Slide 1
Slide 1 text
255จࣈͷ
υϝΠϯ
πϥΈ͕͋Δ!
2019/03/31(Sun) PHPerKaigi 2019
Jun Watanabe@rela1470
Slide 2
Slide 2 text
15ͳͷʹ
εϥΠυ110ຕͳͷͰ
ઌʹ·ͱΊ
ɾ255จࣈ͡Όͳ͍(͝ΊΜ)
ɾ64จࣈҎ্Ͱཁҙ!!!!
Slide 3
Slide 3 text
υϝΠϯͬͯ
͍ͭͷ·ʹ͔
૿͑ͯ·͢ΑͶ!
Slide 4
Slide 4 text
Θͨͳ
13ݸͬͯ·ͨ͠
Slide 5
Slide 5 text
New gTLD
ଓʑొ
Slide 6
Slide 6 text
No content
Slide 7
Slide 7 text
yasero.dev
ࣗͷମॏΛࡽ͢αΠτ
Slide 8
Slide 8 text
ͱ͍͏͜ͱͰຊ…
Slide 9
Slide 9 text
υϝΠϯͬͯ
Ͳ͜·Ͱ͘Ͱ͖Δ͔
ͬͯ·͔͢?
Slide 10
Slide 10 text
255จࣈͷ
υϝΠϯ
πϥΈ͕͋Δ!
2019/03/31(Sun) PHPerKaigi 2019
Jun Watanabe@rela1470
Slide 11
Slide 11 text
workworkworkworkworkwork.
workworkworkworkworkworkw
orkworkworkwork.workworkwo
rkworkworkworkworkworkwork
workworkworkworkworkwork.
workworkworkworkworkworkw
orkworkworkworkworkworkwor
kworkwork.workworkworkwork
workworkworkworkworkworkw
orkworkworkworkwork.work
Slide 12
Slide 12 text
workυϝΠϯ
1ԁͰͨ͠
Slide 13
Slide 13 text
No content
Slide 14
Slide 14 text
͋Γ͕ͱ͏
͍͟͝·͢!
Slide 15
Slide 15 text
(དྷ͓ئ͍͠·͢)
Slide 16
Slide 16 text
͋Ε?
Slide 17
Slide 17 text
255จࣈͷ
υϝΠϯ
πϥΈ͕͋Δ!
2019/03/31(Sun) PHPerKaigi 2019
Jun Watanabe@rela1470
Slide 18
Slide 18 text
workworkworkworkworkwork.
workworkworkworkworkworkw
orkworkworkwork.workworkwo
rkworkworkworkworkworkwork
workworkworkworkworkwork.
workworkworkworkworkworkw
orkworkworkworkworkworkwor
kworkwork.workworkworkwork
workworkworkworkworkworkw
orkworkworkworkwork.work
Slide 19
Slide 19 text
ͦ͏ͳΜͰ͢
Slide 20
Slide 20 text
253จࣈ
͔͠ͳ͍ͧ
Slide 21
Slide 21 text
͓ͼͱగਖ਼
Slide 22
Slide 22 text
255จࣈͷ
υϝΠϯ
πϥΈ͕͋Δ!
2019/03/31(Sun) PHPerKaigi 2019
Jun Watanabe@rela1470
Slide 23
Slide 23 text
255ΦΫςοτͷ
υϝΠϯ
πϥΈ͕͋Δ!
2019/03/31(Sun) PHPerKaigi 2019
Jun Watanabe@rela1470
Slide 24
Slide 24 text
No content
Slide 25
Slide 25 text
Ͳ͜Ͱఆٛ͞Ε͍ͯΔ͔
Slide 26
Slide 26 text
RFC1035
2.3.4. Size limits
255 Octet
Slide 27
Slide 27 text
1 Octet
8 bit
1 Byte
Slide 28
Slide 28 text
༨ஊ
1Byte = 8 Bit
ʹͳͬͨͷ
2008
IEC 80000-13
https://www.iso.org/standard/31898.html
JISະൃߦ
IECΛӾཡ͢Δʹ158 CHF (17,450ԁ)…
Slide 29
Slide 29 text
ࠞཚ͠ͳ͍ͨΊʹ
Octet
Λ͓͏!
