Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
Search
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
How-to & DIY
0
1.2k
[日本語]AMIMOTO + SSL(Let’s Encrypt)= HTTP/2
AMIMOTOへの Let’s Encrypt の導入方法
Amimoto - Flexible Cloud WordPress Hosting
March 18, 2016
Tweet
Share
More Decks by Amimoto - Flexible Cloud WordPress Hosting
See All by Amimoto - Flexible Cloud WordPress Hosting
[日本語] AMIMOTO-AMI Lineup
amimoto
0
140
EdgeCase - A speaker series by J2 Design
amimoto
0
290
Progress the system operation drastically with Cloud Automator — AMIMOTO side—
amimoto
0
160
[東京]Cloud_Automatorで攻めのシステム運用 AMIMOTO スタック編
amimoto
0
840
AMIMOTO Design Pattern + Server-less Architecture
amimoto
0
480
WooCommerce with Elasticsearch
amimoto
1
440
[日本語] WooCommerce with Elasticsearch
amimoto
0
220
Amazon CloudFront with AWS Certificate Manager
amimoto
0
190
WordPress with CloudFront + AMAZON RDS + S3
amimoto
1
670
Other Decks in How-to & DIY
See All in How-to & DIY
さらなるアウトプットに、Let's ライトニングトーク! ― LTのやり方
ma2shita
2
660
静岡県のお相撲さん20240509/sumo_wrestler_from_shizuoka_prefecture_20240509
nicepapa_hirano
0
120
IoTカーテンオープナー
keicafeblack
0
310
それっぽいポッドキャストの作り方
khirata
2
280
JAWS-UGから学んだコミュニティの成功要因 (Success Factors)
awsjcpm
4
360
スカウト返信率を倍にするためにやったこと / 2024-01-29
tamago3keran
2
970
AWS Community Day 2024: Using AWS to build a launchable knowledge rocket 👉 Organize knowledge, accelerate learning and understand AI in the process
dwchiang
0
150
わたしと技術コミュニティとキャリア
kotomin_m
2
970
Learning from Firefighters
ksatirli
PRO
0
140
田中 is a new HelloWorld
akichika
1
260
Career Opportunities In WordPress
wchk2023
0
250
DroidKaigi 2024 - 海外就職というキャリアの選択肢
iyotetsuya
1
540
Featured
See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
59
3.6k
A Philosophy of Restraint
colly
203
16k
Optimizing for Happiness
mojombo
376
70k
Navigating Team Friction
lara
183
15k
BBQ
matthewcrist
85
9.4k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
365
25k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
230
52k
How to train your dragon (web standard)
notwaldorf
88
5.7k
Mobile First: as difficult as doing things right
swwweet
222
9k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
111
50k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
Transcript
@Amimoto_Ami amimoto-ami.com AMIMOTO (HHVM) + SSLʢLet's Encryptʣ
SSL ূ໌ॻͱ
ূ໌ॻͷ༗ޮظݶ اۀͷॴࡏ ೝূہͷใ اۀ໊ SSL ূ໌ॻʹؚ·ΕΔใ
αΠτ͕SSL/TLS Λ͍ͬͯΔ͔Λݟ͚Δʹ
SSL CERTIFICATE Λ͏ϝϦοτ
HTTP/2 SEO ৴པੑ
SSL ূ໌ॻΛ Θͳ͍Ͱ͍Δ ͱ……
SSL ূ໌ॻͷ औಘɾઃఆํ๏
ෳυϝΠϯͷূ໌ॻ υϝΠϯຖʹূ໌ॻ ༗ྉͷ SSL ূ໌ॻ
ແྉͰࣗಈͰΦʔϓϯͳ SSL ূ໌ॻ
Ϩοπ Πϯετʔϧ Let’s Encrypt!
