じこしょうかい2019 / rela1470-portfolio-2019

じこしょうかい2019 / rela1470-portfolio-2019

Presented on

6f36ff3943be908c5d2259f4aef09ea6?s=128

Jun Watanabe

July 11, 2019
Tweet

Transcript

  1. ͜͡͠ΐ͏͔͍ 2019 2019/07/11(Thu) Tech Lunch Jun Watanabe @rela1470

  2. Jun Watanabe @rela1470 • Work • ORATTA, Inc. • 2010/11

    - 2019/06 • ITSD(৘γε) / SRE / ٕज़޿ใ / Backend (PHP) / Chief Engineer • Kyash Inc. • 2019/07 - • Corporate Engineer(৘γε)
  3. Jun Watanabe @rela1470 • Work • ORATTA, Inc. • 2010/11

    - 2019/06 • ITSD(৘γε) / SRE / ٕज़޿ใ / Backend (PHP) / Chief Engineer • Kyash Inc. • 2019/07 - • Corporate Engineer(৘γε)
  4. 2016೥ Treasure DataΛશࣾಋೖ • ຊ൪DBʹKPIΫΤϦΛ ௚઀ྲྀ͍ͯͨ͠ϠόΠ γεςϜΛۦஞ • CSɺσΟϨΫλʔʹ PrestoΛ֮͑ͤͨ͞

  5. 2017/10/23 • PWAλΠτϧΛDMM(R-18)ͰϦϦʔε • ϦϦʔε௚ޙͷεύΠΫ͕ੌ͔ͬͨ • ཪNICͷ2GbpsΛ1.8Gbps·Ͱ৯͍ͭͿͨ͠ • Web -

    Session(redis)ؒͷ௨৴Ͱṧഭ • ڞ༻Ϋϥ΢υͳͷͰଞͷ͓٬༷Λ௥͍ग़ͯ͠΋Βͬͨ • Ӧۀ͞Μ΍Δ͡ΌΜ!
  6. Jun Watanabe @rela1470 • Work • ORATTA, Inc. • 2010/11

    - 2019/06 • ITSD(৘γε) / SRE / ٕज़޿ใ / Backend (PHP) / Chief Engineer • Kyash Inc. • 2019/07 - • Corporate Engineer(৘γε)
  7. θϩτϥετηΩϡϦςΟ • ࣾ಺ωοτϫʔΫͬͯ֓೦μα͍ΑͶ • IPΞυϨε੍ݶͱ͔࣌୅஗ΕͩΑͶ • IDaaSͷOneLoginΛಋೖ • PCϩάΠϯɺSaaSͷϩάΠϯΛ౷Ұ •

    ಺੡πʔϧ΋શͯSAMLʹ౷Ұ • ൒೥͘Β͍͔͚ͯ150ݸ͘Β͍
  8. 2018/06 GREEάϧʔϓʹJOIN • ηΩϡϦςΟཁٻ͕ϕϯνϟʔ͔Β͍͖ͳΓ্৔اۀج४ʹɻ • ͦ͜·ͰΫϦςΟΧϧͳ΋ͷ͸ͳ͔ͬͨ • OneLogin͔ΒAzure ADʹҠߦ •

    θϩτϥετͷ֓೦͸NG൑அ • ࣾ಺ωοτϫʔΫΛશͯDCʹ৐ͤΔܦݧ͸وॏͩͬͨ • 2019/06 ٵऩ߹ซফ໓ͱಉ࣌ʹୀ৬
  9. Jun Watanabe @rela1470 • Private • ग़਎ ๺ւಓͷͲాࣷग़਎ • झຯ

    ΧϯϑΝϨϯεӡӦ • झຯ υϝΠϯऔಘ
  10. Jun Watanabe @rela1470 • Private • ग़਎ ๺ւಓͷͲాࣷग़਎ • झຯ

