Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Let's Let's Encrypt

Avatar for Kohei Ota Kohei Ota
January 23, 2018
Technology
1
250

Let's Let's Encrypt

Avatar for Kohei Ota

Kohei Ota

January 23, 2018
Tweet

More Decks by Kohei Ota

See All by Kohei Ota
CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers
Avatar for Kohei Ota inductor
4
3.3k
The Cloud Native Chronicles: 10 Years of Community Growth Inside and Outside Japan
Avatar for Kohei Ota inductor
0
160
Cracking the KubeCon CfP
Avatar for Kohei Ota inductor
2
750
KubeCon Recap -Platform migration at Scale-
Avatar for Kohei Ota inductor
1
1k
コンテナビルド最新事情 2022年度版 / Container Build 2022
Avatar for Kohei Ota inductor
3
560
データベースとストレージのレプリケーション入門 / Intro-of-database-and-storage-replication
Avatar for Kohei Ota inductor
29
6.5k
KubeConのケーススタディから振り返る、Platform for Platforms のあり方と その実践 / Lessons from KubeCon case studies: Platform for Platforms and its practice
Avatar for Kohei Ota inductor
3
930
オンラインの技術カンファレンスを安定稼働させるための取り組み / SRE activity for online conference platform
Avatar for Kohei Ota inductor
1
1.3k
Kubernetesネットワーキング初級者脱出ガイド / Kubernetes networking beginner's guide
Avatar for Kohei Ota inductor
22
7k

Other Decks in Technology

See All in Technology
SREのプラクティスを用いた3領域同時 マネジメントへの挑戦 〜SRE・情シス・セキュリティを統合した チーム運営術〜
Avatar for coconala_engineer coconala_engineer
2
580
名刺メーカーDevグループ 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
0
1k
Databricks Free Edition講座 データサイエンス編
Avatar for Takaaki Yayoi taka_aki
0
290
CDK対応したAWS DevOps Agentを試そう_20260201
Avatar for モブエンジニア(Masaki Okuda) masakiokuda
1
190
セキュリティ はじめの一歩
Avatar for nikinusu nikinusu
0
1.5k
Webhook best practices for rock solid and resilient deployments
Avatar for Guillaume Laforge glaforge
1
260
Azure Durable Functions で作った NL2SQL Agent の精度向上に取り組んだ話/jat08
Avatar for TonyTonyKun thara0402
0
140
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.8k
インフラエンジニア必見!Kubernetesを用いたクラウドネイティブ設計ポイント大全
Avatar for 高棹大樹 daitak
0
320
学生・新卒・ジュニアから目指すSRE
Avatar for Hiroya Onoe hiroyaonoe
2
540
月間数億レコードのアクセスログ基盤を無停止・低コストでAWS移行せよ!アプリケーションエンジニアのSREチャレンジ💪
Avatar for miyamu miyamu
0
800
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
Avatar for SansanTech sansantech
PRO
1
280

Featured

See All Featured
From Legacy to Launchpad: Building Startup-Ready Communities
Avatar for Dug Song dugsong
0
140
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.6k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
210
24k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
51k
How Fast Is Fast Enough? [PerfNow 2025]
Avatar for Tammy Everts tammyeverts
3
450
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
0
740
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
130
What does AI have to do with Human Rights?
Avatar for Per Axbom axbom
PRO
0
2k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
12
1k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
38
2.7k
Organizational Design Perspectives: An Ontology of Organizational Design Elements
Avatar for Dr. Kim W Petersen kimpetersen
PRO
1
110
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
Avatar for Mfonobong Umondia mfonobong
2
280

Transcript

  1. LET’S ENCRYPT ΍ͬͯΈΑ͏ͷձ INDUCTOR@DISCORDΠϯϑϥษڧձ

  2. ςΩετ ຊ೔ͷΞδΣϯμ ▸ ࣗݾ঺հ ▸ SSLͷ࢓૊Έʹ͍ͭͯ ▸ Let's Encryptʹ͍ͭͯ ▸

    SSLূ໌ॻΛઃஔ͢Δ ▸ αʔόʔͷίϯϑΟάΛ৮ͬͯΈΔ ▸ ϔομͱ͔ͷ֬ೝͷ࢓ํ

  3. ςΩετ ͓લͩΕͩΑ ▸ Wiki wo yonde kudasai ▸ https://wiki.infra-workshop.tech/user/inductor ▸

