Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Let's Let's Encrypt

Avatar for Kohei Ota Kohei Ota
January 23, 2018
Technology
1
250

Let's Let's Encrypt

Avatar for Kohei Ota

Kohei Ota

January 23, 2018
Tweet

More Decks by Kohei Ota

See All by Kohei Ota
CloudNative Meets WebAssembly: Exploring Wasm's Potential to Replace Containers
Avatar for Kohei Ota inductor
4
3.4k
The Cloud Native Chronicles: 10 Years of Community Growth Inside and Outside Japan
Avatar for Kohei Ota inductor
0
160
Cracking the KubeCon CfP
Avatar for Kohei Ota inductor
2
790
KubeCon Recap -Platform migration at Scale-
Avatar for Kohei Ota inductor
1
1.1k
コンテナビルド最新事情 2022年度版 / Container Build 2022
Avatar for Kohei Ota inductor
3
580
データベースとストレージのレプリケーション入門 / Intro-of-database-and-storage-replication
Avatar for Kohei Ota inductor
29
6.6k
KubeConのケーススタディから振り返る、Platform for Platforms のあり方と その実践 / Lessons from KubeCon case studies: Platform for Platforms and its practice
Avatar for Kohei Ota inductor
3
950
オンラインの技術カンファレンスを安定稼働させるための取り組み / SRE activity for online conference platform
Avatar for Kohei Ota inductor
1
1.4k
Kubernetesネットワーキング初級者脱出ガイド / Kubernetes networking beginner's guide
Avatar for Kohei Ota inductor
22
7.2k

Other Decks in Technology

See All in Technology
エンジニアリングマネージャーの仕事
Avatar for YuheiNakasaka yuheinakasaka
0
110
Zero Data Loss Autonomous Recovery Service サービス概要
Avatar for oracle4engineer oracle4engineer
PRO
2
13k
Agent ServerはWeb Serverではない。ADKで考えるAgentOps
Avatar for 為藤アキラ akiratameto
0
120
詳解 強化学習 / In-depth Guide to Reinforcement Learning
Avatar for PRIN Lab prinlab
0
300
Tebiki Engineering Team Deck
Avatar for Tebiki, Inc. tebiki
0
27k
楽しく学ぼう!ネットワーク入門
Avatar for Shota Shiratori shotashiratori
1
480
身体を持ったパーソナルAIエージェントの 可能性を探る開発
Avatar for yoko / Naoki Yokomachi yokomachi
1
130
AI時代のSaaSとETL
Avatar for Shu Suzuki shoe116
1
190
AWSの資格って役に立つの?
Avatar for Hiroki Takatsuka tk3fftk
2
370
Goのerror型がシンプルであることの恩恵について理解する
Avatar for yamatai12 yamatai1212
1
240
S3はフラットである –AWS公式SDKにも存在した、 署名付きURLにおけるパストラバーサル脆弱性– / JAWS DAYS 2026
Avatar for GMO Flatt Security flatt_security
0
1.8k
AI実装による「レビューボトルネック」を解消する仕様駆動開発(SDD)/ ai-sdd-review-bottleneck
Avatar for Rakus_Dev rakus_dev
0
160

Featured

See All Featured
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
1
150
Marketing to machines
Avatar for Jono Alderson jonoalderson
1
5k
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
230
Lightning talk: Run Django tests with GitHub Actions
Avatar for Sarah Abderemane sabderemane
0
150
Ruling the World: When Life Gets Gamed
Avatar for Sebastian Deterding codingconduct
0
180
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6k
<Decoding/> the Language of Devs - We Love SEO 2024
Avatar for Nikki Halliwell nikkihalliwell
1
160
Lessons Learnt from Crawling 1000+ Websites
Avatar for Charles Meaden charlesmeaden
PRO
1
1.1k
Why Our Code Smells
Avatar for Brandon Keepers bkeepers
PRO
340
58k
The Web Performance Landscape in 2024 [PerfNow 2024]
Avatar for Tammy Everts tammyeverts
12
1.1k
So, you think you're a good person
Avatar for Per Axbom axbom
PRO
2
2k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
230k

Transcript

  1. LET’S ENCRYPT ΍ͬͯΈΑ͏ͷձ INDUCTOR@DISCORDΠϯϑϥษڧձ

  2. ςΩετ ຊ೔ͷΞδΣϯμ ▸ ࣗݾ঺հ ▸ SSLͷ࢓૊Έʹ͍ͭͯ ▸ Let's Encryptʹ͍ͭͯ ▸

    SSLূ໌ॻΛઃஔ͢Δ ▸ αʔόʔͷίϯϑΟάΛ৮ͬͯΈΔ ▸ ϔομͱ͔ͷ֬ೝͷ࢓ํ

  3. ςΩετ ͓લͩΕͩΑ ▸ Wiki wo yonde kudasai ▸ https://wiki.infra-workshop.tech/user/inductor ▸

