3.初期設定（Raspberry Pi)

　初期設定

curl https://download.argon40.com/argon-eeprom.sh | bash

これはubuntsuでは無効

１。MVMEの設定最適化

これを行わないとハングアップする可能性がある

2.

EEPROM更新

sudo rpi-eeprom-update

sudo rpi-eeprom-update -a

sudo reboot

sudo apt install rpi-eeprom

sudo rpi-eeprom-update

sudo rpi-eeprom-update -a

sudo reboot

ブート順序確認

vcgencmd bootloader_config

sudo -E rpi-eeprom-config --edit

[all]

BOOT_UART=1

BOOT_ORDER=0xf416

PCIE_PROBE=1

NET_INSTALL_AT_POWER_ON=0

にする

② NVMe が認識されているか確認

lsblk

NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS

loop0         7:0    0  42.9M  1 loop /snap/snapd/24787

loop1         7:1    0  41.6M  1 loop /snap/snapd/25939

nvme0n1     259:0    0 476.9G  0 disk 

├─nvme0n1p1 259:1    0   512M  0 part /boot/firmware

└─nvme0n1p2 259:2    0 476.4G  0 part /

lspci | grep -i nvme

0000:01:00.0 Non-Volatile memory controller: MAXIO Technology (Hangzhou) Ltd. NVMe SSD Controller MAP1202 (DRAM-less) (rev 01)

③ Ubuntu 側の最適化

sudo nano /etc/fstab

LABEL=writable  /       ext4    defaults        0       1

LABEL=system-boot       /boot/firmware  vfat    defaults        0       1

変更する

LABEL=writable  /  ext4  defaults,noatime,commit=60  0  1

LABEL=system-boot  /boot/firmware  vfat  defaults,noatime  0  0

書いた後

sudo update-initramfs -u

sudo reboot

再起動後確認

 mount | grep ' / '

で下記表示

/dev/nvme0n1p2 on / type ext4 (rw,noatime,commit=60)

I/O scheduler

cat /sys/block/nvme0n1/queue/scheduler

下記表示

[none] mq-deadline

swap（zram推奨）

 sudo apt install zram-tools

確認：

swapon --show

表示

NAME       TYPE      SIZE USED PRIO

/dev/zram0 partition 256M   0B  100

✔ initramfs 更新忘れ注意

fstab 変更後：

sudo update-initramfs -u

電源不足チェック

vcgencmd get_throttled

下記表示でOK

throttled=0x0

NVMEの状態確認

① NVMe が正しく認識されているか

lsblk

下記表示

NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS

loop0         7:0    0  42.9M  1 loop /snap/snapd/24787

loop1         7:1    0  41.6M  1 loop /snap/snapd/25939

zram0       252:0    0   256M  0 disk [SWAP]

nvme0n1     259:0    0 476.9G  0 disk 

├─nvme0n1p1 259:1    0   512M  0 part /boot/firmware

└─nvme0n1p2 259:2    0 476.4G  0 part /

lsblk -f

NAME FSTYPE FSVER LABEL       UUID                                 FSAVAIL FSUSE% MOUNTPOINTS

loop0

     squash 4.0                                                          0   100% /snap/snapd/24787

loop1

     squash 4.0                                                          0   100% /snap/snapd/25939

zram0

                                                                                  [SWAP]

nvme0n1

├─nvme0n1p1

│    vfat   FAT32 system-boot 8AA8-96C7                             321.7M    36% /boot/firmware

└─nvme0n1p2

     ext4   1.0   writable    9276ecfd-6dd5-4e22-9a91-2afafd0a53a3  447.5G     1% /

② PCIe / NVMe として認識されているか

lspci | grep -i nvme

0000:01:00.0 Non-Volatile memory controller: MAXIO Technology (Hangzhou) Ltd. NVMe SSD Controller MAP1202 (DRAM-less) (rev 01)

③ SMART（健康状態）確認【重要】

sudo apt install nvme-cli

SMARTログ

sudo nvme smart-log /dev/nvme0

Smart Log for NVME device:nvme0 namespace-id:ffffffff

critical_warning			: 0

temperature				: 35 °C (308 K)

available_spare				: 100%

available_spare_threshold		: 10%

percentage_used				: 0%

endurance group critical warning summary: 0

Data Units Read				: 15606 (7.99 GB)