    σʔληϯλʔͷதͰαʔόʔͱ͔NWͱ͔ΆͪΆͪͯͨ͠ ӡ༻ͷதͷਓΛ΍ͬͯͨ ▸ ࠓ͸PHP/Android Javaͱ͔։ൃͯ͠Δ ▸ ࣍ͷ࢓ࣄ͸ͱ͋ΔاۀͷDevOpsܥΠϯϑϥ෦ୂΛ༧ఆ

  4. ςΩετ SSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏ ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  5. ςΩετ ެ։伴ೝূͱ͸ ▸ ެ։伴ɾൿີ伴ͱݺ͹ΕΔ2छྨͷ伴Λ࢖ͬͯ҉߸Խ௨৴Λߦ͏ํ๏ ▸ ެ։伴ɿΈΜͳʹ౉͢҉߸ԽΛ͔͚ΔͨΊͷ伴 ▸ ൿີ伴ɿαʔόʔ͚͕ͩ࣋ͭ෮߸Խ༻ͷ伴 ▸ ϦΫΤετ࣌ʹެ։伴Λड͚औͬͨΫϥΠΞϯτ͕ɺ৘ใΛެ։伴Ͱ҉߸Խ্ͨ͠Ͱαʔ

    όʔʹૹ৴ˠαʔόʔଆ͸ൿີ伴Λ࢖ͬͯதΛݟΔ ▸ αʔόʔ্ʹ͋Δൿີ伴Ͱ͔͠த਎͕Θ͔Βͳ͍Αʂͱ͍͏࢓૊Έ ▸ ϝϦοτɿͲͷϢʔβʔʹରͯ͠΋ಉ͡ެ։伴Λ౉ͤΔͷͰɺ伴ͷ؅ཧָ͕ɻൿີ伴Λαʔ όʔ͔Β౪·Εͳ͍ݶΓ͸(ཧ࿦্)҆શ ▸ σϝϦοτɿΫϥΠΞϯτଆͱαʔόʔଆͰҟͳΔ伴Λ࢖͏ͨΊॲཧ͕ෳࡶɺ·ͨɺύ ϑΥʔϚϯε΋ѱ͍

  6. ςΩετ ڞ௨伴ೝূͱ͸ ▸ ҉߸Խɾ෮߸Խʹಉ͡伴Λ༻͍Δ҉߸ํࣜ ▸ ΈΜͳͰಉ͡伴Λ࢖͏ͱΈΜͳ͕σʔλΛݟΕͯ΍͹͍ͷͰɺ ී௨͸ΫϥΠΞϯτ͝ͱʹผʑͷ伴Λੜ੒ͯ͠؅ཧ͢Δ ▸ ϝϦοτɿ伴ͷछྨ͕1ͭͳͷͰܭࢉ଎౓͕଎͍ ▸

    σϝϦοτɿΫϥΠΞϯτ͕૿͑Δຖʹ伴ͷ਺͕ଟ͘ͳΔͷ Ͱ؅ཧ͕େมɻ·ͨɺڞ௨伴Λ࠷ॳʹ౉͢ͱ͖ʹ৘ใ͕౪· Εͯ͠·͏ͱɺ෮߸͞Εͯ͠·͏ͷͰ΍͹͍

  7. ςΩετ վΊͯɺSSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏(࠷ॳ͚ͩܭࢉ͕ͪΐ͍ॏ͍) ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ(͋ͱ͸·͠) ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  8. ςΩετ WHAT IS LET’S ENCRYPT? ▸ Let's Encrypt͸mozillaɺAkamaiɺCiscoɺGoogleɺ FacebookͳͲΛΛ͸͡Ίͱͨ͠େखITاۀͷࢧԉΛड͚ͯ 2014೥ʹ૑ઃ͞ΕͨϓϩδΣΫτͰɺݸਓͰ΋৴པ͞Εͨ

