Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Let's Let's Encrypt

Avatar for Kohei Ota Kohei Ota
January 23, 2018
Technology
1
250

Let's Let's Encrypt

Avatar for Kohei Ota

Kohei Ota

January 23, 2018
Tweet

More Decks by Kohei Ota

See All by Kohei Ota
CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers
Avatar for Kohei Ota inductor
4
3k
The Cloud Native Chronicles: 10 Years of Community Growth Inside and Outside Japan
Avatar for Kohei Ota inductor
0
130
Cracking the KubeCon CfP
Avatar for Kohei Ota inductor
2
630
KubeCon Recap -Platform migration at Scale-
Avatar for Kohei Ota inductor
1
1k
コンテナビルド最新事情 2022年度版 / Container Build 2022
Avatar for Kohei Ota inductor
3
540
データベースとストレージのレプリケーション入門 / Intro-of-database-and-storage-replication
Avatar for Kohei Ota inductor
28
6.4k
KubeConのケーススタディから振り返る、Platform for Platforms のあり方と その実践 / Lessons from KubeCon case studies: Platform for Platforms and its practice
Avatar for Kohei Ota inductor
3
870
オンラインの技術カンファレンスを安定稼働させるための取り組み / SRE activity for online conference platform
Avatar for Kohei Ota inductor
1
1.3k
Kubernetesネットワーキング初級者脱出ガイド / Kubernetes networking beginner's guide
Avatar for Kohei Ota inductor
22
6.5k

Other Decks in Technology

See All in Technology
Webアクセシビリティ入門
Avatar for Recruit recruitengineers
PRO
3
1.4k
退屈なことはDevinにやらせよう〜〜Devin APIを使ったVisual Regression Testの自動追加〜
Avatar for ryo kawamataryo
4
930
まだ間に合う! StrandsとBedrock AgentCoreでAIエージェント構築に入門しよう
Avatar for みのるん minorun365
PRO
10
550
AWS環境のリソース調査を Claude Code で効率化 / aws investigate with cc devio2025
Avatar for MasahiroKawahara masahirokawahara
2
720
Yahoo!広告ビジネス基盤におけるバックエンド開発
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
2
320
事業価値と Engineering
Avatar for Recruit recruitengineers
PRO
6
5k
「魔法少女まどか☆マギカ Magia Exedra」での負荷試験の実践と学び
Avatar for gree_tech gree_tech
PRO
0
340
AI時代にPdMとPMMはどう連携すべきか / PdM–PMM-collaboration-in-AI-era
Avatar for Rakus_Dev rakus_dev
0
170
PRDの正しい使い方 ~AI時代にも効く思考・対話・成長ツールとして~
Avatar for PERSOL CAREER Dev | techtekt techtekt
PRO
0
100
Nstockの一人目エンジニアが 3年間かけて向き合ってきた セキュリティのこととこれから〜あれから半年〜
Avatar for わだよし yo41sawada
0
100
Goss: New Production-Ready Go Binding for Faiss #coefl_go_jp
Avatar for 弁護士ドットコム bengo4com
1
1.1k
生成AI時代に必要な価値ある意思決定を育てる「開発プロセス定義」を用いた中期戦略
Avatar for KAKEHASHI kakehashi
PRO
1
220

Featured

See All Featured
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
301
51k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
131
19k
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
330
21k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
96
6.2k
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
6.8k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
Avatar for mongodb mongodb
48
9.7k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
Avatar for Kevin Liebholz kevinliebholz
34
6k
10 Git Anti Patterns You Should be Aware of
Avatar for Lemi Orhan Ergin lemiorhan
PRO
656
61k

Transcript

  1. LET’S ENCRYPT ΍ͬͯΈΑ͏ͷձ INDUCTOR@DISCORDΠϯϑϥษڧձ

  2. ςΩετ ຊ೔ͷΞδΣϯμ ▸ ࣗݾ঺հ ▸ SSLͷ࢓૊Έʹ͍ͭͯ ▸ Let's Encryptʹ͍ͭͯ ▸

    SSLূ໌ॻΛઃஔ͢Δ ▸ αʔόʔͷίϯϑΟάΛ৮ͬͯΈΔ ▸ ϔομͱ͔ͷ֬ೝͷ࢓ํ

  3. ςΩετ ͓લͩΕͩΑ ▸ Wiki wo yonde kudasai ▸ https://wiki.infra-workshop.tech/user/inductor ▸

