{"id":2452,"date":"2023-10-16T15:11:18","date_gmt":"2023-10-16T06:11:18","guid":{"rendered":"https:\/\/weblog.hirohiro716.com\/?p=2452"},"modified":"2024-11-14T01:14:36","modified_gmt":"2024-11-13T16:14:36","slug":"ec2%ef%bc%8bnginx%ef%bc%8bnode-js%e3%81%aeweb%e3%82%b5%e3%83%bc%e3%83%90%e3%83%bc%e3%82%92letsencrypt%e3%81%a7ssl%e5%8c%96%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/weblog.hirohiro716.com\/?p=2452","title":{"rendered":"EC2\uff0bNginx\uff0bnode.js\u306eWEB\u30b5\u30fc\u30d0\u30fc\u3092Let\u2019sEncrypt\u3067SSL\u5316\u3059\u308b"},"content":{"rendered":"<p>\n<a href=\"\/?p=2430\">\u3053\u306e\u624b\u9806<\/a>\u3067\u69cb\u7bc9\u3057\u305fWEB\u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3002\n<\/p>\n<pre class=\"brush: plain; gutter: false; title: ; notranslate\" title=\"\">\r\n\u30fb \u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3: Amazon Linux 2023.1.20230825\r\n\u30fb \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u30bf\u30a4\u30d7: t3a.nano\r\n\u30fb \u30dc\u30ea\u30e5\u30fc\u30e0\u30b5\u30a4\u30ba: 20GB\r\n<\/pre>\n<p>\npython3\u306e\u4eee\u60f3\u74b0\u5883\u3092\u4f7f\u7528\u3057\u3066certbot\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002<br \/>\n\u203b\u3053\u306e\u624b\u9806\u4f5c\u6210\u6642\u306fpython3.9\u3060\u3063\u305f\n<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# dnf install pip\r\n# mkdir \/opt\/certbot\r\n# python3 -m venv \/opt\/certbot\r\n# \/opt\/certbot\/bin\/pip install --upgrade pip\r\n# \/opt\/certbot\/bin\/pip install certbot\r\n<\/pre>\n<p>\nACME\u30c1\u30e3\u30ec\u30f3\u30b8\u306e\u305f\u3081\u306e\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3059\u308b\u3002\n<\/p>\n<pre class=\"brush: plain; title: \/etc\/nginx\/conf.d\/letsencrypt.conf; notranslate\" title=\"\/etc\/nginx\/conf.d\/letsencrypt.conf\">\r\nserver {\r\n    listen       80;\r\n    listen       &#x5B;::]:80;\r\n    server_name  _;\r\n    location = \/.well-known\/acme-challenge\/ {\r\n        root \/usr\/share\/nginx\/html\/.well-known\/acme-challenge\/;\r\n    }\r\n}\r\n<\/pre>\n<p>\n\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3059\u308b\u3002<br \/>\n\u203b\u4f55\u5ea6\u3082\u5931\u6557\u3059\u308b\u3068\u5236\u9650\u304c\u304b\u304b\u308b\u306e\u3067\u4e88\u3081<code>--dry-run<\/code>\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u6307\u5b9a\u3057\u3066\u30c6\u30b9\u30c8\u3057\u305f\u65b9\u304c\u826f\u3044\n<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n\/opt\/certbot\/bin\/certbot certonly --webroot -w \/usr\/share\/nginx\/html\/ -d testapp.example.com\r\n<\/pre>\n<p>\nNginx\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3002\n<\/p>\n<pre class=\"brush: plain; title: \/etc\/nginx\/conf.d\/node.js.conf; notranslate\" title=\"\/etc\/nginx\/conf.d\/node.js.conf\">\r\nserver {\r\n    listen 443 ssl;\r\n    listen &#x5B;::]:443 ssl;\r\n    server_name testapp.example.com;\r\n    ssl_certificate     \/etc\/letsencrypt\/live\/testapp.example.com\/fullchain.pem;\r\n    ssl_certificate_key \/etc\/letsencrypt\/live\/testapp.example.com\/privkey.pem;\r\n    location \/ {\r\n        proxy_set_header Host $http_host;\r\n        proxy_set_header X-Real-IP $remote_addr;\r\n        proxy_pass http:\/\/localhost:3000\/;\r\n    }\r\n}\r\n<\/pre>\n<p>\nNginx\u306e\u8a2d\u5b9a\u3092\u30ea\u30ed\u30fc\u30c9\u3057\u3066https\u3067\u306e\u63a5\u7d9a\u3092\u78ba\u8a8d\u3059\u308b\u3002\n<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n# systemctl reload nginx\r\n<\/pre>\n<p>\ncron\u306b\u8a3c\u660e\u66f8\u3092\u66f4\u65b0\u3059\u308b\u30b8\u30e7\u30d6\u3092\u8ffd\u52a0\u3059\u308b\u3002\n<\/p>\n<pre class=\"brush: plain; title: # crontab -e; notranslate\" title=\"# crontab -e\">\r\n0 4 * * * \/opt\/certbot\/bin\/certbot renew --deploy-hook &quot;systemctl reload nginx&quot;\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>\u3053\u306e\u624b\u9806\u3067\u69cb\u7bc9\u3057\u305fWEB\u30b5\u30fc\u30d0\u30fc\u3092\u4f7f\u7528\u3059\u308b\u3002 \u30fb \u30c7\u30a3\u30b9\u30c8\u30ea\u30d3\u30e5\u30fc\u30b7\u30e7\u30f3: Amazon Linux 2023.1.20230825 \u30fb \u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u30bf\u30a4\u30d7: t3a.nano \u30fb \u30dc\u30ea\u30e5\u30fc\u30e0\u30b5\u30a4\u30ba: 20GB pyth [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[],"class_list":["post-2452","post","type-post","status-publish","format-standard","hentry","category-aws"],"views":745,"_links":{"self":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/2452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2452"}],"version-history":[{"count":9,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/2452\/revisions"}],"predecessor-version":[{"id":2875,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=\/wp\/v2\/posts\/2452\/revisions\/2875"}],"wp:attachment":[{"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/weblog.hirohiro716.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}