{"id":1860,"date":"2019-03-27T07:08:56","date_gmt":"2019-03-26T22:08:56","guid":{"rendered":"https:\/\/www.oqiita.com\/?p=1860"},"modified":"2019-03-27T07:08:56","modified_gmt":"2019-03-26T22:08:56","slug":"%e3%80%90nginx%e3%80%91https%e3%81%ae%e8%a8%ad%e5%ae%9a%e3%81%a8%e3%81%8b","status":"publish","type":"post","link":"https:\/\/www.oqiita.com\/?p=1860","title":{"rendered":"\u3010Nginx\u3011HTTPS\u306e\u8a2d\u5b9a\u3068\u304b"},"content":{"rendered":"

\u524d\u4f5c\u3063\u3066\u305f\u74b0\u5883\u3092HTTPS\u306b\u3057\u305f\u3088\u3002<\/p>\n

<\/p>\n

<\/p>\n

certbot<\/a> \u30b3\u30de\u30f3\u30c9 \u3067 Let\u2019s encrypt\u306e\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3057Nginx\u306b\u9069\u7528\u3057\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n

certbot<\/h3>\n
\u25a0\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h5>\n
sudo curl https:\/\/dl.eff.org\/certbot-auto -o \/usr\/bin\/certbot-auto<\/code><\/pre>\n
\u25a0\u6a29\u9650\u5909\u66f4<\/h5>\n
chmod 700 \/usr\/bin\/certbot-auto <\/code><\/pre>\n
\u25a0\u78ba\u8a8d<\/h5>\n
certbot-auto --help<\/code><\/pre>\n
\u25a0Web Root \u3092\u78ba\u8a8d<\/h5>\n
nginx\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u8eab\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u307e\u307e\u306a\u3089\u4ee5\u4e0b\u306e\u30d5\u30a1\u30a4\u30eb\u3067\u3044\u3044\u306f\u305a\u3002<\/p>\n
less \/etc\/nginx\/sites-enabled\/default<\/code><\/pre>\n
\u4eca\u56de\u306f\u300c\/var\/www\/html\u300d\u3092WebRoot\u3068\u60f3\u5b9a\u3057\u307e\u3059\u3002\u3042\u308a\u304c\u3061\u3067\u3059\u306dw<\/p>\n
\u8a3c\u660e\u66f8\u306e\u767a\u884c<\/h3>\n
sudo \/usr\/bin\/certbot-auto certonly --webroot -w \/var\/www\/html -d test.com --email test@test.com<\/code><\/pre>\n
certonly \u8a3c\u660e\u66f8\u306e\u53d6\u5f97\u306e\u307f
\n\u2013webroot Web\u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3057\u3066\u8a3c\u660e\u66f8\u4f5c\u88fd\u3092\u3059\u308b
\n-w WebRoot
\n-d \u30c9\u30e1\u30a4\u30f3
\n\u2013email \u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9<\/p>\n
\u203b\u9014\u4e2d\u3067\u8db3\u308a\u306a\u3044\u30d1\u30c3\u30b1\u30fc\u30b8\u304c\u3042\u308b\u3068\u52dd\u624b\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u307e\u3059\u3002<\/p>\n
\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v02.api.letsencrypt.org\/directory\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(A)gree\/(C)ancel: A\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nWould you be willing to share your email address with the Electronic Frontier\nFoundation, a founding partner of the Let's Encrypt project and the non-profit\norganization that develops Certbot? We'd like to send you email about our work\nencrypting the web, EFF news, campaigns, and ways to support digital freedom.\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n(Y)es\/(N)o: Y\n<\/code><\/pre>\n
 
