Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Let's Let's Encrypt

Avatar for Kohei Ota Kohei Ota
January 23, 2018
Technology
260
1

Let's Let's Encrypt

Avatar for Kohei Ota

Kohei Ota

January 23, 2018

More Decks by Kohei Ota

See All by Kohei Ota
CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers
Avatar for Kohei Ota inductor
4
3.5k
The Cloud Native Chronicles: 10 Years of Community Growth Inside and Outside Japan
Avatar for Kohei Ota inductor
0
180
Cracking the KubeCon CfP
Avatar for Kohei Ota inductor
2
880
KubeCon Recap -Platform migration at Scale-
Avatar for Kohei Ota inductor
1
1.1k
コンテナビルド最新事情 2022年度版 / Container Build 2022
Avatar for Kohei Ota inductor
3
600
データベースとストレージのレプリケーション入門 / Intro-of-database-and-storage-replication
Avatar for Kohei Ota inductor
28
6.6k
KubeConのケーススタディから振り返る、Platform for Platforms のあり方と その実践 / Lessons from KubeCon case studies: Platform for Platforms and its practice
Avatar for Kohei Ota inductor
3
980
オンラインの技術カンファレンスを安定稼働させるための取り組み / SRE activity for online conference platform
Avatar for Kohei Ota inductor
1
1.4k
Kubernetesネットワーキング初級者脱出ガイド / Kubernetes networking beginner's guide
Avatar for Kohei Ota inductor
22
7.6k

Other Decks in Technology

See All in Technology
連合学習と機密コンピューティング
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
100
2026TECHFRESH畢業分享會 - Lightning Talk - 資料也要 CI/CD? 用 Airbyte 自動化資料同步
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
790
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
800
機械学習を「社会実装」するということ 2026年夏版 / Social Implementation of Machine Learning June 2026 Version
Avatar for Moe Uchiike(内池 もえ) moepy_stats
4
1.5k
自律型AIエージェントは何を破壊するのか
Avatar for kojira kojira
0
150
Djangoユーザが知っ得なPostgreSQL機能 - 設計の選択肢を増やす / Djang-use-PostgreSQL
Avatar for soudai sone soudai
PRO
1
230
2026.06.13_AI時代に事業会社が「SIer出身エンジニア」を求める理由 / Why Businesses Seek Engineers with a System Integrator Background in the AI ​​Era
Avatar for jumpei_ikegami jumtech
0
1k
2026 TECHFRESH 畢業分享會 - AI-Native 重塑軟體工程與虛擬講師
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
790
中期計画、2回作ってみた ~業務委託と正社員、両方の視点から~
Avatar for 株式会社出前館 demaecan
1
680
2026 TECHFRESH 畢業分享會 - 開發日常大解密!從領域驅動到企業級上線
Avatar for LINE Developers Taiwan line_developers_tw
PRO
0
790
NAB Show 2026 動画技術関連レポート / NAB Show 2026 Report
Avatar for CyberAgent cyberagentdevelopers
PRO
0
160
On-behalf-of Token exchange with AgentCore Identity
Avatar for iganin hironobuiga
2
150

Featured

See All Featured
New Earth Scene 8
Avatar for Sydney Stone popppiees
3
2.3k
What the history of the web can teach us about the future of AI
Avatar for Ines Montani inesmontani
PRO
1
610
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
1
200
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
2
1.1k
Leo the Paperboy
Avatar for Maya Tellez mayatellez
7
1.8k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
3
730
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
615
220k
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
250
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
211
24k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
66
8.5k
Docker and Python
Avatar for Tania Allard trallard
47
3.9k
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.6k

Transcript

  1. LET’S ENCRYPT ΍ͬͯΈΑ͏ͷձ INDUCTOR@DISCORDΠϯϑϥษڧձ

  2. ςΩετ ຊ೔ͷΞδΣϯμ ▸ ࣗݾ঺հ ▸ SSLͷ࢓૊Έʹ͍ͭͯ ▸ Let's Encryptʹ͍ͭͯ ▸

    SSLূ໌ॻΛઃஔ͢Δ ▸ αʔόʔͷίϯϑΟάΛ৮ͬͯΈΔ ▸ ϔομͱ͔ͷ֬ೝͷ࢓ํ

  3. ςΩετ ͓લͩΕͩΑ ▸ Wiki wo yonde kudasai ▸ https://wiki.infra-workshop.tech/user/inductor ▸