Data Units Written			: 23998 (12.29 GB)

host_read_commands			: 352766

host_write_commands			: 327655

controller_busy_time			: 0

power_cycles				: 10

power_on_hours				: 0

unsafe_shutdowns			: 2

media_errors				: 0

num_err_log_entries			: 0

Warning Temperature Time		: 0

Critical Composite Temperature Time	: 0

Temperature Sensor 1           : 35 °C (308 K)

Temperature Sensor 2           : 39 °C (312 K)

Thermal Management T1 Trans Count	: 0

Thermal Management T2 Trans Count	: 0

Thermal Management T1 Total Time	: 0

Thermal Management T2 Total Time	: 0

⑦ I/O 状態（詰まり確認）

iostat -xm 1

① 最低限の日本語化（文字が読めるようにする）

sudo apt update

sudo apt install language-pack-ja

locale

LANG=C.UTF-8

LANGUAGE=

LC_CTYPE="C.UTF-8"

LC_NUMERIC="C.UTF-8"

LC_TIME="C.UTF-8"

LC_COLLATE="C.UTF-8"

LC_MONETARY="C.UTF-8"

LC_MESSAGES="C.UTF-8"

LC_PAPER="C.UTF-8"

LC_NAME="C.UTF-8"

LC_ADDRESS="C.UTF-8"

LC_TELEPHONE="C.UTF-8"

LC_MEASUREMENT="C.UTF-8"

LC_IDENTIFICATION="C.UTF-8"

LC_ALL=

sudo update-locale LANG=ja_JP.UTF-8

② 日本語フォントの導入（最重要）

sudo apt install \

fonts-noto-cjk \

fonts-ipafont \

fonts-ipaexfont

フォント確認

sudo apt install fontconfig

postgre16インストール

sudo apt update

sudo apt install curl ca-certificates -y

curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgsql.asc

echo "deb http://apt.postgresql.org/pub/repos/apt noble-pgdg main" | sudo tee /etc/apt/sources.list.d/pgdg.list

sudo apt update

sudo apt install postgresql-16 -y

sudo systemctl start postgresql

sudo systemctl status postgresql

 postgresql.service - PostgreSQL RDBMS

     Loaded: loaded (/usr/lib/systemd/system/postgresql.service; enabled; prese>

     Active: active (exited) since Thu 2026-01-22 15:16:50 JST; 53s ago

   Main PID: 3003 (code=exited, status=0/SUCCESS)

        CPU: 1ms

 1月 22 15:16:50 TOYAMADC1 systemd[1]: Starting postgresql.service - PostgreSQL>

 1月 22 15:16:50 TOYAMADC1 systemd[1]: Finished postgresql.service - PostgreSQL>

lines 1-8/8 (END)

sudo -u postgres psql

CREATE USER toyamadcadmin WITH PASSWORD 'asahitoyama';

CREATE DATABASE toyamadc_db OWNER toyamadcadmin ENCODING 'UTF8';

GRANT ALL PRIVILEGES ON DATABASE toyamadc_db TO toyamadcadmin;

\q

sudo ufw allow 5432/tcp

sudo nano /etc/postgresql/16/main/postgresql.conf

listen_addresses = '*'

sudo nano /etc/postgresql/16/main/pg_hba.conf

host    all    all    0.0.0.0/0    md5

sudo systemctl restart postgresql

NGINXインストール

NGINXインストール

sudo apt update

sudo apt install nginx -y

sudo systemctl start nginx

sudo systemctl enable nginx

sudo systemctl status nginx

⭐【NGINX の設定ファイル位置】

内容                     パス

メイン設定            /etc/nginx/nginx.conf

サイト設定            /etc/nginx/sites-available/

有効化されている設定    /etc/nginx/sites-enabled/

ZABIX7.0 LTSインストール

sudo -s

wget https://repo.zabbix.com/zabbix/7.0/ubuntu-arm64/pool/main/z/zabbix-release/zabbix-release_latest_7.0+ubuntu24.04_all.deb

dpkg -i zabbix-release_latest_7.0+ubuntu24.04_all.deb

apt update

apt install zabbix-server-pgsql zabbix-frontend-php php8.3-pgsql zabbix-nginx-conf zabbix-sql-scripts zabbix-agent

sudo -u postgres createuser --pwprompt zabbix

password:asahitoyama

sudo -u postgres createdb -O zabbix zabbix

zcat /usr/share/zabbix-sql-scripts/postgresql/server.sql.gz | sudo -u zabbix psql zabbix

sudo nano /etc/zabbix/zabbix_server.conf

DBPassword=asahitoyama

sudo nano /etc/zabbix/nginx.conf

listen 8080;

server_name toyamadc.com;

systemctl restart zabbix-server zabbix-agent nginx php8.3-fpm

systemctl enable zabbix-server zabbix-agent nginx php8.3-fpm

sudo nano /etc/nginx/sites-available/zabbix

server {

    listen          80;

    server_name     _;

    root    /usr/share/zabbix;

    index   index.php;

    location = /favicon.ico {

        log_not_found   off;

