PFSを考慮したTLS終端とngx_mrubyによる大量ドメイン設定の効率化

2b692bd83f4418103142a053ecf5ff59?s=47 MATSUMOTO Ryosuke
February 05, 2016
Technology
3
3.3k

 PFSを考慮したTLS終端とngx_mrubyによる大量ドメイン設定の効率化

nginxにおける大量ドメインの証明書を動的に処理する方法

2b692bd83f4418103142a053ecf5ff59?s=128

MATSUMOTO Ryosuke

February 05, 2016
Tweet

Want more?

2b692bd83f4418103142a053ecf5ff59?s=48 matsumoto_r
3
1.7k
2b692bd83f4418103142a053ecf5ff59?s=48 matsumoto_r
4
240
2b692bd83f4418103142a053ecf5ff59?s=48 matsumoto_r
1
490
3ab1249be442027903e1180025340b3f?s=48 reverentgeek
10
560
A9a491b0fcbe0fbce3d64063a37add99?s=48 rmw
2
280
766b9746b59e6f09e280cd33cf4ed419?s=48 skipperchong
0
190
61857dafbd287b3027c4dcea9008ad3c?s=48 carmenhchung
6
360
06f8b41980eb4c577fa40c41d5030c19?s=48 keathley
7
230
C0390e8b11079f8761c0cd3274ed61cb?s=48 productmarketing
3
310
C35e01544a0dd94a2cf1619ee8a42ebb?s=48 clairelew
4
580
6bb82b13cda86d3b821fa44100335ddf?s=48 thoeni
1
170
B3ace07412a5178ea778e7eec161fc0a?s=48 jcasabona
4
250

Transcript

  1. 1.

    OHJOYʹ͓͚ΔେྔυϝΠϯͷূ໌ॻΛಈతʹॲཧ͢Δํ๏ GMO Pepabo, Inc. ٕज़ج൫νʔϜ γχΞɾϓϦϯγύϧΤϯδχΞ MATSUMOTO, Ryosuke @matsumotory 2016/01/29

    ࣾ಺ٕज़ڞ༗ࢿྉ 1'4Λߟྀͨ͠5-4ऴ୺ͱOHY@NSVCZ ʹΑΔେྔυϝΠϯઃఆͷޮ཰Խ
  2. 2.

    ໨࣍  1FSGFDU'PSXBSE4FDSFDZʢ1'4ʣ  1'4Λຬͨ͢伴ަ׵ํࣜ  '4Λຬͨ͢5-4ηογϣϯΩϟογϡ  OHY@NSVCZʹΑΔಈతূ໌ॻಡΈࠐΈ 

    OHY@NSVCZʹΑΔಈతϦόʔεϓϩΩγ  ·ͱΊ
  3. 3.

    લఏɿલ൒ͷ1'4Λߟྀͨ͠OHJOYͷઃఆͱɺ ޙ൒ͷυϝΠϯ਺͕େྔʹ͋Δ৔߹ͷ OHY@NSVCZΛར༻ͨ͠ূ໌ॻͱϦόʔεϓ ϩΩγͷઃఆ͸෼͚ͯ׆༻͢Δ͜ͱ͕ग़དྷ·͢ɻ

  4. 4.

    1FSGFDU'PSXBSE4FDSFDZ

  5. 5.

    1FSGFDU'PSXBSE4FDSFDZ ˞Ҏ߱1'4ͱলུ ˞5-4ηογϣϯͷ৔߹  ൿີ伴͕࿙Ӯͯ͠΋աڈͷ௨৴͕ղಡͰ͖ͳ͍ঢ়ଶ  શͯͷ5-4ηογϣϯͰҟͳΔൿີ伴Λ࢖͏  ҉߸Խ͞Εͨ௨৴Λͻͨ͢ΒஷΊ͜ΜͰͲ͔͜Ͱൿີ 伴ΛಘͨΒͦͷશͯͷ௨৴ΛղੳՄೳͱ͍͏ঢ়ଶ͸ඇ

    ৗʹ·͍ͣͱ͍͏໰୊΁ͷରࡦ
  6. 6.

    5-4Ͱ1'4͋Δ͍͸'4Λຬͨ͢ʹ͸  1'4ʹରԠͨ͠DJQIFSTVJUFTͷબ୒  '4Λߟྀͨ͠5-4ηογϣϯΩϟογϡํࣜΛબ୒  Ϋϥελߏ੒΍ΠϕϯτυϦϒϯʹΑΔ࣮૷ͷߟྀ 8FCαʔϏεͰͪΌΜͱ΍Ζ͏ͱ͢Δͱҙ֎ͱେม

  7. 7.

    1'4Λຬͨ͢伴ަ׵ํࣜ

  8. 8.

    1'4Λຬͨ͢伴ަ׵  &%)΍&$%)&伴ަ׵ํࣜΛ࢖͏  ηογϣϯຖʹϥϯμϜͳ伴Λ࢖༻  ΫϥΠΞϯτɾαʔόͦΕͧΕͰҟͳΔ伴Λ࢖༻  OHJOYͰͷ伴ަ׵ઃఆ 

    OHJOYͩͱTTM@EIQBSBNσΟϨΫςΟϒ  DJQIFSTTVJUFTΛαʔόଆͰࢦఆ͢ΔͳͲ
  9. 9.

    OHJOYͷؔ࿈σΟϨΫςΟϒ SFGIUUQTXFBLEIPSHTZTBENJOIUNM

  10. 10.

    '4Λຬͨ͢ 5-4ηογϣϯΩϟογϡ

  11. 11.