    σʔληϯλʔͷதͰαʔόʔͱ͔NWͱ͔ΆͪΆͪͯͨ͠ ӡ༻ͷதͷਓΛ΍ͬͯͨ ▸ ࠓ͸PHP/Android Javaͱ͔։ൃͯ͠Δ ▸ ࣍ͷ࢓ࣄ͸ͱ͋ΔاۀͷDevOpsܥΠϯϑϥ෦ୂΛ༧ఆ

  4. ςΩετ SSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏ ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  5. ςΩετ ެ։伴ೝূͱ͸ ▸ ެ։伴ɾൿີ伴ͱݺ͹ΕΔ2छྨͷ伴Λ࢖ͬͯ҉߸Խ௨৴Λߦ͏ํ๏ ▸ ެ։伴ɿΈΜͳʹ౉͢҉߸ԽΛ͔͚ΔͨΊͷ伴 ▸ ൿີ伴ɿαʔόʔ͚͕ͩ࣋ͭ෮߸Խ༻ͷ伴 ▸ ϦΫΤετ࣌ʹެ։伴Λड͚औͬͨΫϥΠΞϯτ͕ɺ৘ใΛެ։伴Ͱ҉߸Խ্ͨ͠Ͱαʔ

    όʔʹૹ৴ˠαʔόʔଆ͸ൿີ伴Λ࢖ͬͯதΛݟΔ ▸ αʔόʔ্ʹ͋Δൿີ伴Ͱ͔͠த਎͕Θ͔Βͳ͍Αʂͱ͍͏࢓૊Έ ▸ ϝϦοτɿͲͷϢʔβʔʹରͯ͠΋ಉ͡ެ։伴Λ౉ͤΔͷͰɺ伴ͷ؅ཧָ͕ɻൿີ伴Λαʔ όʔ͔Β౪·Εͳ͍ݶΓ͸(ཧ࿦্)҆શ ▸ σϝϦοτɿΫϥΠΞϯτଆͱαʔόʔଆͰҟͳΔ伴Λ࢖͏ͨΊॲཧ͕ෳࡶɺ·ͨɺύ ϑΥʔϚϯε΋ѱ͍

  6. ςΩετ ڞ௨伴ೝূͱ͸ ▸ ҉߸Խɾ෮߸Խʹಉ͡伴Λ༻͍Δ҉߸ํࣜ ▸ ΈΜͳͰಉ͡伴Λ࢖͏ͱΈΜͳ͕σʔλΛݟΕͯ΍͹͍ͷͰɺ ී௨͸ΫϥΠΞϯτ͝ͱʹผʑͷ伴Λੜ੒ͯ͠؅ཧ͢Δ ▸ ϝϦοτɿ伴ͷछྨ͕1ͭͳͷͰܭࢉ଎౓͕଎͍ ▸

    σϝϦοτɿΫϥΠΞϯτ͕૿͑Δຖʹ伴ͷ਺͕ଟ͘ͳΔͷ Ͱ؅ཧ͕େมɻ·ͨɺڞ௨伴Λ࠷ॳʹ౉͢ͱ͖ʹ৘ใ͕౪· Εͯ͠·͏ͱɺ෮߸͞Εͯ͠·͏ͷͰ΍͹͍

  7. ςΩετ վΊͯɺSSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏(࠷ॳ͚ͩܭࢉ͕ͪΐ͍ॏ͍) ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ(͋ͱ͸·͠) ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  8. ςΩετ WHAT IS LET’S ENCRYPT? ▸ Let's Encrypt͸mozillaɺAkamaiɺCiscoɺGoogleɺ FacebookͳͲΛΛ͸͡Ίͱͨ͠େखITاۀͷࢧԉΛड͚ͯ 2014೥ʹ૑ઃ͞ΕͨϓϩδΣΫτͰɺݸਓͰ΋৴པ͞Εͨ