    σʔληϯλʔͷதͰαʔόʔͱ͔NWͱ͔ΆͪΆͪͯͨ͠ ӡ༻ͷதͷਓΛ΍ͬͯͨ ▸ ࠓ͸PHP/Android Javaͱ͔։ൃͯ͠Δ ▸ ࣍ͷ࢓ࣄ͸ͱ͋ΔاۀͷDevOpsܥΠϯϑϥ෦ୂΛ༧ఆ

  4. ςΩετ SSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏ ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  5. ςΩετ ެ։伴ೝূͱ͸ ▸ ެ։伴ɾൿີ伴ͱݺ͹ΕΔ2छྨͷ伴Λ࢖ͬͯ҉߸Խ௨৴Λߦ͏ํ๏ ▸ ެ։伴ɿΈΜͳʹ౉͢҉߸ԽΛ͔͚ΔͨΊͷ伴 ▸ ൿີ伴ɿαʔόʔ͚͕ͩ࣋ͭ෮߸Խ༻ͷ伴 ▸ ϦΫΤετ࣌ʹެ։伴Λड͚औͬͨΫϥΠΞϯτ͕ɺ৘ใΛެ։伴Ͱ҉߸Խ্ͨ͠Ͱαʔ

    όʔʹૹ৴ˠαʔόʔଆ͸ൿີ伴Λ࢖ͬͯதΛݟΔ ▸ αʔόʔ্ʹ͋Δൿີ伴Ͱ͔͠த਎͕Θ͔Βͳ͍Αʂͱ͍͏࢓૊Έ ▸ ϝϦοτɿͲͷϢʔβʔʹରͯ͠΋ಉ͡ެ։伴Λ౉ͤΔͷͰɺ伴ͷ؅ཧָ͕ɻൿີ伴Λαʔ όʔ͔Β౪·Εͳ͍ݶΓ͸(ཧ࿦্)҆શ ▸ σϝϦοτɿΫϥΠΞϯτଆͱαʔόʔଆͰҟͳΔ伴Λ࢖͏ͨΊॲཧ͕ෳࡶɺ·ͨɺύ ϑΥʔϚϯε΋ѱ͍

  6. ςΩετ ڞ௨伴ೝূͱ͸ ▸ ҉߸Խɾ෮߸Խʹಉ͡伴Λ༻͍Δ҉߸ํࣜ ▸ ΈΜͳͰಉ͡伴Λ࢖͏ͱΈΜͳ͕σʔλΛݟΕͯ΍͹͍ͷͰɺ ී௨͸ΫϥΠΞϯτ͝ͱʹผʑͷ伴Λੜ੒ͯ͠؅ཧ͢Δ ▸ ϝϦοτɿ伴ͷछྨ͕1ͭͳͷͰܭࢉ଎౓͕଎͍ ▸

    σϝϦοτɿΫϥΠΞϯτ͕૿͑Δຖʹ伴ͷ਺͕ଟ͘ͳΔͷ Ͱ؅ཧ͕େมɻ·ͨɺڞ௨伴Λ࠷ॳʹ౉͢ͱ͖ʹ৘ใ͕౪· Εͯ͠·͏ͱɺ෮߸͞Εͯ͠·͏ͷͰ΍͹͍

  7. ςΩετ վΊͯɺSSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏(࠷ॳ͚ͩܭࢉ͕ͪΐ͍ॏ͍) ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ(͋ͱ͸·͠) ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  8. ςΩετ WHAT IS LET’S ENCRYPT? ▸ Let's Encrypt͸mozillaɺAkamaiɺCiscoɺGoogleɺ FacebookͳͲΛΛ͸͡Ίͱͨ͠େखITاۀͷࢧԉΛड͚ͯ 2014೥ʹ૑ઃ͞ΕͨϓϩδΣΫτͰɺݸਓͰ΋৴པ͞Εͨ

