@Amimoto_Ami amimoto-ami.com AMIMOTO (HHVM) + SSLʢLet's Encryptʣ

SSL ূ໌ॻͱ͸

ূ໌ॻͷ༗ޮظݶ اۀͷॴࡏ஍ ೝূہͷ৘ใ اۀ໊ SSL ূ໌ॻʹؚ·ΕΔ৘ใ

αΠτ͕SSL/TLS Λ࢖͍ͬͯΔ͔Λݟ෼͚Δʹ͸

SSL CERTIFICATE Λ࢖͏ϝϦοτ

HTTP/2 SEO ৴པੑ

SSL ূ໌ॻΛ ࢖Θͳ͍Ͱ͍Δ ͱ……

SSL ূ໌ॻͷ औಘɾઃఆํ๏

ෳ਺υϝΠϯͷূ໌ॻ υϝΠϯຖʹূ໌ॻ ༗ྉͷ SSL ূ໌ॻ

ແྉͰࣗಈͰΦʔϓϯͳ SSL ূ໌ॻ

Ϩοπ 
 Πϯετʔϧ
 Let’s Encrypt!

AWS ίϯιʔϧ΁ϩάΠϯ͠·͢

Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢

Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢

Route53 ͰυϝΠϯͷκʔϯΛઃఆ͠·͢

EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

(HTTP/2) Next Generation Preview AMI Λϩʔϯν

ΠϯελϯεαΠζΛબ୒͠·͢

Πϯελϯεͷઃఆ͸σϑΥϧτͷ··ͰOKͰ͢

Πϯελϯεͷઃఆ͸σϑΥϧτͷ··ͰOKͰ͢

Πϯελϯεͷઃఆ͸σϑΥϧτͷ··ͰOKͰ͢

ηΩϡϦςΟάϧʔϓ΁ HTTPS(443) Λ௥Ճ͠·͢

EC2 ͔Β AMIMOTO AMI Λϩʔϯν͠·͢

SSH ΞΫηεʹඞཁͳΩʔϖΞΛ࡞੒͠·͢

HTTP/2 Next Generation Preview AMI ͕ىಈத

Elastic IP Λىಈͨ͠Πϯελϯε΁ׂΓ౰ͯ·͢

ׂΓ౰ͯΔΠϯελϯεID Λબ୒

Elastic IP ͷׂΓ౰ͯ׬ྃ

EC2ΠϯελϯεʹElastic IP ͕දࣔ͞Ε·ͨ͠ɻ

࡞੒ͨ͠Πϯελϯε΁SSH ͰΞΫηε͠·͢

WordPress ΛΠϯετʔϧ͠·͢ 1. SSH Ͱαʔό΁ΞΫηε:
 $ ssh -i ~/example.pem ec2-user@ΠϯελϯεͷIPΞυϨε
 ·ͨ͸
 $ ssh -i ~/example.pem [email protected]
 2. ύοέʔδΛ࠷৽൛΁ߋ৽:
 $ sudo yum update
 3. WordPress ͷΠϯετʔϧ: 
 $ sudo /usr/local/bin/wp-setup example.com

pip ͱ Let’s Encrypt ΛΠϯετʔϧ 4. Python ͷόʔδϣϯʹ߹͏ pip ͱvirtualenv ΛΠϯετʔϧ:
 
 $ sudo yum install python27-pip python27-virtualenv augeas-libs dialog gcc libffi-devel openssl-devel system-rpm-config
 5. Let’s Encrypt ΛΠϯετʔϧ:
 $ sudo virtualenv /opt/letsencrypt/
 $ sudo /opt/letsencrypt/bin/pip install letsencrypt
 6. ূ໌ॻΛ࡞੒:
 $ sudo /opt/letsencrypt/bin/letsencrypt certonly -t -d example.com - a webroot --webroot-path=/var/www/vhosts/example.com/ --rsa-key-size 2048 --server https://acme-v01.api.letsencrypt.org/directory
 7. ظݶ੾Εͷ͓஌Βͤ΍ϦΧόϦ༻ͷϝʔϧΞυϨεΛઃఆ

pip ͱ Let’s encrypt ͷΠϯετʔϧ 8. nginx ͷઃఆϑΝΠϧΛίϐʔͯ͠ SSL ޲͚ʹϦωʔϜ͠·͢:
 $ sudo cp /etc/nginx/conf.d/default-ssl.conf /etc/nginx/conf.d/ example.com-ssl.conf
 
 9. ίϐʔͨ͠ઃఆϑΝΠϧ example.com-ssl.conf Λฤू͠·͢:
 $ sudo vi /etc/nginx/conf.d/example.com-ssl.conf


มߋޙͷ example.com-ssl.conf server { listen 443 ssl http2; server_name example.com; root /var/www/vhosts/example.com; index index.html index.htm; charset utf-8; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers AESGCM:HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;

HTTP → HTTPS ΁ͷϦμΠϨΫτઃఆ 10.example.com.conf ʹ HTTPS ΁ͷϦμϨΫτઃఆΛ͠·͢: $ sudo vi /etc/nginx/conf.d/example.com.conf server { listen 80; server_name example.com; root /var/www/vhosts/example.com; return 301 https://$host$request_uri; index index.html index.htm; charset utf-8; access_log /var/log/nginx/example.com.access.log main; error_log /var/log/nginx/example.com.error.log;


pip ͱ Let’s encrypt ͷΠϯετʔϧ 11.มߋ಺༰Λ൓ө͢ΔͨΊ nginx Λ࠶ىಈ͠·͢:
 
 $ sudo service nginx restart

SETUP YOUR WORDPRESS

Πϯελϯε ID Λೖྗͯ͠ WordPress ͷઃఆΛ׬ྃͤ͞·͠ΐ͏

http://amimoto-ami.com/slack/ Questions:

@Amimoto_Ami amimoto-ami.com THANK YOU! AMIMOTO (HHVM) + SSLʢLet's Encryptʣ