{"id":2206,"date":"2019-02-27T21:11:26","date_gmt":"2019-02-27T12:11:26","guid":{"rendered":"http:\/\/dona.dip.jp\/?p=2206"},"modified":"2020-03-29T10:06:52","modified_gmt":"2020-03-29T01:06:52","slug":"ssl%e5%8c%96","status":"publish","type":"post","link":"https:\/\/dona-co.art\/?p=2206","title":{"rendered":"Ubuntu16.04 Nginx Let\u2019s encrypt \u3067\u8a55\u4fa1A+\u306a SSL+HTML\/2"},"content":{"rendered":"<p><strong>\u30dd\u30fc\u30c8\u958b\u653e\u3092\u5fd8\u308c\u305a\u306b (\u30eb\u30fc\u30bf\u30fc\u3082)<\/strong><\/p>\n<pre><code>sudo ufw allow 443<\/code><\/pre>\n<p><strong>Let\u2019s encrypt\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/strong><\/p>\n<pre><code>sudo apt install letsencrypt<\/code><\/pre>\n<p><strong>\u8a3c\u660e\u66f8\u306e\u767a\u884c\u3092\u767a\u884c\u3057\u3066\u8cb0\u3046\u3002<\/strong><br \/>\n-w \u3067\u30eb\u30fc\u30c8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea -d\u3067\u30c9\u30e1\u30a4\u30f3 -m \u3067\u30e1\u30a2\u30c9\u3092\u6307\u5b9a\u3002<\/p>\n<pre><code>sudo letsencrypt certonly --webroot -w \/www\/html -d idol-nakachan.world -m nakachankawaii@kancolle.mail.jp<\/code><\/pre>\n<p><strong>\u30b5\u30d6\u30c9\u30e1\u30a4\u30f3\u3082\u53d6\u5f97\u3059\u308b\u5834\u5408<\/strong><br \/>\n-w \u3067\u30eb\u30fc\u30c8\u30c7\u30a3\u30ec\u30af\u30c8\u30ea -d\u3067\u30c9\u30e1\u30a4\u30f3 -m \u3067\u30e1\u30a2\u30c9\u3092\u6307\u5b9a\u3002<\/p>\n<pre><code>sudo letsencrypt certonly --standalone -w \/www\/html  #\n-d idol-nakachan.world #\n-d www.idol-nakachan.world #\n-d 2-4-11.idol-nakachan.world #\n-m nakachankawaii@kancolle.mail.jp<\/code><\/pre>\n<p><strong>\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0 (crontab)<\/strong><\/p>\n<pre><code>\/etc\/crontab\n00 05 01 * * sudo systemctl stop nginx; sudo letsencrypt renew; sudo systemctl start nginx<\/code><\/pre>\n<p><strong>DH\u4ea4\u63db\u9375\u306e\u8a2d\u5b9a<\/strong><\/p>\n<pre><code>sudo mkdir \/etc\/nginx\/ssl\nsudo opensll dhparam -out \/etc\/nginx\/ssl\/nakachan-anzen.pem 2048<\/code><\/pre>\n<p><strong>Nginx\u306e\u8a2d\u5b9a<\/strong><br \/>\n\/etc\/nginx\/nakachan.conf<\/p>\n<pre style=\"margin: 0; padding: 0;\"><code>server {\nlisten       80;\nserver_name  idol-nakachan.world;\nreturn 301 https:\/\/$host$request_uri;\n}\n\nserver {\nlisten       80;\nlisten       443;\nserver_name www.idol-nakachan.world;\nreturn 301 https:\/\/$host$request_uri;\n}\n\nserver {\nlisten       443 ssl http2;\nserver_name  idol-nakachan.world;\nadd_header Strict-Transport-Security 'max-age=31536000; includeSubDomains;';\n\nssl_protocols TLSv1.2;\nssl_certificate         \/etc\/letsencrypt\/live\/idol-nakachan.world\/fullchain.pem;\nssl_certificate_key \/etc\/letsencrypt\/live\/idol-nakachan.world\/privkey.pem;\nssl_dhparam           \/etc\/nginx\/ssl\/nakachan-anzen.pem;\nssl_prefer_server_ciphers on;\n\nssl_session_cache shared:SSL:50m;\nssl_session_timeout 1d;\nssl_stapling on;\n}<\/code><\/pre>\n<p><strong>\u518d\u8d77\u52d5<\/strong><\/p>\n<pre><code>sudo nginx -t\nsudo systemctl restart nginx<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u30dd\u30fc\u30c8\u958b\u653e\u3092\u5fd8\u308c\u305a\u306b (\u30eb\u30fc\u30bf\u30fc\u3082) sudo ufw allow 443 Let\u2019s encrypt\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb sudo apt install letsencrypt \u8a3c\u660e\u66f8\u306e\u767a\u884c\u3092\u767a\u884c\u3057\u3066\u8cb0\u3046\u3002 -w \u3067\u30eb\u30fc\u30c8 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-2206","post","type-post","status-publish","format-standard","hentry","category-memo"],"_links":{"self":[{"href":"https:\/\/dona-co.art\/index.php?rest_route=\/wp\/v2\/posts\/2206","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dona-co.art\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dona-co.art\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dona-co.art\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dona-co.art\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2206"}],"version-history":[{"count":20,"href":"https:\/\/dona-co.art\/index.php?rest_route=\/wp\/v2\/posts\/2206\/revisions"}],"predecessor-version":[{"id":2832,"href":"https:\/\/dona-co.art\/index.php?rest_route=\/wp\/v2\/posts\/2206\/revisions\/2832"}],"wp:attachment":[{"href":"https:\/\/dona-co.art\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2206"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dona-co.art\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2206"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dona-co.art\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2206"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}