Upgrade to Pro — share decks privately, control downloads, hide ads and more …

動的証明書読み込み ngx_mruby編 #hoscon / GMO HosCon 2016

Okumura Takahiro
October 29, 2016
Technology
10
3.3k

動的証明書読み込み ngx_mruby編 #hoscon / GMO HosCon 2016

"HosCon - GMO Hosting Conference - @渋谷" http://gmohoscon.connpass.com/event/41490/ の発表スライドです。10分 LT なのにだいぶ詰め込んでます。

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

【資料に登場したURLs】
SSL_CTX_set_cert_cb() の説明:
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_cert_cb.html

ngx_mruby で動的証明書読み込みをサポートした旨のツイート:
https://twitter.com/matsumotory/status/685341115814289408

ngx_mruby に mruby_ssl_handshake_handler を実装した:
http://blog.hifumi.info/2016/10/03/ngx_mruby-mruby_ssl_handshake_handler/

mruby のテスト用に MySQL 環境を自動で構築する mruby-test-mysqld を書いた
:
http://blog.hifumi.info/2016/09/06/mruby-test-mysqld/

How to test code with mruby:
http://www.slideshare.net/hsbt/20150525-testing-casualtalks

Okumura Takahiro

October 29, 2016
Tweet

More Decks by Okumura Takahiro

See All by Okumura Takahiro
Cookpad Lounge #4 SRE 座談会 SLI/SLO
hfm
0
580
あなたの知らない
データベースのロギングの世界 / logging queries
hfm
10
3k
MHAの次 / Next to MHA
hfm
2
2.1k
Dynamic certificate internals with ngx_mruby #nagoyark03
hfm
5
620
漂流する中の節目 / Career Keynote 2016 at GMO Pepabo
hfm
1
8.7k
Learning Configuration Management Tool / Itamae Meetup 2015
hfm
1
1.3k
Vagrant勉強会 at ペパボ (2014/2/27)
hfm
0
610

Other Decks in Technology

See All in Technology
2023-09-05_OCIJP_まれによくあるマルチクラウドでDB-AP分離構成のこと
hk_shino
2
190
四国クラウドお遍路_AWSアップデート2023
tsujiba
0
270
Oracle Cloud Infrastructure データベース・クラウド:各バージョンのサポート期間
oracle4engineer
PRO
6
4.1k
生成AIと著作権 〜生成AIによって生じる著作権関連の課題と対処
line_developers
PRO
2
690
アジャイルリーダークイズ王 2023 #scrummikawa / agile leader quiz king 2023
kyonmm
PRO
1
330
UIコンポーネントライブラリをうまく使うためにできること / components-with-designer
mottox2
4
2.1k
Azure OpenAI Service リファレンスアーキテクチャからみる本番システムレベルの LLM アプリに必要な検討項目の解説 / From Azure OpenAI Reference Architecture to Production-Ready LLM Apps #serverlessdays #serverlesstokyo
koudaiii
5
1.5k
R Not Only in Production
karawoo
0
220
動画配信サービスの 人気番組配信のスパイクアクセスに、 サーバレスキャッシュで立ち向かう
miu_crescent
1
560
Create the DTO System of your Dreams: stateOptions + entityClass
weaverryan
1
470
ドラッグ&ドロップを支える技術
takatsunobuhiro
0
130
Building smarter apps with machine learning, from magic to reality
picardparis
4
3.6k

Featured

See All Featured
Git: the NoSQL Database
bkeepers
PRO
420
61k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k
Pencils Down: Stop Designing & Start Developing
hursman
115
10k
Atom: Resistance is Futile
akmur
257
24k
Building Better People: How to give real-time feedback that sticks.
wjessup
349
18k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
No one is an island. Learnings from fostering a developers community.
thoeni
14
1.8k
Designing on Purpose - Digital PM Summit 2013
jponch
108
6.1k
Building an army of robots
kneath
300
41k
The Cost Of JavaScript in 2023
addyosmani
9
1.5k
Building Adaptive Systems
keathley
29
1.6k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
11
880

Transcript

  1. OHY@NSVCZฤ
    Ԟଜߊ߂(.01FQBCP *OD
    (.0)PTUJOH$POGFSFODF!ौ୩
    ಈతূ໌ॻಡΈࠐΈ

    View Slide

  2. ٕज़෦ΠϯϑϥάϧʔϓɾΤϯδχΞ
    Ԟଜߊ߂!IGN
    IUUQCMPHIJGVNJJOGP

    View Slide

  3. ࠓ೔͓࿩͢Δ͜ͱ
    w8FCαʔόͰେྔυϝΠϯͷূ໌ॻΛऔΓѻ
    ͏ࠔ೉
    wOHY@NSVCZΛ࢖ͬͨಈతূ໌ॻಡΈࠐΈ
    wಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    wςετΛ͢ΔͨΊʹ࡞ͬͨ΋ͷ