Slide 30
Slide 30 text
͞Βʹ༨ஊ
URLશମͷ੍ݶͳ͍
Slide 31
Slide 31 text
100ສจࣈ·Ͱಈ࡞֬ೝࡁΈ
https://qiita.com/nwtgck/items/e83473dc63386d2da3e5
Slide 32
Slide 32 text
ؓٳ
Slide 33
Slide 33 text
υϝΠϯͷσʔλ
Slide 34
Slide 34 text
work . work
↓ϥϕϧ
↑ ۠Γจࣈ
ୈ2ϨϕϧυϝΠϯ ୈ1ϨϕϧυϝΠϯ
Slide 35
Slide 35 text
DNSϝοηʔδ
ࠓճͷυϝΠϯͷྫ
Slide 36
Slide 36 text
ఆٛจࣈ
ΦΫςοτ
ϥϕϧจࣈྻ
NBY
ΦΫςοτ
XPSLXPSLXPSLXPSLXPSLXPSL
XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL
XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL
XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL
XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL
XPSL
0DUFU 0DUFU
workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.workworkworkworkwor
kworkworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkwor
kworkworkworkwork.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.work
↓
= 255 octet = 253จࣈ(υοτؚ)
Slide 37
Slide 37 text
ϝʔϧΞυϨε?
Slide 38
Slide 38 text
RFC5321
4.5.3.1.3. Path
256 Octet
Slide 39
Slide 39 text
શମͰ࠷େ 256 Octet ·Ͱ
(υοτΞοτϚʔΫؚΉ)
υϝΠϯͰ
255 Octet ͏ͷͰ…
Slide 40
Slide 40 text
υϝΠϯ͕࠷େͩͱ
࣮࣭ൃߦͰ͖ͳ͍
@workworkworkworkworkwork.workworkworkworkwo
rkworkworkworkworkwork.workworkworkworkworkw
orkworkworkworkworkworkworkworkworkwork.work
workworkworkworkworkworkworkworkworkworkwork
workworkwork.workworkworkworkworkworkworkwor
kworkworkworkworkworkworkwork.work
↑Ͱ256ΦΫςοτ(254จࣈ)
Slide 41
Slide 41 text
࣮ࡍʹӡ༻͍͖ͯ͠
Slide 42
Slide 42 text
DNS
Slide 43
Slide 43 text
No content
Slide 44
Slide 44 text
໊͓લυοτίϜ͞Μ
ͦͦෳϥϕϧ͕
ߟྀ͞Εͯͳ͍
ϫΠϧυΧʔυͰͳΜͱ͔
Slide 45
Slide 45 text
SLAରͷαʔϏεΛ
͍·͠ΐ͏
Slide 46
Slide 46 text
Amazon
Route 53
Slide 47
Slide 47 text
IDCF Cloud
DNS
Slide 48
Slide 48 text
nginx
Slide 49
Slide 49 text
vi nginx.conf
———-
server {
listen 80;
server_name
workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.workworkwor
kworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkwor
kworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkwor
kworkworkworkwork.work;
}
——————
nginx -t
nginx: [emerg] could not build server_names_hash, you should increase
server_names_hash_bucket_size: 32
nginx: configuration file /etc/nginx/nginx.conf test failed
nginx.conf
server_name͕͗͢Δ
Slide 50
Slide 50 text
vi nginx.conf
———-
http {
server_names_hash_bucket_size 512;
}
bucketSize֦ு
Slide 51
Slide 51 text
No content
Slide 52
Slide 52 text
HTTPSԽ
Slide 53
Slide 53 text
No content
Slide 54
Slide 54 text
DNS name too long
# /usr/local/certbot/certbot-auto certonly --webroot -w /work.work -
d
workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.wo
rkworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkw
orkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkwork
workworkworkworkworkworkworkworkworkworkwork.work
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
An unexpected error occurred:
The request message was malformed :: Error creating new authz :: DNS
name too long
Please see the logfiles in /var/log/letsencrypt for more details.
