[日本語]AMIMOTO + SSL（Let’s Encrypt）= HTTP/2

Transcript

1. @Amimoto_Ami amimoto-ami.com AMIMOTO (HHVM) + SSLʢLet's Encryptʣ

2. SSL ূ໌ॻͱ͸

3. ূ໌ॻͷ༗ޮظݶ اۀͷॴࡏ஍ ೝূہͷ৘ใ اۀ໊ SSL ূ໌ॻʹؚ·ΕΔ৘ใ

4. αΠτ͕SSL/TLS Λ࢖͍ͬͯΔ͔Λݟ෼͚Δʹ͸

5. SSL CERTIFICATE Λ࢖͏ϝϦοτ

6. HTTP/2 SEO ৴པੑ

7. SSL ূ໌ॻΛ ࢖Θͳ͍Ͱ͍Δ ͱ……

8. SSL ূ໌ॻͷ औಘɾઃఆํ๏

9. ෳ਺υϝΠϯͷূ໌ॻ υϝΠϯຖʹূ໌ॻ ༗ྉͷ SSL ূ໌ॻ

10. ແྉͰࣗಈͰΦʔϓϯͳ SSL ূ໌ॻ

11. Ϩοπ 
 Πϯετʔϧ
 Let’s Encrypt!

12. AWS ίϯιʔϧ΁ϩάΠϯ͠·͢

13. Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢

14. Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢

15. Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢

16. EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

17. EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

18. EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

19. EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

20. (HTTP/2) Next Generation Preview AMI Λϩʔϯν

21. ΠϯελϯεαΠζΛબ୒͠·͢

22. Πϯελϯεͷઃఆ͸σϑΥϧτͷ··ͰOKͰ͢

23. Πϯελϯεͷઃఆ͸σϑΥϧτͷ··ͰOKͰ͢

24. Πϯελϯεͷઃఆ͸σϑΥϧτͷ··ͰOKͰ͢

25. ηΩϡϦςΟάϧʔϓ΁ HTTPS(443) Λ௥Ճ͠·͢

26. EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

27. SSH ΞΫηεʹඞཁͳΩʔϖΞΛ࡞੒͠·͢

28. HTTP/2 Next Generation Preview AMI ͕ىಈத

29. Elastic IP Λىಈͨ͠Πϯελϯε΁ׂΓ౰ͯ·͢

30. ׂΓ౰ͯΔΠϯελϯεID Λબ୒

31. Elastic IP ͷׂΓ౰ͯ׬ྃ

32. EC2ΠϯελϯεʹElastic IP ͕දࣔ͞Ε·ͨ͠ɻ

33. ࡞੒ͨ͠Πϯελϯε΁SSH ͰΞΫηε͠·͢

34. WordPress ΛΠϯετʔϧ͠·͢ 1. SSH Ͱαʔό΁ΞΫηε:
 $ ssh -i ~/example.pem ec2-user@ΠϯελϯεͷIPΞυϨε


    ·ͨ͸
 $ ssh -i ~/example.pem [email protected]
 2. ύοέʔδΛ࠷৽൛΁ߋ৽:
 $ sudo yum update
 3. WordPress ͷΠϯετʔϧ: 
 $ sudo /usr/local/bin/wp-setup example.com

35. pip ͱ Let’s Encrypt ΛΠϯετʔϧ 4. Python ͷόʔδϣϯʹ߹͏ pip ͱvirtualenv

    ΛΠϯετʔϧ:
 
 $ sudo yum install python27-pip python27-virtualenv augeas-libs dialog gcc libffi-devel openssl-devel system-rpm-config
 5. Let’s Encrypt ΛΠϯετʔϧ:
 $ sudo virtualenv /opt/letsencrypt/
 $ sudo /opt/letsencrypt/bin/pip install letsencrypt
 6. ূ໌ॻΛ࡞੒:
 $ sudo /opt/letsencrypt/bin/letsencrypt certonly -t -d example.com - a webroot --webroot-path=/var/www/vhosts/example.com/ --rsa-key-size 2048 --server https://acme-v01.api.letsencrypt.org/directory
 7. ظݶ੾Εͷ͓஌Βͤ΍ϦΧόϦ༻ͷϝʔϧΞυϨεΛઃఆ

36. pip ͱ Let’s encrypt ͷΠϯετʔϧ 8. nginx ͷઃఆϑΝΠϧΛίϐʔͯ͠ SSL ޲͚ʹϦωʔϜ͠·͢:


    $ sudo cp /etc/nginx/conf.d/default-ssl.conf /etc/nginx/conf.d/ example.com-ssl.conf
 
 9. ίϐʔͨ͠ઃఆϑΝΠϧ example.com-ssl.conf Λฤू͠·͢:
 $ sudo vi /etc/nginx/conf.d/example.com-ssl.conf


37. มߋޙͷ example.com-ssl.conf server { listen 443 ssl http2; server_name example.com;

    root /var/www/vhosts/example.com; index index.html index.htm; charset utf-8; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AESGCM:HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;

38. HTTP → HTTPS ΁ͷϦμΠϨΫτઃఆ 10.example.com.conf ʹ HTTPS ΁ͷϦμϨΫτઃఆΛ͠·͢: $ sudo

    vi /etc/nginx/conf.d/example.com.conf server { listen 80; server_name example.com; root /var/www/vhosts/example.com; return 301 https://$host$request_uri; index index.html index.htm; charset utf-8; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;


39. pip ͱ Let’s encrypt ͷΠϯετʔϧ 11.มߋ಺༰Λ൓ө͢ΔͨΊ nginx Λ࠶ىಈ͠·͢:
 
 $

    sudo service nginx restart

40. SETUP YOUR WORDPRESS

41. Πϯελϯε ID Λೖྗͯ͠ WordPress ͷઃఆΛ׬ྃͤ͞·͠ΐ͏

42. http://amimoto-ami.com/slack/ Questions:

43. @Amimoto_Ami amimoto-ami.com THANK YOU! AMIMOTO (HHVM) + SSLʢLet's Encryptʣ