動的証明書読み込み ngx_mruby編 #hoscon / GMO HosCon 2016

Transcript

1. OHY@NSVCZฤ Ԟଜߊ߂
   
   (.0
   1FQBCP
   *OD
   
   (.0
   )PTUJOH
   $POGFSFODF
   !ौ୩ ಈతূ໌ॻಡΈࠐΈ

2. ٕज़෦ΠϯϑϥάϧʔϓɾΤϯδχΞ Ԟଜߊ߂
   !IGN IUUQCMPHIJGVNJJOGP

3. ࠓ೔͓࿩͢Δ͜ͱ w8FCαʔόͰେྔυϝΠϯͷূ໌ॻΛऔΓѻ ͏ࠔ೉
   wOHY@NSVCZΛ࢖ͬͨಈతূ໌ॻಡΈࠐΈ
   wಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ
   wςετΛ͢ΔͨΊʹ࡞ͬͨ΋ͷ

4. 8FCαʔόͰେྔυϝΠϯͷূ໌ ॻΛऔΓѻ͏ࠔ೉

5. 8FCαʔόͰେྔυϝΠϯͷূ໌ॻΛऔΓѻ͏ࠔ೉ wূ໌ॻΛಡΈࠐΉͨΊͷઃఆ͕௕େԽ͢Δ
   wϓϩηεͷϝϞϦ΋υϝΠϯ਺͚ͩංେԽ͢Δ
   wOHJOYͷ৔߹ɺສͷূ໌ॻΛಡΈࠐΉͱ໿ .#΄Ͳʹ๲ΒΉ

6. 44-@$59@TFU@DFSU@DC w0QFO44-
   Ͱ௥Ճ͞Εͨؔ਺
   wূ໌ॻͷཁٻλΠϛϯάͰίʔϧόοΫؔ਺Λ ݺ΂Δ
   w IUUQTXXXPQFOTTMPSHEPDTNBOTTM44-@$59@TFU@DFSU@DCIUNM

7. 44-@$59@TFU@DFSU@DC w0QFO44-
   Ͱ௥Ճ͞Εͨؔ਺
   wূ໌ॻͷཁٻλΠϛϯάͰίʔϧόοΫؔ਺Λ ݺ΂Δ
   w IUUQTXXXPQFOTTMPSHEPDTNBOTTM44-@$59@TFU@DFSU@DCIUNM ಈతʹূ໌ॻΛಡΈࠐΉ
   ͨΊͷ؀ڥ͕੔͖ͬͯͨ

8. IUUQTUXJUUFSDPNNBUTVNPUPSZTUBUVT

9. IUUQTUXJUUFSDPNNBUTVNPUPSZTUBUVT OHY@NSVCZΛ࢖͑͹
   ಈతʹূ໌ॻΛಡΈࠐΊΔ

10. OHY@NSVCZΛ࢖ͬͨಈతূ໌ॻ ಡΈࠐΈ

11. NSVCZ@TTM@IBOETIBLF@IBOEMFS@DPEF mruby_ssl_handshake_handler_code ' ssl = Nginx::SSL.new ssl.certificate = "/path/to/#{ssl.servername}.crt" ssl.certificate_key

    = "/path/to/#{ssl.servername}.key" ’;

12. NSVCZ@TTM@IBOETIBLF@IBOEMFS@DPEFͷ՝୊ mruby_ssl_handshake_handler_code ' ssl = Nginx::SSL.new ssl.certificate = "/path/to/#{ssl.servername}.crt" ssl.certificate_key

    = "/path/to/#{ssl.servername}.key" ’; JOMJOFܗࣜͷσΟϨΫςΟϒ͸ίʔυ͕௕͘ͳΔͱಡΈͮΒ ͍͕ɺϑΝΠϧ͔ΒಡΈࠐΉσΟϨΫςΟϒ͸౰࣌ແ͔ͬͨɻ

13. ࡞ͬͨ

14. OHY@NSVCZ
    ʹ
    NSVCZ@TTM@IBOETIBLF@IBOEMFS
    Λ࣮૷ͨ͠
    IUUQCMPHIJGVNJJOGPOHY@NSVCZNSVCZ@TTM@IBOETIBLF@IBOEMFS

15. NSVCZ@TTM@IBOETIBLF@IBOEMFS mruby_ssl_handshake_handler /path/to/handler.rb cache; # /path/to/handler.rb ssl = Nginx::SSL.new ssl.certificate

    = "/path/to/#{ssl.servername}.crt" ssl.certificate_key = "/path/to/#{ssl.servername}.key" NSVCZ@TTM@IBOETIBLF@IBOEMFS@DPEFͱಉ͡ػೳͰɺ
 QBUIUPIBOEMFSSCͷΑ͏ͳ֎෦ϑΝΠϧΛಡΈࠐΊΔ

16. ଞʹ΋͍Ζ͍Ζͱύονૹͬͨ wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM
    wIUUQTHJUIVCDPNNBUTVNPUPSOHY@NSVCZQVMM ͋Μ·Γ਺ʹ͸ҙຯ͕ͳ͍͚Ͳ