    View Slide

  4. 8FCαʔόͰେྔυϝΠϯͷূ໌
    ॻΛऔΓѻ͏ࠔ೉

    View Slide

  5. 8FCαʔόͰେྔυϝΠϯͷূ໌ॻΛऔΓѻ͏ࠔ೉
    wূ໌ॻΛಡΈࠐΉͨΊͷઃఆ͕௕େԽ͢Δ
    wϓϩηεͷϝϞϦ΋υϝΠϯ਺͚ͩංେԽ͢Δ
    wOHJOYͷ৔߹ɺສͷূ໌ॻΛಡΈࠐΉͱ໿
    .#΄Ͳʹ๲ΒΉ

    View Slide

  6. 44-@$59@TFU@DFSU@DC

    w0QFO44-Ͱ௥Ճ͞Εͨؔ਺
    wূ໌ॻͷཁٻλΠϛϯάͰίʔϧόοΫؔ਺Λ
    ݺ΂Δ
    w IUUQTXXXPQFOTTMPSHEPDTNBOTTM44-@$59@TFU@DFSU@DCIUNM

    View Slide

  7. 44-@$59@TFU@DFSU@DC

    w0QFO44-Ͱ௥Ճ͞Εͨؔ਺
    wূ໌ॻͷཁٻλΠϛϯάͰίʔϧόοΫؔ਺Λ
    ݺ΂Δ
    w IUUQTXXXPQFOTTMPSHEPDTNBOTTM44-@$59@TFU@DFSU@DCIUNM
    ಈతʹূ໌ॻΛಡΈࠐΉ
    ͨΊͷ؀ڥ͕੔͖ͬͯͨ

    View Slide

  8. IUUQTUXJUUFSDPNNBUTVNPUPSZTUBUVT

    View Slide

  9. IUUQTUXJUUFSDPNNBUTVNPUPSZTUBUVT
    OHY@NSVCZΛ࢖͑͹
    ಈతʹূ໌ॻΛಡΈࠐΊΔ

    View Slide

  10. OHY@NSVCZΛ࢖ͬͨಈతূ໌ॻ
    ಡΈࠐΈ

    View Slide

  11. NSVCZ@TTM@IBOETIBLF@IBOEMFS@DPEF
    mruby_ssl_handshake_handler_code '
    ssl = Nginx::SSL.new
    ssl.certificate = "/path/to/#{ssl.servername}.crt"
    ssl.certificate_key = "/path/to/#{ssl.servername}.key"
    ’;

    View Slide

  12. NSVCZ@TTM@IBOETIBLF@IBOEMFS@DPEFͷ՝୊
    mruby_ssl_handshake_handler_code '
    ssl = Nginx::SSL.new
    ssl.certificate = "/path/to/#{ssl.servername}.crt"
    ssl.certificate_key = "/path/to/#{ssl.servername}.key"
    ’;
    JOMJOFܗࣜͷσΟϨΫςΟϒ͸ίʔυ͕௕͘ͳΔͱಡΈͮΒ
    ͍͕ɺϑΝΠϧ͔ΒಡΈࠐΉσΟϨΫςΟϒ͸౰࣌ແ͔ͬͨɻ

    View Slide

  13. ࡞ͬͨ

    View Slide

  14. OHY@NSVCZʹ
    NSVCZ@TTM@IBOETIBLF@IBOEMFSΛ࣮૷ͨ͠
    IUUQCMPHIJGVNJJOGPOHY@NSVCZNSVCZ@TTM@IBOETIBLF@IBOEMFS

    View Slide

  15. NSVCZ@TTM@IBOETIBLF@IBOEMFS
    mruby_ssl_handshake_handler /path/to/handler.rb cache;
    # /path/to/handler.rb
    ssl = Nginx::SSL.new
    ssl.certificate = "/path/to/#{ssl.servername}.crt"
    ssl.certificate_key = "/path/to/#{ssl.servername}.key"
    NSVCZ@TTM@IBOETIBLF@IBOEMFS@DPEFͱಉ͡ػೳͰɺ

    QBUIUPIBOEMFSSCͷΑ͏ͳ֎෦ϑΝΠϧΛಡΈࠐΊΔ

    View Slide

  16. ଞʹ΋͍Ζ͍Ζͱύονૹͬͨ
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    ͋Μ·Γ਺ʹ͸ҙຯ͕ͳ͍͚Ͳ

    View Slide

  17. ͦ͏͜͏׆ಈͯͨ͠ΒQVTI
    ݖ΋Βͬͯϝϯςφʹɻ

    View Slide

  18. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯ
    ϑϥ

    View Slide

  19. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    wԿઍԿສͷূ໌ॻϑΝΠϧΛ؅ཧ͠ͳ͍ͱ͍͚
    ͳ͍
    wOHY@NSVCZΛಈ͔͢8FCαʔό͸୆ͱ͸ݶ
    Βͳ͍

    View Slide

  20. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    MC
    SFWFSTFQSPYZ
    OHY@NSVCZ