    αʔόূ໌ॻΛແྉͰൃߦ͢Δ͜ͱ͕Ͱ͖Δ͓खܰαʔϏε Ͱ͢ɻ ▸ 2016೥ͷय़ΑΓਖ਼ࣜʹαʔϏε͕։࢝͠ɺओཁͳ࠷৽OSͰ ͋Ε͹ඞཁͳύοέʔδ౳ͷಋೖ΋ඇৗʹεϜʔζʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ

  9. ςΩετ ແྉͰূ໌ॻशಘͰ͖Δͬͯʁ ▸ Ұൠతʹɺ৴པࡁΈͷSSLূ໌ॻΛऔಘ͢ΔͨΊʹ͸ຊਓ֬ೝ͕ඞཁͰ͢ɻ
 Let's encryptͰ͸ɺݸਓ৘ใΛ࢖ΘͣҎԼ৚݅ͷ΋ͱͰূ໌ॻΛൃߦ͍ͯ͠·͢ɻ ▸ 1. DVূ໌ॻͷΈൃߦͰ͖Δɻ 


    ͜Ε͸ɺॴࡏ֬ೝͳͲͷ৹ࠪΛؚΉOVূ໌ॻͳͲ͸ൃߦͰ͖ͳ͍͜ͱΛҙຯ͠· ͢ɻ 
 ৴པੑͷ໘Ͱݴ͑͹ɺݸਓɾݕূ༻ͳͲɺ࠷௿ݶͷ༻్ʹ࢖͏ͷ͕ݡ໌Ͱ͢ɻ ▸ 2. ূ໌ॻͷ༗ޮظݶ͸3ϲ݄ͷΈɻ
 ແྉͰ͋Δ͜ͱ΍ɺສ͕ҰͷࣄނͳͲΛ๷͙ͨΊʹ΋͜ͷظؒΛઃఆ͍ͯ͠Δͦ ͏Ͱ͢ɻ

  10. ςΩετ Ͱ΋ɺΊΜͲ͍͘͞ΜͰ͠ΐ͏ʁ ▸ ࠓͷͱ͜ΖϫΠϧυΧʔυʹରԠͯ͠ͳ͍ͷͰαϒυϝΠϯ͝ͱʹशಘ͕ඞཁͰ͢
 (ෳ਺αϒυϝΠϯͱ͔·ͱΊͯऔಘ͢ΔΦϓγϣϯ͸͋Γ·͢) ▸ ϫΠϧυΧʔυ͸ࠓ೥ͷ2݄຤ʹରԠ༧ఆͬͯެࣜͰ͸ॻ͍ͯ͋Γ·͕͢ɺ
 ΋ͱ΋ͱ1݄͍ͬͯͬͯͨΜͰద౓ʹظ଴͓͖ͯ͠·͠ΐ͏ ▸ ACMEϓϩτίϧͱ͍͏ূ໌ॻࣗಈൃߦͷϓϩτίϧΛ࢖͏ͷͰɺίϚϯυҰൃͰҰॠͰऔಘ

    Ͱ͖·͢ɻ ▸ ࢓༷͸ΦʔϓϯͳͷͰɺίϚϯυΛࣗ෼Ͱ࡞Γ͍ͨͬͯਓͰ΋େৎ෉ʂ ▸ Apacheͱ͔nginxʹউखʹઃఆΛ௥Ճͯ͘͠ΕΔίϚϯυΦϓγϣϯ΋͋Γ·͕͢ɺݱࡏTLS SNIνϟϨϯδʹ੬ऑੑ͕ݟ͔͍ͭͬͯΔͨΊ࣮࣭࢖͑·ͤΜɻ ▸ 3ϲ݄ͷظݶ΋ɺࣗಈߋ৽ʹ͢Ε͹Α͍Ͱ͢ɻ

  11. ςΩετ ΍Δ͜ͱ(Ͳ͏ͤͩ͠HTTP/2ͱ͔΋΍ͬͱ͜) ▸ αʔόʔΛ༻ҙ͢Δ ▸ DNSͷAϨίʔυΛ͋ͯΔ ▸ certbotͰূ໌ॻΛऔಘ͢Δ ▸ αʔόʔͷઃఆʹॻ͖Ճ͑Δ

    ▸ ͓ΘΓ