    ΧϯϑΝϨϯεӡӦ • झຯ υϝΠϯऔಘ
  11. ༙ผொ • ΰΩϒϦ෼෍๺ݶͷொ • ࢢ֎ہ൪͕4ܻɻ΋͏41Օॴ͔͠ ݱଘ͍ͯ͠ͳ͍ • 01586 - 2

    - xxxx • ༣ศ൪߸͕೔ຊͰҰ൪େ͖͍ • 099 - 6509 • 099 ͸ 1099ͷུ • 100͸౦ژ
  12. Jun Watanabe @rela1470 • Private • ग़਎ ๺ւಓͷͲాࣷग़਎ • झຯ

    ΧϯϑΝϨϯεӡӦ • झຯ υϝΠϯऔಘ
  13. ίΞελοϑֻ͚࣋ͪ͠ΜͲ͍(ମྗͱۈଵతʹ) ٕज़ίϛϡχςΟʹର͢Δߩݙͱ͔Ͱ ۀ຿ѻ͍ʹͳΒͳ͍͔ͳʔ ٕज़ΧϯϑΝϨϯείΞελοϑۀ

  14. ͝໎࿭͓͔͚͠·͢! • 08/29, 08/30, 08/31 builderscon tokyo 2019 • 09/05,

    09/06, 09/07 iOSDC Japan 2019 • 2020/02 PHPerKaigi 2020 • 2020/03 Laravel JP Conference 2020 • ౰೔ελοϑืूத!
  15. Jun Watanabe @rela1470 • Private • ग़਎ ๺ւಓͷͲాࣷग़਎ • झຯ

    ΧϯϑΝϨϯεӡӦ • झຯ υϝΠϯऔಘ
  16. PHPerKaigi 2019 Ͱొஃͨ͠಺༰

  17. yasero.dev ࣗ෼ͷମॏΛࡽ͢αΠτ

  18. Endless Work ແݶʹಇ͘αΠτ

  19. https:// workworkworkworkworkwork.w orkworkworkworkworkworkwor kworkworkwork.workworkwork workworkworkworkworkworkw orkworkworkworkworkwork.wo rkworkworkworkworkworkwork workworkworkworkworkworkw orkwork.workworkworkworkwo rkworkworkworkworkworkwork

    workworkworkwork.work/
  20. RFC1035 2.3.4. Size limits 255 Octet

  21. ఆٛจࣈ௕ ΦΫςοτ ϥϕϧจࣈྻ NBY ΦΫςοτ  XPSLXPSLXPSLXPSLXPSLXPSL  XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL 

    XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL  XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL  XPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSLXPSL  XPSL  0DUFU 0DUFU   workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.workworkworkworkwor kworkworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkworkwor kworkworkworkwork.workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.work ↓ = 255 octet = 253จࣈ(υοτؚ)
  22. ϝʔϧΞυϨε͸?

  23. RFC5321 4.5.3.1.3. Path 256 Octet

  24. શମͰ࠷େ 256 Octet ·Ͱ (υοτ΍ΞοτϚʔΫ΋ؚΉ) υϝΠϯͰ 255 Octet ࢖͏ͷͰ…

  25. υϝΠϯ͕࠷େ௕ͩͱ ࣮࣭ൃߦͰ͖ͳ͍ @workworkworkworkworkwork.workworkworkworkwo rkworkworkworkworkwork.workworkworkworkworkw orkworkworkworkworkworkworkworkworkwork.work workworkworkworkworkworkworkworkworkworkwork workworkwork.workworkworkworkworkworkworkwor kworkworkworkworkworkworkwork.work ↑Ͱ256ΦΫςοτ(254จࣈ)

