｾﾐｲﾑ巾ｹ ﾑ�ﾐｰﾐｹﾐｻ ﾐｺﾐｾﾐｽﾑ�ﾐｸﾐｳﾑτ�ﾐｰﾑ�ﾐｸﾐｸ ﾐｴﾐｻﾑ� nginx
+ `/etc/nginx/sites-available/example`
+```sh
+server {
+    listen 443;
+    server_name example2.com;
+    charset utf-8;
+
+    # ﾐ榧ｿﾑひｸﾐｼﾐｸﾐｷﾐｰﾑ�ﾐｸﾑ� SSL
+    #ssl_session_cache shared:SSL:10m;
+    #ssl_session_timeout 10m;
+    #ssl_protocols TLSv1.2 TLSv1.3;
+    #ssl_prefer_server_ciphers on;
+    #ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
+
+    # HTTP headers ﾐｴﾐｻﾑ� ﾐｱﾐｵﾐｷﾐｾﾐｿﾐｰﾑ�ﾐｽﾐｾﾑ�ﾑひｸ
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options DENY;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+
+    }
+    # ﾐ榧ｱﾑ�ﾐｰﾐｱﾐｾﾑひｺﾐｰ ﾐｷﾐｰﾐｿﾑ�ﾐｾﾑ�ﾐｾﾐｲ
+    location / {
+        proxy_pass http://127.0.0.1:8002;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_cache_bypass $http_upgrade;
+
+        # ﾐ厘ｰﾑ禍ｸﾑひｰ ﾐｾﾑ� ﾐｼﾐｵﾐｴﾐｻﾐｵﾐｽﾐｽﾑ錦� ﾐｰﾑひｰﾐｺ (slowloris)
+        client_body_timeout 10s;
+        #client_header_timeout 10s;
+        send_timeout 10s;
+    }
+    
+    # ﾐ嶢ｾﾐｳﾐｸ
+    error_log  /var/log/nginx/frontend-error.log;
+    access_log /var/log/nginx/frontend-access.log;
+
+    # ﾐ慴ｰﾐｺﾑ�ﾐｸﾐｼﾐｰﾐｻﾑ糊ｽﾑ巾ｹ ﾑ�ﾐｰﾐｷﾐｼﾐｵﾑ� ﾐｷﾐｰﾐｳﾑ�ﾑσｶﾐｰﾐｵﾐｼﾐｾﾐｳﾐｾ ﾑ�ﾐｰﾐｹﾐｻﾐｰ (ﾐｽﾐｰﾐｿﾑ�ﾐｸﾐｼﾐｵﾑ�, 100MB)
+    client_max_body_size 100M;
+
+    # ﾐ厘ｰﾑ禍ｸﾑひｰ ﾐｾﾑ� ﾑ�ﾐｻﾐｸﾑ威ｺﾐｾﾐｼ ﾐｴﾐｾﾐｻﾐｳﾐｸﾑ� ﾑ�ﾐｾﾐｵﾐｴﾐｸﾐｽﾐｵﾐｽﾐｸﾐｹ
+    keepalive_timeout 65;
+}
+
+# ﾐ�ﾐｵﾐｴﾐｸﾑ�ﾐｵﾐｺﾑ� ﾑ� HTTP ﾐｽﾐｰ HTTPS
+server {
+    listen 80;
+    server_name example2.com;
+    return 301 https://$host$request_uri;
+}
+
+```
+ﾐ頒ｰﾐｻﾐｵﾐｵ ﾐｾﾐｿﾑ�ﾐｵﾐｴﾐｵﾐｻﾑ紹ｵﾐｼ ﾐｾﾐｱﾐｰ ﾑ�ﾐｰﾐｹﾐｻﾐｰ ﾐｽﾐｰﾑ�ﾑび�ﾐｾﾐｹﾐｺﾐｰ nginx
+```sh
+sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
+sudo ln -s /etc/nginx/sites-available/sample.org /etc/nginx/sites-enabled/sample.org
+sudo nginx -t && sudo nginx -s reload
+# ﾐ頒ｾﾐｱﾐｰﾐｲﾐｻﾑ紹ｵﾐｼ ﾑ�ﾐｵﾑ�ﾑひｸﾑ�ﾐｸﾐｺﾐｰﾑ� ﾐｽﾐｰ ﾐｽﾐｾﾐｲﾑ巾ｹ ﾐｴﾐｾﾐｼﾐｵﾐｽ
+sudo certbot --nginx
+```
+ﾐ｣ﾑ�ﾑひｰﾐｽﾐｰﾐｲﾐｻﾐｸﾐｲﾐｰﾐｵﾐｼ ﾐｿﾑ�ﾐｸﾐｻﾐｾﾐｶﾐｵﾐｽﾐｸﾑ� ﾐｴﾐｻﾑ� ﾐｿﾐｾﾑ�ﾑひｾﾐｹﾐｽﾐｾﾐｳﾐｾ ﾐｾﾐｱﾐｽﾐｾﾐｲﾐｻﾐｵﾐｽﾐｸﾑ� pm2 
+```sh
+sudo npm i pm2 -g
+```
+ﾐ｡ﾐｾﾐｷﾐｴﾐｰﾐｵﾐｼ ﾑ�ﾐｰﾐｹﾐｻ ﾐｺﾐｾﾐｽﾑ�ﾐｸﾐｳﾑτ�ﾐｰﾑ�ﾐｸﾐｸ ﾐｲﾐｼﾐｵﾑ�ﾑひｵ ﾑ� ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑひｾﾐｼ 
+```js
+module.exports = {
+  apps: [
+    {
+      name: 'project2',
+      port: '8002',
+      exec_mode: 'cluster',
+      instances: 'max',
+      script: './project2/.output/server/index.mjs'
+    }
+  ]
+}
+```
+ﾐｧﾑひｾ ﾐｱﾑ� ﾐｿﾐｾﾑ�ﾐｻﾐｵ ﾐｿﾐｵﾑ�ﾐｵﾐｷﾐｰﾐｳﾑ�ﾑσｷﾐｺﾐｸ ﾐｿﾑ�ﾐｾﾐｵﾐｺﾑ� ﾑ�ﾐｰﾐｼ ﾐｲﾐｺﾐｻﾑ紗�ﾐｰﾐｻﾑ�ﾑ� ﾐｽﾑσｶﾐｽﾐｾ ﾐｴﾐｾﾐｱﾐｰﾐｲﾐｸﾑび� ﾐｺﾐｾﾐｼﾐｰﾐｽﾐｴﾑ�
+```sh
+pm2 startup
+```
+