    }

    location / {

        # ここが 404 の原因になりやすい → index.php にフォールバック

        try_files $uri $uri/ /index.php?$query_string;

    }

    location /assets {

        access_log      off;

        expires         10d;

    }

    location ~ /\.ht {

        deny            all;

    }

    location ~ /(api\/|conf[^\.]|include|locale) {

        deny            all;

        return          404;

    }

    location /vendor {

        deny            all;

        return          404;

    }

    # PHP 実行部分（ソケットは /run/php 下に合わせる）

    location ~ \.php$ {

        include         fastcgi_params;

        fastcgi_pass    unix:/run/php/zabbix.sock;

        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;

        fastcgi_param   DOCUMENT_ROOT   $document_root;

        fastcgi_intercept_errors        on;

        fastcgi_ignore_client_abort     off;

        fastcgi_connect_timeout         60;

        fastcgi_send_timeout            180;

        fastcgi_read_timeout            180;

        fastcgi_buffer_size             128k;

        fastcgi_buffers                 4 256k;

        fastcgi_busy_buffers_size       256k;

        fastcgi_temp_file_write_size    256k;

    }

}

#ZABBIXを起動して確認

http://XXX.XXX.XXX.XXX:8080

User Admin

Password Zabbix

Kea DHCP  → IP配布

Bind DNS  → DDNS

FreeRADIUS → 802.1X / VLAN制御

Step-CA → 証明書発行

#DHCP

sudo apt update

sudo apt install kea-dhcp4-server kea-ctrl-agent kea-common -y

#VLAN定義

sudo nano /etc/netplan/00-installer-config.yaml

network:

  version: 2

  ethernets:

    eth0:

      dhcp4: no

  vlans:

    vlan1:   { id: 1,   link: eth0, addresses: [172.16.1.250/24] }

    vlan100: { id: 100, link: eth0, addresses: [192.168.10.250/24] }

    vlan2:   { id: 2,   link: eth0, addresses: [172.16.2.250/24] }

    vlan3:   { id: 3,   link: eth0, addresses: [172.16.3.250/24] }

    vlan4:   { id: 4,   link: eth0, addresses: [172.16.4.250/24] }

    vlan5:   { id: 5,   link: eth0, addresses: [172.16.5.250/24] }

    vlan6:   { id: 6,   link: eth0, addresses: [172.16.6.250/24] }

    vlan7:   { id: 7,   link: eth0, addresses: [172.16.7.250/24] }

    vlan8:   { id: 8,   link: eth0, addresses: [172.16.8.250/24] }

    vlan9:   { id: 9,   link: eth0, addresses: [172.16.9.250/24] }

    vlan10:  { id: 10,  link: eth0, addresses: [172.16.10.250/24] }

    vlan11:  { id: 11,  link: eth0, addresses: [172.16.11.250/24] }

    vlan186: { id: 186, link: eth0, addresses: [192.168.186.250/24] }

DHCPサーバ接続ポート：

格納

TRUNK

allowed vlan 1,2,3,4,5,6,7,8,9,10,11,100m,186

sudo nano /etc/kea/kea-dhcp4.conf

{

  "Dhcp4": {

    "interfaces-config": {

      "interfaces": [

        "vlan1","vlan100","vlan2","vlan3","vlan4",

        "vlan5","vlan6","vlan7","vlan8","vlan9",

        "vlan10","vlan11","vlan186"

      ]

    },

    "subnet4": [

      	{"subnet": "172.16.1.0/24",  "interface": "vlan1",

        "pools":[{"pool":"172.16.1.200-172.16.1.250"}],

        "option-data":[{"name":"routers","data":"172.16.1.1"}],

  	"reservations": [

    	{

	"hw-address": "f4:d5:80:24:a7:36",

     	"ip-address": "172.16.2.10",

      	"hostname": "SWX2310-ToyamaDC"

 	},

    	{

      	"hw-address": "f4:d5:80:17:dc:d6",

      	"ip-address": "172.16.2.14",

      	"hostname": "SWX2310P-1T-1"

