Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
Search
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
How-to & DIY
0
1.2k
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
AMIMOTOへの Let’s Encrypt の導入方法
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
Tweet
Share
More Decks by Amimoto - Flexible Cloud WordPress Hosting
See All by Amimoto - Flexible Cloud WordPress Hosting
[日本語] AMIMOTO-AMI Lineup
amimoto
0
140
EdgeCase - A speaker series by J2 Design
amimoto
0
210
Progress the system operation drastically with Cloud Automator — AMIMOTO side—
amimoto
0
160
[東京]Cloud_Automatorで攻めのシステム運用 AMIMOTO スタック編
amimoto
0
790
AMIMOTO Design Pattern + Server-less Architecture
amimoto
0
470
WooCommerce with Elasticsearch
amimoto
1
440
[日本語] WooCommerce with Elasticsearch
amimoto
0
200
Amazon CloudFront with AWS Certificate Manager
amimoto
0
180
WordPress with CloudFront + AMAZON RDS + S3
amimoto
1
650
Other Decks in How-to & DIY
See All in How-to & DIY
衛星通信を使ってLチカしてみた #starlink #iotlt
n0bisuke2
0
350
田中 is a new HelloWorld
akichika
1
160
Terra Charge|EVコンセントご利用ガイドブック / Terra Charge EV Charger Guidebook
contents
0
340
FlutterとFirebaseを使い大学生活をチョロくしよう
gadgelogger
2
420
ITエンジニアにおすすめのゲームFactorio御紹介
zembutsu
PRO
1
590
面接で伸びしろを感じさせる方法 / How to make the interviewer feel like you have potential
uenitty
1
370
スプリントレビューは楽しすぎる件について.pdf
camel_404
0
110
担当アイドルを応援する傘を作ろう! (として失敗した話)
subroh0508
0
350
今こそスマートハウス!
runrunsan
0
3k
見極めと情報収集でスタートダッシュ_株式会社コミュカル 松岡 光隆
comucal
PRO
0
210
Last CoLab
yumechi
1
110
AWSのユーザーコミュニティプログラムのご紹介 (JAWS-UG札幌支部編)
awsjcpm
1
440
Featured
See All Featured
A Modern Web Designer's Workflow
chriscoyier
689
190k
Making Projects Easy
brettharned
108
5.5k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
1
3.4k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
30
6k
Designing with Data
zakiwarfel
95
4.8k
The Illustrated Children's Guide to Kubernetes
chrisshort
30
46k
Bootstrapping a Software Product
garrettdimon
PRO
301
110k
Navigating Team Friction
lara
177
13k
Designing Experiences People Love
moore
136
23k
Reflections from 52 weeks, 52 projects
jeffersonlam
344
19k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
How to name files
jennybc
64
93k
Transcript
@Amimoto_Ami amimoto-ami.com AMIMOTO (HHVM) + SSLʢLet's Encryptʣ
SSL ূ໌ॻͱ
ূ໌ॻͷ༗ޮظݶ اۀͷॴࡏ ೝূہͷใ اۀ໊ SSL ূ໌ॻʹؚ·ΕΔใ
αΠτ͕SSL/TLS Λ͍ͬͯΔ͔Λݟ͚Δʹ
SSL CERTIFICATE Λ͏ϝϦοτ
HTTP/2 SEO ৴པੑ
SSL ূ໌ॻΛ Θͳ͍Ͱ͍Δ ͱ……
SSL ূ໌ॻͷ औಘɾઃఆํ๏
ෳυϝΠϯͷূ໌ॻ υϝΠϯຖʹূ໌ॻ ༗ྉͷ SSL ূ໌ॻ
ແྉͰࣗಈͰΦʔϓϯͳ SSL ূ໌ॻ
Ϩοπ Πϯετʔϧ Let’s Encrypt!
