Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
Search
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
How-to & DIY
0
1.2k
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
AMIMOTOへの Let’s Encrypt の導入方法
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
Tweet
Share
More Decks by Amimoto - Flexible Cloud WordPress Hosting
See All by Amimoto - Flexible Cloud WordPress Hosting
[日本語] AMIMOTO-AMI Lineup
amimoto
0
150
EdgeCase - A speaker series by J2 Design
amimoto
0
350
Progress the system operation drastically with Cloud Automator — AMIMOTO side—
amimoto
0
180
[東京]Cloud_Automatorで攻めのシステム運用 AMIMOTO スタック編
amimoto
0
890
AMIMOTO Design Pattern + Server-less Architecture
amimoto
0
500
WooCommerce with Elasticsearch
amimoto
1
470
[日本語] WooCommerce with Elasticsearch
amimoto
0
250
Amazon CloudFront with AWS Certificate Manager
amimoto
0
210
WordPress with CloudFront + AMAZON RDS + S3
amimoto
1
700
Other Decks in How-to & DIY
See All in How-to & DIY
M5Stackを使ってSズキの魔改造モンスターマシンを作ってみた
syumme01
0
200
AWSコミュニティプログラムのご紹介 -グローバル展開するコミュニティプログラム-
awsjcpm
0
190
[電子工作]クリップモーターをつくろう
oriontakemura
0
260
JAWS-UG/AWSコミュニティ JAWS-UG おおいた
awsjcpm
2
2.8k
アイデアをカタチにする、イマジニア
haruka_imgr
0
150
MustをWillに変える技術 〜アイドル・郁田はるきが"すべき"の壁を超えるまで〜
subroh0508
0
660
ModuleLLM、最前線!
anoken
0
250
「無理」を「コントロール」するスキル / Skills to Control "Muri"
hageyahhoo
6
2.9k
RDKX3 ハンズオン資料 東京 D-Robotics 日本語
takasumasakazu
0
150
苦いビールを避ける冴えたやり方
watany
2
430
さらなるアウトプットに、Let's ライトニングトーク! ― LTのやり方
ma2shita
2
1.4k
バーチャルバナナとリアルバナナ #iotlt #TouchDesigner
n0bisuke2
0
170
Featured
See All Featured
How to Ace a Technical Interview
jacobian
279
23k
Producing Creativity
orderedlist
PRO
347
40k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Agile that works and the tools we love
rasmusluckow
330
21k
Facilitating Awesome Meetings
lara
55
6.5k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
A better future with KSS
kneath
239
17k
Scaling GitHub
holman
463
140k
Building Adaptive Systems
keathley
43
2.7k
The Art of Programming - Codeland 2020
erikaheidi
55
13k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Transcript
@Amimoto_Ami amimoto-ami.com AMIMOTO (HHVM) + SSLʢLet's Encryptʣ
SSL ূ໌ॻͱ
ূ໌ॻͷ༗ޮظݶ اۀͷॴࡏ ೝূہͷใ اۀ໊ SSL ূ໌ॻʹؚ·ΕΔใ
αΠτ͕SSL/TLS Λ͍ͬͯΔ͔Λݟ͚Δʹ
SSL CERTIFICATE Λ͏ϝϦοτ
HTTP/2 SEO ৴པੑ
SSL ূ໌ॻΛ Θͳ͍Ͱ͍Δ ͱ……
SSL ূ໌ॻͷ औಘɾઃఆํ๏
ෳυϝΠϯͷূ໌ॻ υϝΠϯຖʹূ໌ॻ ༗ྉͷ SSL ূ໌ॻ
ແྉͰࣗಈͰΦʔϓϯͳ SSL ূ໌ॻ
Ϩοπ Πϯετʔϧ Let’s Encrypt!
AWS ίϯιʔϧϩάΠϯ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
(HTTP/2) Next Generation Preview AMI Λϩʔϯν
ΠϯελϯεαΠζΛબ͠·͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ηΩϡϦςΟάϧʔϓ HTTPS(443) ΛՃ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
SSH ΞΫηεʹඞཁͳΩʔϖΞΛ࡞͠·͢
HTTP/2 Next Generation Preview AMI ͕ىಈத
Elastic IP Λىಈͨ͠ΠϯελϯεׂΓͯ·͢
ׂΓͯΔΠϯελϯεID Λબ
Elastic IP ͷׂΓͯྃ
EC2ΠϯελϯεʹElastic IP ͕දࣔ͞Ε·ͨ͠ɻ
࡞ͨ͠ΠϯελϯεSSH ͰΞΫηε͠·͢
WordPress ΛΠϯετʔϧ͠·͢ 1. SSH ͰαʔόΞΫηε: $ ssh -i ~/example.pem ec2-user@ΠϯελϯεͷIPΞυϨε
·ͨ $ ssh -i ~/example.pem
[email protected]
2. ύοέʔδΛ࠷৽൛ߋ৽: $ sudo yum update 3. WordPress ͷΠϯετʔϧ: $ sudo /usr/local/bin/wp-setup example.com
pip ͱ Let’s Encrypt ΛΠϯετʔϧ 4. Python ͷόʔδϣϯʹ߹͏ pip ͱvirtualenv
ΛΠϯετʔϧ: $ sudo yum install python27-pip python27-virtualenv augeas-libs dialog gcc libffi-devel openssl-devel system-rpm-config 5. Let’s Encrypt ΛΠϯετʔϧ: $ sudo virtualenv /opt/letsencrypt/ $ sudo /opt/letsencrypt/bin/pip install letsencrypt 6. ূ໌ॻΛ࡞: $ sudo /opt/letsencrypt/bin/letsencrypt certonly -t -d example.com - a webroot --webroot-path=/var/www/vhosts/example.com/ --rsa-key-size 2048 --server https://acme-v01.api.letsencrypt.org/directory 7. ظݶΕͷ͓ΒͤϦΧόϦ༻ͷϝʔϧΞυϨεΛઃఆ
pip ͱ Let’s encrypt ͷΠϯετʔϧ 8. nginx ͷઃఆϑΝΠϧΛίϐʔͯ͠ SSL ͚ʹϦωʔϜ͠·͢:
$ sudo cp /etc/nginx/conf.d/default-ssl.conf /etc/nginx/conf.d/ example.com-ssl.conf 9. ίϐʔͨ͠ઃఆϑΝΠϧ example.com-ssl.conf Λฤू͠·͢: $ sudo vi /etc/nginx/conf.d/example.com-ssl.conf
มߋޙͷ example.com-ssl.conf server { listen 443 ssl http2; server_name example.com;
root /var/www/vhosts/example.com; index index.html index.htm; charset utf-8; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AESGCM:HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
HTTP → HTTPS ͷϦμΠϨΫτઃఆ 10.example.com.conf ʹ HTTPS ͷϦμϨΫτઃఆΛ͠·͢: $ sudo
vi /etc/nginx/conf.d/example.com.conf server { listen 80; server_name example.com; root /var/www/vhosts/example.com; return 301 https://$host$request_uri; index index.html index.htm; charset utf-8; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
pip ͱ Let’s encrypt ͷΠϯετʔϧ 11.มߋ༰Λө͢ΔͨΊ nginx Λ࠶ىಈ͠·͢: $
sudo service nginx restart
SETUP YOUR WORDPRESS
Πϯελϯε ID Λೖྗͯ͠ WordPress ͷઃఆΛྃͤ͞·͠ΐ͏
http://amimoto-ami.com/slack/ Questions:
@Amimoto_Ami amimoto-ami.com THANK YOU! AMIMOTO (HHVM) + SSLʢLet's Encryptʣ