  26. URLશମͷ੍ݶ͸ͳ͍

  27. 100ສจࣈ·Ͱಈ࡞֬ೝࡁΈ https://qiita.com/nwtgck/items/e83473dc63386d2da3e5

  28. HTTPSԽ

  29. None
  30. DNS name too long # /usr/local/certbot/certbot-auto certonly --webroot -w /work.work

    - d workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork.wo rkworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkw orkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkwork workworkworkworkworkworkworkworkworkworkwork.work Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Obtaining a new certificate An unexpected error occurred: The request message was malformed :: Error creating new authz :: DNS name too long Please see the logfiles in /var/log/letsencrypt for more details.
  31. certbot͕230จࣈҎ্Λ ड͚෇͚ͳ͍

  32. ಺෦తʹJSONͷϝλ৘ใͰ 25จࣈ࢖ͬͯ͠·͏ͨΊ letsencrypt/boulder.git/policy/pa.go@126 // TODO(#3237): Right now our schema for

    the authz table only allows 255 characters // for identifiers, including JSON wrapping, which takes up 25 characters. For // now, we only allow identifiers up to 230 characters in length. When we are // able to do a migration to update this table, we can allow DNS names up to // 253 characters in length. maxLabelLength = 63 maxDNSIdentifierLength = 230 `identifier` varchar(255) NOT NULL, {"type":"dns","value":"example.com"} https://community.letsencrypt.org/t/i-want-use-max-255-octet-domain/51279
  33. Let’s Encrypt ͕ବ໨ͳΒ…

  34. ී௨ͷ༗ྉSSLͳΒ ͍͚Μͷ͔

  35. # openssl req -new -key key.pem -out key.csr Common Name

    (eg, fully qualified host name) []:workworkworkworkworkwork.workworkworkworkworkworkworkworkworkwork .workworkworkworkworkworkworkworkworkworkworkworkworkworkwork.workwo rkworkworkworkworkworkworkworkworkworkworkworkworkwork.workworkworkw orkworkworkworkworkworkworkworkworkworkworkwork.work OpenSSLͰCSRൃߦ΍!
  36. string is too long, it needs to be less than

    64 bytes long
  37. RFC 5280 Appendix A.1 ub-common-name-length INTEGER ::= 64 ͪΐͬͱࣗ৴ͳ͍

  38. αʔόʔϨε΍!

  39. Firebase Hosting ແྉSSL+ແྉCDN(݄50GB·Ͱ)

  40. Firebase Hosting ແྉSSL+ແྉCDN(݄50GB·Ͱ)

  41. Firebase Hosting ແྉSSL+ແྉCDN(݄50GB·Ͱ)

  42. SSL͕͍ͭ·Ͱܦͬͯ΋ ൓ө͞Εͳ͍

  43. UI΋յΕΔ

  44. ACME v2 API ϫΠϧυΧʔυূ໌ॻ

  45. cert-bot SAN ରԠ υϝΠϯෳ਺ࢦఆͰ͖Δ & ઌ಄ͷυϝΠϯ͕CNʹ

  46. workworkworkworkworkw orkworkworkworkworkwor kworkworkworkwork.work 65จࣈ

  47. workworkworkworkwork. work 25จࣈ

  48. ./certbot-auto certonly --manual -d workworkworkworkwork.work -d *.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor kworkworkworkworkwork.work

    -m jun@harine.jp --agree-tos --manual- public-ip --preferred-challenges dns-01 --server https://acme- v02.api.letsencrypt.org/directory
  49. Congratulations! ./certbot-auto certonly --manual -d workworkworkworkwork.work -d *.workworkworkworkworkworkworkworkworkwork.workworkworkworkworkworkw orkworkworkworkworkworkworkworkwork.workworkworkworkworkworkworkwork workworkworkworkworkworkwork.workworkworkworkworkworkworkworkworkwor

    kworkworkworkworkwork.work -m jun@harine.jp --agree-tos --manual- public-ip --preferred-challenges dns-01 --server https://acme- v02.api.letsencrypt.org/directory IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/workworkworkworkwork.work/fullchain.pem
  50. None
  51. None
  52. http://bit.ly/endless_work Jun Watanabe@rela1470 https://rela.red/ https://yasero.dev/