AWS ίϯιʔϧϩάΠϯ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
(HTTP/2) Next Generation Preview AMI Λϩʔϯν
ΠϯελϯεαΠζΛબ͠·͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ΠϯελϯεͷઃఆσϑΥϧτͷ··ͰOKͰ͢
ηΩϡϦςΟάϧʔϓ HTTPS(443) ΛՃ͠·͢
EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢
SSH ΞΫηεʹඞཁͳΩʔϖΞΛ࡞͠·͢
HTTP/2 Next Generation Preview AMI ͕ىಈத
Elastic IP Λىಈͨ͠ΠϯελϯεׂΓͯ·͢
ׂΓͯΔΠϯελϯεID Λબ
Elastic IP ͷׂΓͯྃ
EC2ΠϯελϯεʹElastic IP ͕දࣔ͞Ε·ͨ͠ɻ
࡞ͨ͠ΠϯελϯεSSH ͰΞΫηε͠·͢
WordPress ΛΠϯετʔϧ͠·͢ 1. SSH ͰαʔόΞΫηε: $ ssh -i ~/example.pem ec2-user@ΠϯελϯεͷIPΞυϨε
·ͨ $ ssh -i ~/example.pem ec2-user@example.com 2. ύοέʔδΛ࠷৽൛ߋ৽: $ sudo yum update 3. WordPress ͷΠϯετʔϧ: $ sudo /usr/local/bin/wp-setup example.com
pip ͱ Let’s Encrypt ΛΠϯετʔϧ 4. Python ͷόʔδϣϯʹ߹͏ pip ͱvirtualenv
ΛΠϯετʔϧ: $ sudo yum install python27-pip python27-virtualenv augeas-libs dialog gcc libffi-devel openssl-devel system-rpm-config 5. Let’s Encrypt ΛΠϯετʔϧ: $ sudo virtualenv /opt/letsencrypt/ $ sudo /opt/letsencrypt/bin/pip install letsencrypt 6. ূ໌ॻΛ࡞: $ sudo /opt/letsencrypt/bin/letsencrypt certonly -t -d example.com - a webroot --webroot-path=/var/www/vhosts/example.com/ --rsa-key-size 2048 --server https://acme-v01.api.letsencrypt.org/directory 7. ظݶΕͷ͓ΒͤϦΧόϦ༻ͷϝʔϧΞυϨεΛઃఆ
pip ͱ Let’s encrypt ͷΠϯετʔϧ 8. nginx ͷઃఆϑΝΠϧΛίϐʔͯ͠ SSL ͚ʹϦωʔϜ͠·͢:
$ sudo cp /etc/nginx/conf.d/default-ssl.conf /etc/nginx/conf.d/ example.com-ssl.conf 9. ίϐʔͨ͠ઃఆϑΝΠϧ example.com-ssl.conf Λฤू͠·͢: $ sudo vi /etc/nginx/conf.d/example.com-ssl.conf
มߋޙͷ example.com-ssl.conf server { listen 443 ssl http2; server_name example.com;
root /var/www/vhosts/example.com; index index.html index.htm; charset utf-8; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AESGCM:HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
HTTP → HTTPS ͷϦμΠϨΫτઃఆ 10.example.com.conf ʹ HTTPS ͷϦμϨΫτઃఆΛ͠·͢: $ sudo
vi /etc/nginx/conf.d/example.com.conf server { listen 80; server_name example.com; root /var/www/vhosts/example.com; return 301 https://$host$request_uri; index index.html index.htm; charset utf-8; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;
pip ͱ Let’s encrypt ͷΠϯετʔϧ 11.มߋ༰Λө͢ΔͨΊ nginx Λ࠶ىಈ͠·͢: $
sudo service nginx restart
SETUP YOUR WORDPRESS
Πϯελϯε ID Λೖྗͯ͠ WordPress ͷઃఆΛྃͤ͞·͠ΐ͏
http://amimoto-ami.com/slack/ Questions:
@Amimoto_Ami amimoto-ami.com THANK YOU! AMIMOTO (HHVM) + SSLʢLet's Encryptʣ