    	},

	{

        "hw-address": "f4:d5:80:24:a9:3c",

        "ip-address": "172.16.2.10",

        "hostname": "SWX2310_Office"

        },

      	{

        "hw-address": "f4:d5:80:32:99:80",

        "ip-address": "172.16.2.20",

        "hostname": "WO0101"

        },

        {

        "hw-addess":  "f4:d5:80:32:a1:d8",

        "ip-address": "172.16.2.21",

        "hostname": "WO0102"

        }

  	]

      },

      { "subnet": "192.168.10.0/24","interface":"vlan100",

        "pools":[{"pool":"192.168.10.100-192.168.10.200"}],

        "option-data":[{"name":"routers","data":"192.168.10.1"}] },

      { "subnet": "172.16.2.0/24", "interface":"vlan2",

        "pools":[{"pool":"172.16.2.2-172.16.2.100"}],

        "option-data":[{"name":"routers","data":"172.16.2.1"}] },

      { "subnet": "172.16.3.0/24", "interface":"vlan3",

        "pools":[{"pool":"172.16.3.2-172.16.3.50"}],

        "option-data":[{"name":"routers","data":"172.16.3.1"}] },

      { "subnet": "172.16.4.0/24", "interface":"vlan4",

        "pools":[{"pool":"172.16.4.2-172.16.4.50"}],

        "option-data":[{"name":"routers","data":"172.16.4.1"}] },

      { "subnet": "172.16.5.0/24", "interface":"vlan5",

        "pools":[{"pool":"172.16.5.2-172.16.5.100"}],

        "option-data":[{"name":"routers","data":"172.16.5.1"}] }

      { "subnet": "172.16.6.0/24", "interface":"vlan6",

        "pools":[{"pool":"172.16.6.2-172.16.6.100"}],

        "option-data":[{"name":"routers","data":"172.16.6.1"}] },

      { "subnet": "172.16.7.0/24", "interface":"vlan7",

        "pools":[{"pool":"172.16.7.2-172.16.7.50"}],

        "option-data":[{"name":"routers","data":"172.16.7.1"}] },

      { "subnet": "172.16.8.0/24", "interface":"vlan8",

        "pools":[{"pool":"172.16.8.2-172.16.8.50"}],

        "option-data":[{"name":"routers","data":"172.16.8.1"}] },

      { "subnet": "172.16.9.0/24", "interface":"vlan9",

        "pools":[{"pool":"172.16.9.2-172.16.9.100"}],

        "option-data":[{"name":"routers","data":"172.16.9.1"}]

      { "subnet": "172.16.10.0/24", "interface":"vlan10",

        "pools":[{"pool":"172.16.10.2-172.16.10.50"}],

        "option-data":[{"name":"routers","data":"172.16.7.1"}] },

      { "subnet": "172.16.11.0/24", "interface":"vlan11",

        "pools":[{"pool":"172.16.11.2-172.16.11.50"}],

        "option-data":[{"name":"routers","data":"172.16.8.1"}] },

      { "subnet": "192.168.186.0/24", "interface":"vlan186",

        "pools":[{"pool":"192.168.186.2-192.168.186.100"}],

        "option-data":[{"name":"routers","data":"192.168.186.1"}] 

    ]

  }

}

書き込み後、下記コマンド

sudo systemctl restart kea-dhcp4-server

#DNS(BIND9)インストール

sudo apt update

sudo apt install bind9 bind9-utils bind9-dnsutils -y

systemctl status bind9

sudo nano /etc/bind/named.conf.options

options {

	directory "/var/cache/bind";

    	recursion yes;

    	allow-query { any; };

    	listen-on { 127.0.0.1; 172.16.1.10; };

    	forwarders {

        	8.8.8.8;

        	1.1.1.1;

   	 };

    dnssec-validation auto;

};

Django　インストール

sudo apt update

sudo apt install python3-pip python3-venv python3-dev -y

mkdir ~/toyamadc

cd toyamadc

python3 -m venv .venv

source .venv/bin/activate

pip install --upgrade pip

pip install django

python -m django --version

django-admin startproject config .

sudo apt install libpq-dev -y

pip install psycopg2-binary

cd config

nano settings.py

DATABASES = {

    'default': {

        'ENGINE': 'django.db.backends.postgresql',

        'NAME': 'toyamadc_db',

        'USER': 'toyamadcadmin',

        'PASSWORD': 'asahitoyama',

        'HOST': '127.0.0.1',

        'PORT': '5432',

    }

}

cd ..

