Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
Search
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
How-to & DIY
0
1.2k
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
AMIMOTOへの Let’s Encrypt の導入方法
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
Tweet
Share
More Decks by Amimoto - Flexible Cloud WordPress Hosting
See All by Amimoto - Flexible Cloud WordPress Hosting
[日本語] AMIMOTO-AMI Lineup
amimoto
0
150
EdgeCase - A speaker series by J2 Design
amimoto
0
350
Progress the system operation drastically with Cloud Automator — AMIMOTO side—
amimoto
0
180
[東京]Cloud_Automatorで攻めのシステム運用 AMIMOTO スタック編
amimoto
0
890
AMIMOTO Design Pattern + Server-less Architecture
amimoto
0
500
WooCommerce with Elasticsearch
amimoto
1
470
[日本語] WooCommerce with Elasticsearch
amimoto
0
250
Amazon CloudFront with AWS Certificate Manager
amimoto
0
210
WordPress with CloudFront + AMAZON RDS + S3
amimoto
1
700
Other Decks in How-to & DIY
See All in How-to & DIY
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.6k
新婚19年目から学ぶ夫婦円満の正しい歩き方 / Life is beautiful
soudai
PRO
12
4.7k
アイデアをカタチにする、イマジニア
haruka_imgr
0
150
miiboとamiibo繋げてみた。 #miibo #amiibo #iotlt
n0bisuke2
1
380
習慣化のコツ
kiyomaru
1
120
人を補助するAI ~AIとの壁打ちがきっかけになる~ #共創AIミートアップ
ishikiemo
0
460
人はなぜコミュニティとつながると幸せを感じるのか
448jp
3
310
さらなるアウトプットに、Let's ライトニングトーク! ― LTのやり方
ma2shita
2
1.4k
バッドプラクティスから学ぶハワイアン航空で行く re:Invent
kentosuzuki
0
360
CH32Vシリーズを楽しもう(74thの場合) / enjoy ch32v series
74th
1
1.1k
[電子工作]クリップモーターをつくろう
oriontakemura
0
280
グローバルAWSユーザー コミュニティとJAWS-UG - JAWS FESTA 2024 in Hiroshima
awsjcpm
0
4.8k
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
5.8k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
Being A Developer After 40
akosma
90
590k
Gamification - CAS2011
davidbonilla
81
5.4k
Scaling GitHub
holman
463
140k
A Modern Web Designer's Workflow
chriscoyier
696
190k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.6k
How to train your dragon (web standard)
notwaldorf
96
6.2k
[RailsConf 2023] Rails as a piece of cake
palkan
57
5.8k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
Code Reviewing Like a Champion
maltzj
525
40k
RailsConf 2023
tenderlove
30
1.2k
Transcript
@Amimoto_Ami amimoto-ami.com AMIMOTO (HHVM) + SSLʢLet's Encryptʣ
SSL ূ໌ॻͱ
ূ໌ॻͷ༗ޮظݶ اۀͷॴࡏ ೝূہͷใ اۀ໊ SSL ূ໌ॻʹؚ·ΕΔใ
αΠτ͕SSL/TLS Λ͍ͬͯΔ͔Λݟ͚Δʹ
SSL CERTIFICATE Λ͏ϝϦοτ
HTTP/2 SEO ৴པੑ
SSL ূ໌ॻΛ Θͳ͍Ͱ͍Δ ͱ……
SSL ূ໌ॻͷ औಘɾઃఆํ๏
ෳυϝΠϯͷূ໌ॻ υϝΠϯຖʹূ໌ॻ ༗ྉͷ SSL ূ໌ॻ
ແྉͰࣗಈͰΦʔϓϯͳ SSL ূ໌ॻ
Ϩοπ Πϯετʔϧ Let’s Encrypt!
AWS ίϯιʔϧϩάΠϯ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
(HTTP/2) Next Generation Preview AMI Λϩʔϯν
ΠϯελϯεαΠζΛબ͠·͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ηΩϡϦςΟάϧʔϓ HTTPS(443) ΛՃ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
SSH ΞΫηεʹඞཁͳΩʔϖΞΛ࡞͠·͢
HTTP/2 Next Generation Preview AMI ͕ىಈத
Elastic IP Λىಈͨ͠ΠϯελϯεׂΓͯ·͢
ׂΓͯΔΠϯελϯεID Λબ
Elastic IP ͷׂΓͯྃ
EC2ΠϯελϯεʹElastic IP ͕දࣔ͞Ε·ͨ͠ɻ
࡞ͨ͠ΠϯελϯεSSH ͰΞΫηε͠·͢
WordPress ΛΠϯετʔϧ͠·͢ 1. SSH ͰαʔόΞΫηε: $ ssh -i ~/example.pem ec2-user@ΠϯελϯεͷIPΞυϨε
·ͨ $ ssh -i ~/example.pem
[email protected]
2. ύοέʔδΛ࠷৽൛ߋ৽: $ sudo yum update 3. WordPress ͷΠϯετʔϧ: $ sudo /usr/local/bin/wp-setup example.com
pip ͱ Let’s Encrypt ΛΠϯετʔϧ 4. Python ͷόʔδϣϯʹ߹͏ pip ͱvirtualenv
ΛΠϯετʔϧ: $ sudo yum install python27-pip python27-virtualenv augeas-libs dialog gcc libffi-devel openssl-devel system-rpm-config 5. Let’s Encrypt ΛΠϯετʔϧ: $ sudo virtualenv /opt/letsencrypt/ $ sudo /opt/letsencrypt/bin/pip install letsencrypt 6. ূ໌ॻΛ࡞: $ sudo /opt/letsencrypt/bin/letsencrypt certonly -t -d example.com - a webroot --webroot-path=/var/www/vhosts/example.com/ --rsa-key-size 2048 --server https://acme-v01.api.letsencrypt.org/directory 7. ظݶΕͷ͓ΒͤϦΧόϦ༻ͷϝʔϧΞυϨεΛઃఆ
pip ͱ Let’s encrypt ͷΠϯετʔϧ 8. nginx ͷઃఆϑΝΠϧΛίϐʔͯ͠ SSL ͚ʹϦωʔϜ͠·͢:
$ sudo cp /etc/nginx/conf.d/default-ssl.conf /etc/nginx/conf.d/ example.com-ssl.conf 9. ίϐʔͨ͠ઃఆϑΝΠϧ example.com-ssl.conf Λฤू͠·͢: $ sudo vi /etc/nginx/conf.d/example.com-ssl.conf
มߋޙͷ example.com-ssl.conf server { listen 443 ssl http2; server_name example.com;
root /var/www/vhosts/example.com; index index.html index.htm; charset utf-8; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AESGCM:HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
HTTP → HTTPS ͷϦμΠϨΫτઃఆ 10.example.com.conf ʹ HTTPS ͷϦμϨΫτઃఆΛ͠·͢: $ sudo
vi /etc/nginx/conf.d/example.com.conf server { listen 80; server_name example.com; root /var/www/vhosts/example.com; return 301 https://$host$request_uri; index index.html index.htm; charset utf-8; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
pip ͱ Let’s encrypt ͷΠϯετʔϧ 11.มߋ༰Λө͢ΔͨΊ nginx Λ࠶ىಈ͠·͢: $
sudo service nginx restart
SETUP YOUR WORDPRESS
Πϯελϯε ID Λೖྗͯ͠ WordPress ͷઃఆΛྃͤ͞·͠ΐ͏
http://amimoto-ami.com/slack/ Questions:
@Amimoto_Ami amimoto-ami.com THANK YOU! AMIMOTO (HHVM) + SSLʢLet's Encryptʣ