\n\u540c\u610f\u3057\u3066\u4f5c\u88fd\u304c\u6210\u529f\u3059\u308b\u3068\u4ee5\u4e0b\u306e\u5834\u6240\u306b\u8a3c\u660e\u66f8\u304c\u4f5c\u88fd\u3055\u308c\u3066\u3044\u308b\u306f\u305a\u3067\u3059\u3002
\n\/etc\/letsencrypt\/live\/\u30c9\u30e1\u30a4\u30f3\u540d\/<\/p>\n
privkey.pem \u79d8\u5bc6\u9375
\ncert.pem \u8a3c\u660e\u66f8
\nchain.pem \u4e2d\u9593\u8a3c\u660e\u66f8
\nfullchain.pem \u8a3c\u660e\u66f8\u3068\u4e2d\u9593\u8a3c\u660e\u66f8\u3092\u9023\u7d50\u3057\u305f\u30d5\u30a1\u30a4\u30eb<\/p>\n
nginx\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3057\u3066\u8a3c\u660e\u66f8\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
\u8a3c\u660e\u66f8\u306e\u8a2d\u5b9a<\/h3>\n
sudo vi \/etc\/nginx\/sites-enabled\/default \n\nserver {\n\n        # SSL configuration\n        listen 443 ssl default_server;\n        listen [::]:443 ssl default_server;\n\n        # SSL Certificate\n        ssl_certificate     \/etc\/letsencrypt\/live\/test.net\/fullchain.pem;\n        ssl_certificate_key \/etc\/letsencrypt\/live\/test.net\/privkey.pem;\n\n}<\/code><\/pre>\n
\u25a0\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u518d\u8aad\u307f\u8fbc\u307f<\/h5>\n
service nginx reload<\/code><\/pre>\n
\u25a0\u30d6\u30e9\u30a6\u30b6\u3067\u30a2\u30af\u30bb\u30b9\u3057\u3066\u78ba\u8a8d<\/h5>\n
https:\/\/\u30c9\u30e1\u30a4\u30f3\u540d
\n\"\"<\/a><\/p>\n
\n
 \u6ce8\u610f\u4e8b\u9805<\/div>\n
AWS\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3067443\u3092\u8a31\u53ef\u3059\u308b\u306e\u3092\u5fd8\u308c\u306a\u3044\u3067\u304f\u3060\u3055\u3044\u3002\u79c1\u306f\u5fd8\u308c\u307e\u3057\u305fw<\/p><\/div>\n
\u8a3c\u660e\u66f8\u306e\u66f4\u65b0<\/h3>\n
\u25a0\u81ea\u52d5\u66f4\u65b0\u306e\u8a2d\u5b9a<\/h5>\n
cron\u3067\u8a3c\u660e\u66f8\u3092\u81ea\u52d5\u66f4\u65b0\u3055\u308c\u308b\u3088\u3046\u306b\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n
crontab -e\n\n0 2 1 * * \/usr\/bin\/certbot-auto renew && \/bin\/systemctl reload nginx<\/code><\/pre>\n
\u4e0a\u8a18\u8a2d\u5b9a\u3067\u6bce\u6708\uff11\u65e5\u306e\uff12\u6642\u306b\u66f4\u65b0\u3055\u308c\u308b\u3068\u601d\u3044\u307e\u3059\u3002
\n\u203bcrontab -e\u306f\u5371\u306a\u3044\u306e\u3067\u4f7f\u308f\u306a\u3044\u307b\u3046\u304c\u3044\u3044\u3067\u3059\u3002\u4eca\u56de\u306f\u3081\u3093\u3069\u3044\u306e\u3067crontab -e\u3067\u5b9f\u884c\u3057\u307e\u3057\u305f\u3002<\/p>\n
\u25a0cron\u304c\u52d5\u3044\u3066\u308b\u304b\u78ba\u8a8d<\/h5>\n
sudo service cron stutas<\/code><\/pre>\n
\u25a0cron \u8d77\u52d5<\/h5>\n
sudo service cron start<\/code><\/pre>\n
\u25a0HTTPS\u30ea\u30c0\u30a4\u30ec\u30af\u30c8<\/h5>\n
\u4e00\u5fdcHTTP\u3067\u30a2\u30af\u30bb\u30b9\u3055\u308c\u305f\u3089HTTPS\u306b\u30ea\u30c0\u30a4\u30ec\u30af\u30c8\u3057\u3066\u304a\u304f
\nnginx\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3057\u307e\u3059\u3002<\/p>\n
server {\n        listen 80 default_server;\n        listen [::]:80 default_server;\n\n        return 301 https:\/\/$host$request_uri;\n}\n\nserver {\n        #listen 80 default_server;\n        #listen [::]:80 default_server;\n\n        # SSL configuration\n        listen 443 ssl default_server;\n        listen [::]:443 ssl default_server;\n        \u30fb\u30fb\u30fb\u30fb\n}<\/code><\/pre>\n
\u25a0\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u518d\u8aad\u307f\u8fbc\u307f<\/h5>\n
service nginx reload<\/code><\/pre>\n
\u3042\u3068\u306f\u3068\u308a\u3042\u3048\u305a\u72b6\u6cc1\u307f\u3066\u306a\u3093\u3068\u304b\u3057\u3066\uff01\uff01\uff01\uff01<\/p>\n
\u4ee5\u4e0a\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u524d\u4f5c\u3063\u3066\u305f\u74b0\u5883\u3092HTTPS\u306b\u3057\u305f\u3088\u3002<\/p>\n","protected":false},"author":1,"featured_media":1890,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[31],"tags":[],"class_list":{"0":"post-1860","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-aws","8":"entry"},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/www.oqiita.com\/wp-content\/uploads\/2019\/03\/sango_https_icatch.png","jetpack_shortlink":"https:\/\/wp.me\/p8QluP-u0","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.oqiita.com\/index.php?rest_route=\/wp\/v2\/posts\/1860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.oqiita.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.oqiita.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.oqiita.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.oqiita.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1860"}],"version-history":[{"count":26,"href":"https:\/\/www.oqiita.com\/index.php?rest_route=\/wp\/v2\/posts\/1860\/revisions"}],"predecessor-version":[{"id":1891,"href":"https:\/\/www.oqiita.com\/index.php?rest_route=\/wp\/v2\/posts\/1860\/revisions\/1891"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.oqiita.com\/index.php?rest_route=\/wp\/v2\/media\/1890"}],"wp:attachment":[{"href":"https:\/\/www.oqiita.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.oqiita.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.oqiita.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}