    BQQMJDBUJPO
    DBDIF
    SFEJT

    EC
    NZTRM

    ͍͍ͩͨ͜Μͳ
    งғؾʹͳΔ

    View Slide

  21. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    MC
    SFWFSTFQSPYZ
    OHY@NSVCZ

    BQQMJDBUJPO
    DBDIF
    SFEJT

    EC
    NZTRM

    5-44/*֦ுͰTFSWFS@OBNFΛड͚औΔ
    ͍͍ͩͨ͜Μͳ
    งғؾʹͳΔ

    View Slide

  22. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    MC
    SFWFSTFQSPYZ
    OHY@NSVCZ

    BQQMJDBUJPO
    DBDIF
    SFEJT

    EC
    NZTRM

    5-44/*֦ுͰTFSWFS@OBNFΛड͚औΔ
    ূ໌ॻͱ伴
    ͍͍ͩͨ͜Μͳ
    งғؾʹͳΔ

    View Slide

  23. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    MC
    SFWFSTFQSPYZ
    OHY@NSVCZ

    BQQMJDBUJPO
    DBDIF
    SFEJT

    EC
    NZTRM

    5-44/*֦ுͰTFSWFS@OBNFΛड͚औΔ
    ূ໌ॻͱ伴
    Bແ͚Ε͹EC͔Βऔಘ
    ͍͍ͩͨ͜Μͳ
    งғؾʹͳΔ

    View Slide

  24. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    MC
    SFWFSTFQSPYZ
    OHY@NSVCZ

    BQQMJDBUJPO
    DBDIF
    SFEJT

    EC
    NZTRM

    5-44/*֦ுͰTFSWFS@OBNFΛड͚औΔ
    ূ໌ॻͱ伴
    Bແ͚Ε͹EC͔Βऔಘ
    CΩϟογϡ
    ͍͍ͩͨ͜Μͳ
    งғؾʹͳΔ

    View Slide

  25. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    MC
    SFWFSTFQSPYZ
    OHY@NSVCZ

    BQQMJDBUJPO
    DBDIF
    SFEJT

    EC
    NZTRM

    5-44/*֦ுͰTFSWFS@OBNFΛड͚औΔ
    ূ໌ॻͱ伴
    Bແ͚Ε͹EC͔Βऔಘ
    CΩϟογϡ
    ͍͍ͩͨ͜Μͳ
    งғؾʹͳΔ
    ϓϩΩγ

    View Slide

  26. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
    MC
    SFWFSTFQSPYZ
    OHY@NSVCZ

    BQQMJDBUJPO
    DBDIF
    SFEJT

    EC
    NZTRM

    5-44/*֦ுͰTFSWFS@OBNFΛड͚औΔ
    ূ໌ॻͱ伴
    Bແ͚Ε͹EC͔Βऔಘ
    CΩϟογϡ
    ͍͍ͩͨ͜Μͳ
    งғؾʹͳΔ
    ϓϩΩγ
    ςετ΄͍͠

    View Slide

  27. ςετΛ͢ΔͨΊʹ࡞ͬͨ΋ͷ

    View Slide

  28. IGNNSVCZUFTUNZTRME
    w5FTUNZTRMEͷNSVCZҠ২൛
    wNSVCZͷςετ༻ʹ.Z42-؀ڥΛࣗಈͰߏங͢Δ
    NSVCZUFTUNZTRMEΛॻ͍ͨ

    IUUQCMPHIJGVNJJOGPNSVCZUFTUNZTRME

    View Slide

  29. IGNNSVCZJOJ
    w.Z42-΁ͷ઀ଓઃఆΛίʔυ͔Β෼཭͍ͨ͠
    wઃఆϑΝΠϧͱ͍͑͹*/*͔ͳͱࢥͬͨʢʁʣ
    w:".-ͷΑ͏ͳن͕֨ແ͍ʢ࡞Γ࢝Ί͔ͯΒ
    ஌ͬͨʣ
    wݱঢ়͸ʮ*/*ͬΆ͍ϑΝΠϧΛಡΊΔʯ

    View Slide

  30. IUUQXXXTMJEFTIBSFOFUITCUUFTUJOHDBTVBMUBMLT
    NSVCZͰॻ͍ͨϓϩμΫτͷςετͷॻ͖ํ

    View Slide

  31. ࠓ೔͓࿩ͨ͜͠ͱ
    OHY@NSVCZY0QFO44-Ͱಈతূ໌ॻͷಡΈࠐ
    Έ͕Ͱ͖Δͱ͍͏͜ͱ
    ಈతূ໌ॻಡΈࠐΈΛ࣮ݱ͢ΔͨΊͷΠϯϑϥͷߏ੒
    ςετ͢ΔͨΊʹࣗ࡞ͨ͠πʔϧ

    View Slide

  32. 044׆ಈ͸ָ͍͠ɻϏδωε΋େࣄɻ
    ཱ྆ग़དྷΔϖύϘ͸࠷ߴɻ
    ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU

    View Slide