    σʔληϯλʔͷதͰαʔόʔͱ͔NWͱ͔ΆͪΆͪͯͨ͠ ӡ༻ͷதͷਓΛ΍ͬͯͨ ▸ ࠓ͸PHP/Android Javaͱ͔։ൃͯ͠Δ ▸ ࣍ͷ࢓ࣄ͸ͱ͋ΔاۀͷDevOpsܥΠϯϑϥ෦ୂΛ༧ఆ

  4. ςΩετ SSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏ ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  5. ςΩετ ެ։伴ೝূͱ͸ ▸ ެ։伴ɾൿີ伴ͱݺ͹ΕΔ2छྨͷ伴Λ࢖ͬͯ҉߸Խ௨৴Λߦ͏ํ๏ ▸ ެ։伴ɿΈΜͳʹ౉͢҉߸ԽΛ͔͚ΔͨΊͷ伴 ▸ ൿີ伴ɿαʔόʔ͚͕ͩ࣋ͭ෮߸Խ༻ͷ伴 ▸ ϦΫΤετ࣌ʹެ։伴Λड͚औͬͨΫϥΠΞϯτ͕ɺ৘ใΛެ։伴Ͱ҉߸Խ্ͨ͠Ͱαʔ

    όʔʹૹ৴ˠαʔόʔଆ͸ൿີ伴Λ࢖ͬͯதΛݟΔ ▸ αʔόʔ্ʹ͋Δൿີ伴Ͱ͔͠த਎͕Θ͔Βͳ͍Αʂͱ͍͏࢓૊Έ ▸ ϝϦοτɿͲͷϢʔβʔʹରͯ͠΋ಉ͡ެ։伴Λ౉ͤΔͷͰɺ伴ͷ؅ཧָ͕ɻൿີ伴Λαʔ όʔ͔Β౪·Εͳ͍ݶΓ͸(ཧ࿦্)҆શ ▸ σϝϦοτɿΫϥΠΞϯτଆͱαʔόʔଆͰҟͳΔ伴Λ࢖͏ͨΊॲཧ͕ෳࡶɺ·ͨɺύ ϑΥʔϚϯε΋ѱ͍

  6. ςΩετ ڞ௨伴ೝূͱ͸ ▸ ҉߸Խɾ෮߸Խʹಉ͡伴Λ༻͍Δ҉߸ํࣜ ▸ ΈΜͳͰಉ͡伴Λ࢖͏ͱΈΜͳ͕σʔλΛݟΕͯ΍͹͍ͷͰɺ ී௨͸ΫϥΠΞϯτ͝ͱʹผʑͷ伴Λੜ੒ͯ͠؅ཧ͢Δ ▸ ϝϦοτɿ伴ͷछྨ͕1ͭͳͷͰܭࢉ଎౓͕଎͍ ▸

    σϝϦοτɿΫϥΠΞϯτ͕૿͑Δຖʹ伴ͷ਺͕ଟ͘ͳΔͷ Ͱ؅ཧ͕େมɻ·ͨɺڞ௨伴Λ࠷ॳʹ౉͢ͱ͖ʹ৘ใ͕౪· Εͯ͠·͏ͱɺ෮߸͞Εͯ͠·͏ͷͰ΍͹͍

  7. ςΩετ վΊͯɺSSLͷ؆୯ͳ͘͠Έ ▸ ެ։伴ೝূͱڞ௨伴ೝূͷϋΠϒϦου ▸ ࠷ॳͷ伴ަ׵࣌ͷΈެ։伴Λ࢖͏(࠷ॳ͚ͩܭࢉ͕ͪΐ͍ॏ͍) ▸ ઀ଓཱ֬ޙ͸ΫϥΠΞϯτ͝ͱʹಠཱͷڞ௨伴Ͱ௨৴͢Δ(͋ͱ͸·͠) ▸ SSHͰΑ͘࢖ΘΕΔ伴ೝূ͸


    ެ։伴ೝূ ▸ ᷿Ͱ࿩୊ͷΞΫηϥϨʔγϣϯ
 ϒʔετͱ͸ͳΜͷؔ܎΋
 ͋Γ·ͤΜ

  8. ςΩετ WHAT IS LET’S ENCRYPT? ▸ Let's Encrypt͸mozillaɺAkamaiɺCiscoɺGoogleɺ FacebookͳͲΛΛ͸͡Ίͱͨ͠େखITاۀͷࢧԉΛड͚ͯ 2014೥ʹ૑ઃ͞ΕͨϓϩδΣΫτͰɺݸਓͰ΋৴པ͞Εͨ