17. ͦ͏͜͏׆ಈͯͨ͠ΒQVTI ݖ΋Βͬͯϝϯςφʹɻ

18. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯ ϑϥ

19. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ wԿઍԿສͷূ໌ॻϑΝΠϧΛ؅ཧ͠ͳ͍ͱ͍͚ ͳ͍
    wOHY@NSVCZΛಈ͔͢8FCαʔό͸୆ͱ͸ݶ Βͳ͍

20. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ MC SFWFSTF
    QSPYZ
    OHY@NSVCZ BQQMJDBUJPO DBDIF
    SFEJT EC
    NZTRM ͍͍ͩͨ͜Μͳ

    งғؾʹͳΔ

21. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ MC SFWFSTF
    QSPYZ
    OHY@NSVCZ BQQMJDBUJPO DBDIF
    SFEJT EC
    NZTRM 
    5-4
    4/*֦ுͰTFSWFS@OBNFΛड͚औΔ

    ͍͍ͩͨ͜Μͳ งғؾʹͳΔ

22. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ MC SFWFSTF
    QSPYZ
    OHY@NSVCZ BQQMJDBUJPO DBDIF
    SFEJT EC
    NZTRM 
    5-4
    4/*֦ுͰTFSWFS@OBNFΛड͚औΔ

    
    ূ໌ॻͱ伴 ͍͍ͩͨ͜Μͳ งғؾʹͳΔ

23. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ MC SFWFSTF
    QSPYZ
    OHY@NSVCZ BQQMJDBUJPO DBDIF
    SFEJT EC
    NZTRM 
    5-4
    4/*֦ுͰTFSWFS@OBNFΛड͚औΔ

    
    ূ໌ॻͱ伴 B
    ແ͚Ε͹EC͔Βऔಘ ͍͍ͩͨ͜Μͳ งғؾʹͳΔ

24. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ MC SFWFSTF
    QSPYZ
    OHY@NSVCZ BQQMJDBUJPO DBDIF
    SFEJT EC
    NZTRM 
    5-4
    4/*֦ுͰTFSWFS@OBNFΛड͚औΔ

    
    ূ໌ॻͱ伴 B
    ແ͚Ε͹EC͔Βऔಘ C
    Ωϟογϡ ͍͍ͩͨ͜Μͳ งғؾʹͳΔ

25. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ MC SFWFSTF
    QSPYZ
    OHY@NSVCZ BQQMJDBUJPO DBDIF
    SFEJT EC
    NZTRM 
    5-4
    4/*֦ுͰTFSWFS@OBNFΛड͚औΔ

    
    ূ໌ॻͱ伴 B
    ແ͚Ε͹EC͔Βऔಘ C
    Ωϟογϡ ͍͍ͩͨ͜Μͳ งғؾʹͳΔ 
    ϓϩΩγ

26. ಈతূ໌ॻಡΈࠐΈͷͨΊͷΠϯϑϥ MC SFWFSTF
    QSPYZ
    OHY@NSVCZ BQQMJDBUJPO DBDIF
    SFEJT EC
    NZTRM 
    5-4
    4/*֦ுͰTFSWFS@OBNFΛड͚औΔ

    
    ূ໌ॻͱ伴 B
    ແ͚Ε͹EC͔Βऔಘ C
    Ωϟογϡ ͍͍ͩͨ͜Μͳ งғؾʹͳΔ 
    ϓϩΩγ ςετ΄͍͠

27. ςετΛ͢ΔͨΊʹ࡞ͬͨ΋ͷ

28. IGNNSVCZUFTUNZTRME w5FTUNZTRME
    ͷ
    NSVCZ
    Ҡ২൛
    wNSVCZ
    ͷςετ༻ʹ
    .Z42-
    ؀ڥΛࣗಈͰߏங͢Δ
    NSVCZUFTUNZTRME
    Λॻ͍ͨ
 IUUQCMPHIJGVNJJOGPNSVCZUFTUNZTRME

29. IGNNSVCZJOJ w.Z42-΁ͷ઀ଓઃఆΛίʔυ͔Β෼཭͍ͨ͠
    wઃఆϑΝΠϧͱ͍͑͹*/*͔ͳͱࢥͬͨʢʁʣ
    w:".-ͷΑ͏ͳن͕֨ແ͍ʢ࡞Γ࢝Ί͔ͯΒ ஌ͬͨʣ
    wݱঢ়͸ʮ*/*ͬΆ͍ϑΝΠϧΛಡΊΔʯ

30. IUUQXXXTMJEFTIBSFOFUITCUUFTUJOHDBTVBMUBMLT NSVCZͰॻ͍ͨϓϩμΫτͷςετͷॻ͖ํ

31. ࠓ೔͓࿩ͨ͜͠ͱ  OHY@NSVCZ
    Y
    0QFO44-
    Ͱಈతূ໌ॻͷಡΈࠐ Έ͕Ͱ͖Δͱ͍͏͜ͱ
     ಈతূ໌ॻಡΈࠐΈΛ࣮ݱ͢ΔͨΊͷΠϯϑϥͷߏ੒
     ςετ͢ΔͨΊʹࣗ࡞ͨ͠πʔϧ

32. 044׆ಈ͸ָ͍͠ɻϏδωε΋େࣄɻ
    ཱ྆ग़དྷΔϖύϘ͸࠷ߴɻ ࠷৽ͷ࠾༻৘ใΛνΣοΫˠ !QC@SFDSVJU