AWS ίϯιʔϧϩάΠϯ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
(HTTP/2) Next Generation Preview AMI Λϩʔϯν
ΠϯελϯεαΠζΛબ͠·͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ηΩϡϦςΟάϧʔϓ HTTPS(443) ΛՃ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
SSH ΞΫηεʹඞཁͳΩʔϖΞΛ࡞͠·͢
HTTP/2 Next Generation Preview AMI ͕ىಈத
Elastic IP Λىಈͨ͠ΠϯελϯεׂΓͯ·͢
ׂΓͯΔΠϯελϯεID Λબ
Elastic IP ͷׂΓͯྃ
EC2ΠϯελϯεʹElastic IP ͕දࣔ͞Ε·ͨ͠ɻ
࡞ͨ͠ΠϯελϯεSSH ͰΞΫηε͠·͢
WordPress ΛΠϯετʔϧ͠·͢ 1. SSH ͰαʔόΞΫηε: $ ssh -i ~/example.pem ec2-user@ΠϯελϯεͷIPΞυϨε
·ͨ $ ssh -i ~/example.pem
[email protected]
2. ύοέʔδΛ࠷৽൛ߋ৽: $ sudo yum update 3. WordPress ͷΠϯετʔϧ: $ sudo /usr/local/bin/wp-setup example.com
pip ͱ Let’s Encrypt ΛΠϯετʔϧ 4. Python ͷόʔδϣϯʹ߹͏ pip ͱvirtualenv
ΛΠϯετʔϧ: $ sudo yum install python27-pip python27-virtualenv augeas-libs dialog gcc libffi-devel openssl-devel system-rpm-config 5. Let’s Encrypt ΛΠϯετʔϧ: $ sudo virtualenv /opt/letsencrypt/ $ sudo /opt/letsencrypt/bin/pip install letsencrypt 6. ূ໌ॻΛ࡞: $ sudo /opt/letsencrypt/bin/letsencrypt certonly -t -d example.com - a webroot --webroot-path=/var/www/vhosts/example.com/ --rsa-key-size 2048 --server https://acme-v01.api.letsencrypt.org/directory 7. ظݶΕͷ͓ΒͤϦΧόϦ༻ͷϝʔϧΞυϨεΛઃఆ
pip ͱ Let’s encrypt ͷΠϯετʔϧ 8. nginx ͷઃఆϑΝΠϧΛίϐʔͯ͠ SSL ͚ʹϦωʔϜ͠·͢:
$ sudo cp /etc/nginx/conf.d/default-ssl.conf /etc/nginx/conf.d/ example.com-ssl.conf 9. ίϐʔͨ͠ઃఆϑΝΠϧ example.com-ssl.conf Λฤू͠·͢: $ sudo vi /etc/nginx/conf.d/example.com-ssl.conf
มߋޙͷ example.com-ssl.conf server { listen 443 ssl http2; server_name example.com;
root /var/www/vhosts/example.com; index index.html index.htm; charset utf-8; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AESGCM:HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
HTTP → HTTPS ͷϦμΠϨΫτઃఆ 10.example.com.conf ʹ HTTPS ͷϦμϨΫτઃఆΛ͠·͢: $ sudo
vi /etc/nginx/conf.d/example.com.conf server { listen 80; server_name example.com; root /var/www/vhosts/example.com; return 301 https://$host$request_uri; index index.html index.htm; charset utf-8; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
pip ͱ Let’s encrypt ͷΠϯετʔϧ 11.มߋ༰Λө͢ΔͨΊ nginx Λ࠶ىಈ͠·͢: $
sudo service nginx restart
SETUP YOUR WORDPRESS
Πϯελϯε ID Λೖྗͯ͠ WordPress ͷઃఆΛྃͤ͞·͠ΐ͏
http://amimoto-ami.com/slack/ Questions:
@Amimoto_Ami amimoto-ami.com THANK YOU! AMIMOTO (HHVM) + SSLʢLet's Encryptʣ