    αʔόূ໌ॻΛແྉͰൃߦ͢Δ͜ͱ͕Ͱ͖Δ͓खܰαʔϏε Ͱ͢ɻ ▸ 2016೥ͷय़ΑΓਖ਼ࣜʹαʔϏε͕։࢝͠ɺओཁͳ࠷৽OSͰ ͋Ε͹ඞཁͳύοέʔδ౳ͷಋೖ΋ඇৗʹεϜʔζʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ

  9. ςΩετ ແྉͰূ໌ॻशಘͰ͖Δͬͯʁ ▸ Ұൠతʹɺ৴པࡁΈͷSSLূ໌ॻΛऔಘ͢ΔͨΊʹ͸ຊਓ֬ೝ͕ඞཁͰ͢ɻ
 Let's encryptͰ͸ɺݸਓ৘ใΛ࢖ΘͣҎԼ৚݅ͷ΋ͱͰূ໌ॻΛൃߦ͍ͯ͠·͢ɻ ▸ 1. DVূ໌ॻͷΈൃߦͰ͖Δɻ 


    ͜Ε͸ɺॴࡏ֬ೝͳͲͷ৹ࠪΛؚΉOVূ໌ॻͳͲ͸ൃߦͰ͖ͳ͍͜ͱΛҙຯ͠· ͢ɻ 
 ৴པੑͷ໘Ͱݴ͑͹ɺݸਓɾݕূ༻ͳͲɺ࠷௿ݶͷ༻్ʹ࢖͏ͷ͕ݡ໌Ͱ͢ɻ ▸ 2. ূ໌ॻͷ༗ޮظݶ͸3ϲ݄ͷΈɻ
 ແྉͰ͋Δ͜ͱ΍ɺສ͕ҰͷࣄނͳͲΛ๷͙ͨΊʹ΋͜ͷظؒΛઃఆ͍ͯ͠Δͦ ͏Ͱ͢ɻ

  10. ςΩετ Ͱ΋ɺΊΜͲ͍͘͞ΜͰ͠ΐ͏ʁ ▸ ࠓͷͱ͜ΖϫΠϧυΧʔυʹରԠͯ͠ͳ͍ͷͰαϒυϝΠϯ͝ͱʹशಘ͕ඞཁͰ͢
 (ෳ਺αϒυϝΠϯͱ͔·ͱΊͯऔಘ͢ΔΦϓγϣϯ͸͋Γ·͢) ▸ ϫΠϧυΧʔυ͸ࠓ೥ͷ2݄຤ʹରԠ༧ఆͬͯެࣜͰ͸ॻ͍ͯ͋Γ·͕͢ɺ
 ΋ͱ΋ͱ1݄͍ͬͯͬͯͨΜͰద౓ʹظ଴͓͖ͯ͠·͠ΐ͏ ▸ ACMEϓϩτίϧͱ͍͏ূ໌ॻࣗಈൃߦͷϓϩτίϧΛ࢖͏ͷͰɺίϚϯυҰൃͰҰॠͰऔಘ

    Ͱ͖·͢ɻ ▸ ࢓༷͸ΦʔϓϯͳͷͰɺίϚϯυΛࣗ෼Ͱ࡞Γ͍ͨͬͯਓͰ΋େৎ෉ʂ ▸ Apacheͱ͔nginxʹউखʹઃఆΛ௥Ճͯ͘͠ΕΔίϚϯυΦϓγϣϯ΋͋Γ·͕͢ɺݱࡏTLS SNIνϟϨϯδʹ੬ऑੑ͕ݟ͔͍ͭͬͯΔͨΊ࣮࣭࢖͑·ͤΜɻ ▸ 3ϲ݄ͷظݶ΋ɺࣗಈߋ৽ʹ͢Ε͹Α͍Ͱ͢ɻ

  11. ςΩετ ΍Δ͜ͱ(Ͳ͏ͤͩ͠HTTP/2ͱ͔΋΍ͬͱ͜) ▸ αʔόʔΛ༻ҙ͢Δ ▸ DNSͷAϨίʔυΛ͋ͯΔ ▸ certbotͰূ໌ॻΛऔಘ͢Δ ▸ αʔόʔͷઃఆʹॻ͖Ճ͑Δ

    ▸ ͓ΘΓ