    αʔόূ໌ॻΛແྉͰൃߦ͢Δ͜ͱ͕Ͱ͖Δ͓खܰαʔϏε Ͱ͢ɻ ▸ 2016೥ͷय़ΑΓਖ਼ࣜʹαʔϏε͕։࢝͠ɺओཁͳ࠷৽OSͰ ͋Ε͹ඞཁͳύοέʔδ౳ͷಋೖ΋ඇৗʹεϜʔζʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ

  9. ςΩετ ແྉͰূ໌ॻशಘͰ͖Δͬͯʁ ▸ Ұൠతʹɺ৴པࡁΈͷSSLূ໌ॻΛऔಘ͢ΔͨΊʹ͸ຊਓ֬ೝ͕ඞཁͰ͢ɻ
 Let's encryptͰ͸ɺݸਓ৘ใΛ࢖ΘͣҎԼ৚݅ͷ΋ͱͰূ໌ॻΛൃߦ͍ͯ͠·͢ɻ ▸ 1. DVূ໌ॻͷΈൃߦͰ͖Δɻ 


    ͜Ε͸ɺॴࡏ֬ೝͳͲͷ৹ࠪΛؚΉOVূ໌ॻͳͲ͸ൃߦͰ͖ͳ͍͜ͱΛҙຯ͠· ͢ɻ 
 ৴པੑͷ໘Ͱݴ͑͹ɺݸਓɾݕূ༻ͳͲɺ࠷௿ݶͷ༻్ʹ࢖͏ͷ͕ݡ໌Ͱ͢ɻ ▸ 2. ূ໌ॻͷ༗ޮظݶ͸3ϲ݄ͷΈɻ
 ແྉͰ͋Δ͜ͱ΍ɺສ͕ҰͷࣄނͳͲΛ๷͙ͨΊʹ΋͜ͷظؒΛઃఆ͍ͯ͠Δͦ ͏Ͱ͢ɻ

  10. ςΩετ Ͱ΋ɺΊΜͲ͍͘͞ΜͰ͠ΐ͏ʁ ▸ ࠓͷͱ͜ΖϫΠϧυΧʔυʹରԠͯ͠ͳ͍ͷͰαϒυϝΠϯ͝ͱʹशಘ͕ඞཁͰ͢
 (ෳ਺αϒυϝΠϯͱ͔·ͱΊͯऔಘ͢ΔΦϓγϣϯ͸͋Γ·͢) ▸ ϫΠϧυΧʔυ͸ࠓ೥ͷ2݄຤ʹରԠ༧ఆͬͯެࣜͰ͸ॻ͍ͯ͋Γ·͕͢ɺ
 ΋ͱ΋ͱ1݄͍ͬͯͬͯͨΜͰద౓ʹظ଴͓͖ͯ͠·͠ΐ͏ ▸ ACMEϓϩτίϧͱ͍͏ূ໌ॻࣗಈൃߦͷϓϩτίϧΛ࢖͏ͷͰɺίϚϯυҰൃͰҰॠͰऔಘ

    Ͱ͖·͢ɻ ▸ ࢓༷͸ΦʔϓϯͳͷͰɺίϚϯυΛࣗ෼Ͱ࡞Γ͍ͨͬͯਓͰ΋େৎ෉ʂ ▸ Apacheͱ͔nginxʹউखʹઃఆΛ௥Ճͯ͘͠ΕΔίϚϯυΦϓγϣϯ΋͋Γ·͕͢ɺݱࡏTLS SNIνϟϨϯδʹ੬ऑੑ͕ݟ͔͍ͭͬͯΔͨΊ࣮࣭࢖͑·ͤΜɻ ▸ 3ϲ݄ͷظݶ΋ɺࣗಈߋ৽ʹ͢Ε͹Α͍Ͱ͢ɻ

  11. ςΩετ ΍Δ͜ͱ(Ͳ͏ͤͩ͠HTTP/2ͱ͔΋΍ͬͱ͜) ▸ αʔόʔΛ༻ҙ͢Δ ▸ DNSͷAϨίʔυΛ͋ͯΔ ▸ certbotͰূ໌ॻΛऔಘ͢Δ ▸ αʔόʔͷઃఆʹॻ͖Ճ͑Δ

    ▸ ͓ΘΓ