python manage.py migrate

python manage.py createsuperuser

Username (leave blank to use 'toyamadc'): 

Email address: admin@asahilogisatics.co.jp

Password: asahitoyama

Password (again): 

Superuser created successfully.

pip install gunicorn

sudo nano /etc/systemd/system/gunicorn.service

[Unit]

Description=gunicorn daemon for Django

After=network.target

[Service]

User=toyamadc

Group=www-data

WorkingDirectory=/home/toyamadc

ExecStart=/home/toyamadc/.venv/bin/gunicorn --access-logfile - --workers 3 --bind unix:/run/gunicorn.sock config.wsgi:application

[Install]

WantedBy=multi-user.target

sudo nano /etc/nginx/sites-available/django

server {

    listen 80 default_server;

    server_name _;

    # ==========================

    # 1. Django (ルート "/")

    # ==========================

    location /static/ {

        alias /home/toyamadc/static/;

    }

    location / {

        include proxy_params;

        proxy_pass http://unix:/run/gunicorn.sock;

    }

    # ==========================

    # 2. Zabbix ("/zabbix" 以下)

    # ==========================

    # /zabbix/ → /usr/share/zabbix/index.php

    location /zabbix {

        root /usr/share;

        index index.php;

    }

    # PHP 実行部分

    location ~ ^/zabbix/.+\.php$ {

        root /usr/share;

        fastcgi_pass unix:/run/php/zabbix.sock;

        include fastcgi_params;

        # ここがポイント：root と SCRIPT_FILENAME を揃える

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        fastcgi_param DOCUMENT_ROOT   $document_root;

        fastcgi_intercept_errors        on;

        fastcgi_ignore_client_abort     off;

        fastcgi_connect_timeout         60;

        fastcgi_send_timeout            180;

        fastcgi_read_timeout            180;

        fastcgi_buffer_size             128k;

        fastcgi_buffers                 4 256k;

        fastcgi_busy_buffers_size       256k;

        fastcgi_temp_file_write_size    256k;

    }

    # 触らせたくないもの

    location ~ ^/zabbix/(api\/|conf[^\.]|include|locale) {

        deny all;

        return 404;

    }

    location ~ ^/zabbix/vendor/ {

        deny all;

        return 404;

    }

    location ~ /\.ht {

        deny all;

    }

}

sudo ln -s /etc/nginx/sites-available/django /etc/nginx/sites-enabled/

sudo nginx -t

.ssh/config

Host toyama-django

    HostName 192.168.200.111

    User toyamadc

    IdentityFile /Users/mizunuma/.ssh/id_ed25519

    IdentitiesOnly yes

    PreferredAuthentications publickey

swap増加sudo rm /swapfile

sudo fallocate -l 8G /swapfile

sudo chmod 600 /swapfile

sudo mkswap /swapfile

sudo swapon /swapfile

sudo nano /etc/fstab

/swapfile none swap sw 0 0

sudo swapoff -a

radiusインストール

sudo apt update

sudo apt upgrade -y

sudo apt install freeradius freeradius-utils -y

sudo systemctl enable freeradius

sudo systemctl start freeradius

sudo systemctl status freeradius

証明書作成->

sudo apt update

sudo apt install isc-dhcp-server -y

sudo nano /etc/default/isc-dhcp-server

NTERFACESv4="eth0"

INTERFACESv6=""

sudo nano /etc/dhcp/dhcpd.conf

option domain-name "local";

option domain-name-servers 8.8.8.8, 1.1.1.1;

default-lease-time 600;

max-lease-time 7200;

authoritative;

subnet 192.168.10.0 netmask 255.255.255.0 {

    range 192.168.10.100 192.168.10.200;

    option routers 192.168.10.1;

    option broadcast-address 192.168.10.255;

}

sudo nano /etc/netplan/00-installer-config.yaml

network:

  version: 2

  ethernets:

    eth0:

      addresses: [192.168.10.1/24]

      gateway4: 192.168.10.1

      nameservers:

        addresses: [8.8.8.8,1.1.1.1]

sudo netplan apply

DHCP サーバを起動

sudo systemctl restart isc-dhcp-server

sudo systemctl enable isc-dhcp-server

状態確認：

sudo systemctl status isc-dhcp-server

エラーチェック

sudo journalctl -u isc-dhcp-server -f