Slide 55
Slide 55 text
certbot͕230จࣈҎ্Λ
ड͚͚ͳ͍
Slide 56
Slide 56 text
෦తʹJSONͷϝλใͰ
25จࣈͬͯ͠·͏ͨΊ
letsencrypt/boulder.git/policy/pa.go@126
// TODO(#3237): Right now our schema for the authz table only allows
255 characters
// for identifiers, including JSON wrapping, which takes up 25
characters. For
// now, we only allow identifiers up to 230 characters in length.
When we are
// able to do a migration to update this table, we can allow DNS
names up to
// 253 characters in length.
maxLabelLength = 63
maxDNSIdentifierLength = 230
`identifier` varchar(255) NOT NULL,
{"type":"dns","value":"example.com"}
https://community.letsencrypt.org/t/i-want-use-max-255-octet-domain/51279
Slide 57
Slide 57 text
No content
Slide 58
Slide 58 text
No content
Slide 59
Slide 59 text
No content
Slide 60
Slide 60 text
Let’s Encrypt
͕ବͳΒ…
Slide 61
Slide 61 text
ී௨ͷ༗ྉSSLͳΒ
͍͚Μͷ͔
Slide 62
Slide 62 text
# openssl req -new -key key.pem -out key.csr
Common Name (eg, fully qualified host name)
[]:workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork
.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workwo
rkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkw
orkworkworkworkworkworkworkworkworkworkworkwork.work
OpenSSLͰCSRൃߦ!
Slide 63
Slide 63 text
string is too long,
it needs to be less than
64 bytes long
Slide 64
Slide 64 text
OpenSSL͕ବͳΒ…
Slide 65
Slide 65 text
Microsoft IIS
Slide 66
Slide 66 text
CSRൃߦͰ͖·ͨ͠
Slide 67
Slide 67 text
CoreSSL͞ΜͰਃ
Slide 68
Slide 68 text
No content
Slide 69
Slide 69 text
CSRೝ͚ࣝͨ͠Ͳ
αʔϏεଆͰ͔Εͨ
Slide 70
Slide 70 text
্Ґূ໌ہ
Symantec
Comodo
GeoTrust
ͷ੍ݶ
https://knowledge.symantec.com/jp/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=SO24065
Slide 71
Slide 71 text
RFC 5280
Appendix A.1
ub-common-name-length
INTEGER ::= 64
ͪΐͬͱࣗ৴ͳ͍
Slide 72
Slide 72 text
͝ฦۚ
ରԠ͖
͋Γ͕ͱ͏
͍͟͝·ͨ͠
Slide 73
Slide 73 text
ແྉͰ230จࣈ·Ͱ͍͚Δ
let's encrypt
ٯʹ༏लઆ
Slide 74
Slide 74 text
No content
Slide 75
Slide 75 text
ࣗલ͕ବͳΒ...
Slide 76
Slide 76 text
αʔόʔϨε!
Slide 77
Slide 77 text
Firebase Hosting
ແྉSSL+ແྉCDN(݄50GB·Ͱ)
Slide 78
Slide 78 text
Firebase Hosting
ແྉSSL+ແྉCDN(݄50GB·Ͱ)
Slide 79
Slide 79 text
Firebase Hosting
ແྉSSL+ແྉCDN(݄50GB·Ͱ)
Slide 80
Slide 80 text
SSL͕͍ͭ·Ͱܦͬͯ
ө͞Εͳ͍
Slide 81
Slide 81 text
UIյΕΔ
Slide 82
Slide 82 text
ͦͯ͠2019
Slide 83
Slide 83 text
υϝΠϯͷ͕͞
࠷େ64จࣈʹ੍ݶ͞ΕͯΔ…
Slide 84
Slide 84 text
Firebase͕
ବͳΒ
Netlify!
Slide 85
Slide 85 text
No content
Slide 86
Slide 86 text
No content
Slide 87
Slide 87 text
UIͪΖΜյΕΔ
Slide 88
Slide 88 text
͔͠͠
255 octet ͷ
υϝΠϯొͰ͖ͨ
(ͼͬ͘Γ)
Slide 89
Slide 89 text
SSL…?