    5-4ηογϣϯΩϟογϡͷछྨ  4FTTJPOSFTVNQUJPO  αʔόɾΫϥΠΞϯτͰڞ௨伴ΛΩϟογϡ  4FTTJPOUJDLFU  ΫϥΠΞϯτͰڞ௨伴Λνέοτͱͯ͠อଘ 

    αʔόଆͰΩϟογϡΛ࣋ͭඞཁͳ͠  Ϋϥελߏ੒࣌ʹศར
  12. 12.

    4FTTJPOSFTVNQUJPO  Ϋϥελ࣌ʹ͸ΩϟογϡΛαʔόؒͰڞ༗  OHJOYͰ͸αʔόؒڞ༗ʹରԠ͍ͯ͠ͳ͍  ΠϕϯτυϦϒϯαʔόͰ͸࣮૷͕೉͍͠  ΫϥελؒΩϟογϡΛఘΊΔ 

    )0͸ͦΕΛͰ͖ΔΑ͏ʹ͍ͯ͠ΔͷͰ͍͢͝  ͦΕ͔4FTTJPOUJDLFUΛ࢖͏  ΠϕϯτυϦϒϯ͔ͭΫϥελߏ੒Ͱ΋࢖͑Δ  ͔͠͠4FTTJPOUJDLFU͸'4ͷ؍఺Ͱ໰୊༗Γ
  13. 13.

    4FTTJPOUJDLFU  ϚελʔΩʔ͕࿙ΕΔͱશ௨৴͕ղಡՄೳ  1'4ͷ֓೦Λຬ͍ͨͤͯͳ͍  αʔόଆͰϚελʔΩʔΛอଘ͢Δͷ͕௨ৗ  ΫϥελؒͰϚελʔΩʔΛڞ༗ 

    Ϋϥελ಺ͷͲͷαʔόʹৼΓ෼͚ऽΒΕͯ΋Ωϟογϡར༻Մೳ  OHJOYͷ৔߹  '4Λຬͨͨ͢ΊʹϚελʔΩʔΛఆظతʹαʔΨଆͰߋ৽  ͜Ε·ͨ)0͸ࣗಈతߋ৽ʹରԠࡁΈͰ͍͢͝
  14. 14.

    ͜͜·Ͱͷ·ͱΊ

  15. 15.

    Ϋϥελߏ੒ͷOHJOYͷ৔߹  1'4ʹରԠͨ͠DJQIFSTVJUFTΛઃఆ  '4Λຬͨ͢Α͏ʹTFTTJPOUJDLFUͷϚελʔΩʔΛఆظߋ৽  )0͸σϑΥϧτͰ෼Ͱߋ৽  Ϋϥελར༻ʹ͓͍ͯ͸ϚελʔΩʔΛαʔόؒͰڞ༗ 

    TFTTJPOSFTVNQUJPOͷ৔߹͸αʔόؒΩϟογϡڞ༗Λఘ ΊΔ
  16. 16.

    ಈతূ໌ॻಡΈࠐΈ

  17. 17.

    υϝΠϯ਺͕ଟ͍৔߹  υϝΠϯ਺͕ઍɾສͷΦʔμʔͷ৔߹  OHJOYͷ৔߹ূ໌ॻಡΈࠐΈͷઃఆ਺ ΍υϝΠϯ୯Ґͷઃఆ͕๲େʹͳΔ  OHJOYͷϓϩηεͷϝϞϦ΋େ͖͘ͳΔ  ສͷূ໌ॻಡΈࠐΈͰ໿.#ͱ͔

  18. 18.

    OHY@NSVCZͰղܾ  ಈతূ໌ॻಡΈࠐΈ  ηογϣϯ୯ҐͰূ໌ॻಡΈࠐΉ࣌ʹNSVCZΛϑοΫ  PQFOTTMҎ্͕ඞཁ  4/*ͷTFSWFSOBNFʹ߹கͨ͠ূ໌ॻϑΝΠϧΛಡΈࠐΉ 

    ઃఆ͕ҰͭͰࡁΉ͠ϝϞϦ΋ݮΔ  ੑೳ͸OHY@NSVCZͷIFMMPXPSMEϕϯνͰݮఔ౓
  19. 19.
    None
  20. 20.

    ಈతϦόʔεϓϩΩγ

  21. 21.

    ಈతϦόʔεϓϩΩγ  5-4ͰΞΫηεͷ͋ͬͨυϝΠϯΛద੾ͳόοΫΤϯ υʹϦόʔεϓϩΩγ͢Δඞཁ༗Γ  ඥ෇͚Λ֎෦σʔλετΞͳͲ͔Βऔಘ  ඥ෇͚Λ΋ͱʹOHY@NSVCZͰಈతϦόʔεϓϩΩγ

  22. 22.

    ͜Εͱ1'4ͷઃఆͱಈతূ໌ॻಡΈࠐΈΛ߹ମͤ͞Δ

  23. 23.

    ·ͱΊ

  24. 24.

    1'4ͷߟྀͱಈతઃఆ  1'4Λߟྀͨ͠DJQIFSTVJUFTͷઃఆ  '4Λߟྀͨ͠ηογϣϯΩϟογϡͷબ୒  ΠϕϯτυϦϒϯΛߟྀͨ͠ηογϣϯΩϟογϡͷબ୒  ಈతূ໌ॻಡΈࠐΈΛOHY@NSVCZͰ࣮ݱ 

    ಈతϦόʔεϓϩΩγΛOHY@NSVCZͰ࣮ݱ