    αʔόূ໌ॻΛແྉͰൃߦ͢Δ͜ͱ͕Ͱ͖Δ͓खܰαʔϏε Ͱ͢ɻ ▸ 2016೥ͷय़ΑΓਖ਼ࣜʹαʔϏε͕։࢝͠ɺओཁͳ࠷৽OSͰ ͋Ε͹ඞཁͳύοέʔδ౳ͷಋೖ΋ඇৗʹεϜʔζʹߦ͏͜ ͱ͕Ͱ͖·͢ɻ

  9. ςΩετ ແྉͰূ໌ॻशಘͰ͖Δͬͯʁ ▸ Ұൠతʹɺ৴པࡁΈͷSSLূ໌ॻΛऔಘ͢ΔͨΊʹ͸ຊਓ֬ೝ͕ඞཁͰ͢ɻ
 Let's encryptͰ͸ɺݸਓ৘ใΛ࢖ΘͣҎԼ৚݅ͷ΋ͱͰূ໌ॻΛൃߦ͍ͯ͠·͢ɻ ▸ 1. DVূ໌ॻͷΈൃߦͰ͖Δɻ 


    ͜Ε͸ɺॴࡏ֬ೝͳͲͷ৹ࠪΛؚΉOVূ໌ॻͳͲ͸ൃߦͰ͖ͳ͍͜ͱΛҙຯ͠· ͢ɻ 
 ৴པੑͷ໘Ͱݴ͑͹ɺݸਓɾݕূ༻ͳͲɺ࠷௿ݶͷ༻్ʹ࢖͏ͷ͕ݡ໌Ͱ͢ɻ ▸ 2. ূ໌ॻͷ༗ޮظݶ͸3ϲ݄ͷΈɻ
 ແྉͰ͋Δ͜ͱ΍ɺສ͕ҰͷࣄނͳͲΛ๷͙ͨΊʹ΋͜ͷظؒΛઃఆ͍ͯ͠Δͦ ͏Ͱ͢ɻ

  10. ςΩετ Ͱ΋ɺΊΜͲ͍͘͞ΜͰ͠ΐ͏ʁ ▸ ࠓͷͱ͜ΖϫΠϧυΧʔυʹରԠͯ͠ͳ͍ͷͰαϒυϝΠϯ͝ͱʹशಘ͕ඞཁͰ͢
 (ෳ਺αϒυϝΠϯͱ͔·ͱΊͯऔಘ͢ΔΦϓγϣϯ͸͋Γ·͢) ▸ ϫΠϧυΧʔυ͸ࠓ೥ͷ2݄຤ʹରԠ༧ఆͬͯެࣜͰ͸ॻ͍ͯ͋Γ·͕͢ɺ
 ΋ͱ΋ͱ1݄͍ͬͯͬͯͨΜͰద౓ʹظ଴͓͖ͯ͠·͠ΐ͏ ▸ ACMEϓϩτίϧͱ͍͏ূ໌ॻࣗಈൃߦͷϓϩτίϧΛ࢖͏ͷͰɺίϚϯυҰൃͰҰॠͰऔಘ

    Ͱ͖·͢ɻ ▸ ࢓༷͸ΦʔϓϯͳͷͰɺίϚϯυΛࣗ෼Ͱ࡞Γ͍ͨͬͯਓͰ΋େৎ෉ʂ ▸ Apacheͱ͔nginxʹউखʹઃఆΛ௥Ճͯ͘͠ΕΔίϚϯυΦϓγϣϯ΋͋Γ·͕͢ɺݱࡏTLS SNIνϟϨϯδʹ੬ऑੑ͕ݟ͔͍ͭͬͯΔͨΊ࣮࣭࢖͑·ͤΜɻ ▸ 3ϲ݄ͷظݶ΋ɺࣗಈߋ৽ʹ͢Ε͹Α͍Ͱ͢ɻ

  11. ςΩετ ΍Δ͜ͱ(Ͳ͏ͤͩ͠HTTP/2ͱ͔΋΍ͬͱ͜) ▸ αʔόʔΛ༻ҙ͢Δ ▸ DNSͷAϨίʔυΛ͋ͯΔ ▸ certbotͰূ໌ॻΛऔಘ͢Δ ▸ αʔόʔͷઃఆʹॻ͖Ճ͑Δ

    ▸ ͓ΘΓ