Slide 90
Slide 90 text
DNS name too long
Slide 91
Slide 91 text
Netlify
ແྉSSL
Slide 92
Slide 92 text
230จࣈʹ͑ͨΒ
͍͚ΔΖ!
Slide 93
Slide 93 text
CN was longer than 64 bytes
Slide 94
Slide 94 text
No content
Slide 95
Slide 95 text
Firebase
SSLରԠඞਢ
64 octet ·Ͱ
Netlify
SSL 64 octet ·Ͱ
httpͰΑ͚Ε
255 octet ·Ͱ
Slide 96
Slide 96 text
SSLରԠͷເ௵͑ͨ…
Slide 97
Slide 97 text
No content
Slide 98
Slide 98 text
ACME v2 API
ϫΠϧυΧʔυূ໌ॻ
Slide 99
Slide 99 text
CN was longer than
64 bytes
./certbot-auto certonly —manual -d
*.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw
orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork
workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor
kworkworkworkworkwork.work -m [email protected] --agree-tos --manual-
public-ip --preferred-challenges dns-01 --server https://acme-
v02.api.letsencrypt.org/directory
An unexpected error occurred:
The request message was malformed :: Error finalizing order ::
issuing precertificate: CN was longer than 64 bytes
Slide 100
Slide 100 text
cert-bot
SAN ରԠ
υϝΠϯෳࢦఆͰ͖Δ
&
ઌ಄ͷυϝΠϯ͕CNʹ
Slide 101
Slide 101 text
workworkworkworkworkw
orkworkworkworkworkwor
kworkworkworkwork.work
65จࣈ
Slide 102
Slide 102 text
workworkworkworkwork.
work
25จࣈ
Slide 103
Slide 103 text
./certbot-auto certonly --manual -d workworkworkworkwork.work -d
*.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw
orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork
workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor
kworkworkworkworkwork.work -m [email protected] --agree-tos --manual-
public-ip --preferred-challenges dns-01 --server https://acme-
v02.api.letsencrypt.org/directory
Slide 104
Slide 104 text
Congratulations!
./certbot-auto certonly --manual -d workworkworkworkwork.work -d
*.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw
orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork
workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor
kworkworkworkworkwork.work -m [email protected] --agree-tos --manual-
public-ip --preferred-challenges dns-01 --server https://acme-
v02.api.letsencrypt.org/directory
IMPORTANT NOTES:
-
Congratulations!
Your certificate and chain have been saved at:
/etc/letsencrypt/live/workworkworkworkwork.work/fullchain.pem
Slide 105
Slide 105 text
No content
Slide 106
Slide 106 text
No content
Slide 107
Slide 107 text
https://
workworkworkworkworkwork.w
orkworkworkworkworkworkwor
kworkworkwork.workworkwork
workworkworkworkworkworkw
orkworkworkworkworkwork.wo
rkworkworkworkworkworkwork
workworkworkworkworkworkw
orkwork.workworkworkworkwo
rkworkworkworkworkworkwork
workworkworkwork.work/
Slide 108
Slide 108 text
http://
work.workworkworkworkworkw
orkworkworkworkworkworkwor
kworkworkwork.workworkwork
workworkworkworkworkworkw
orkworkworkworkworkwork.wo
rkworkworkworkworkworkwork
workworkworkworkworkworkw
orkwork.workworkworkworkwo
rkworkworkworkworkworkwork
workworkworkwork.work/
Slide 109
Slide 109 text
http://
workwork.workworkworkworkw
orkworkworkworkworkworkwor
kworkworkwork.workworkwork
workworkworkworkworkworkw
orkworkworkworkworkwork.wor
kworkworkworkworkworkwork
workworkworkworkworkworkw
orkwork.workworkworkworkwor
kworkworkworkworkworkwork
workworkworkwork.work/public
Slide 110
Slide 110 text
http://bit.ly/endless_work
http://bit.ly/work_netlify
http://bit.ly/work_githubpages
Jun Watanabe@rela1470
https://rela.red/
https://yasero.dev/
Available for hire!