{"id":6842,"date":"2016-06-30T11:35:54","date_gmt":"2016-06-30T02:35:54","guid":{"rendered":"http:\/\/www.skyarch.net\/blog\/?p=6842"},"modified":"2016-06-30T12:00:24","modified_gmt":"2016-06-30T03:00:24","slug":"%e8%87%aa%e5%b7%b1%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%81%a7https%e5%ae%9f%e8%a3%85","status":"publish","type":"post","link":"https:\/\/www.skyarch.net\/blog\/%e8%87%aa%e5%b7%b1%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%81%a7https%e5%ae%9f%e8%a3%85\/","title":{"rendered":"\u81ea\u5df1\u8a3c\u660e\u66f8\u3067HTTPS\u5b9f\u88c5"},"content":{"rendered":"

\u81ea\u5df1\u8a3c\u660e\u66f8\u3067Web\u30b5\u30fc\u30d0\u306bHTTPS\u3092\u5b9f\u88c5\u3057\u3066\u307f\u307e\u3059\u3002
\n\u672c\u8a18\u4e8b\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u6bb5\u968e\u3092\u8e0f\u307f\u307e\u3059\u3002<\/p>\n

\u2460HTTP\u3067\u30da\u30fc\u30b8\u95b2\u89a7
\n\u2026Apache\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u3060\u3051\u306e\u72b6\u614b
\n\u2026HTTP\u30a2\u30af\u30bb\u30b9\u306f\u53ef\u80fd\u3060\u304cHTTPS\u30a2\u30af\u30bb\u30b9\u306f\u4e0d\u53ef<\/p>\n

\u2461HTTP\/HTTPS\u3067\u30da\u30fc\u30b8\u95b2\u89a7
\n\u2026mod_ssl\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb+SSL\u8a2d\u5b9a(\u81ea\u5df1\u8a3c\u660e\u66f8)
\n\u2026HTTP+HTTPS\u4e21\u65b9\u306e\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306b<\/p>\n

\u2462HTTPS\u3067\u306e\u307f\u30da\u30fc\u30b8\u95b2\u89a7
\n\u2026\u30ea\u30e9\u30a4\u30c8(\u8ee2\u9001)\u8a2d\u5b9a
\n\u2026HTTPS\u3067\u306e\u307f\u30a2\u30af\u30bb\u30b9\u3055\u305b\u308b<\/p>\n

\u203b\u30b5\u30fc\u30d0\u3078\u306e80+443\u30dd\u30fc\u30c8\u901a\u4fe1\u3092\u8a31\u53ef\u3059\u308b\u306e\u3092\u5fd8\u308c\u305a\u306b
\n\u2026Firewall\u3001iptables\u3001Security Group(AWS)\u306a\u3069<\/p>\n

\u2460HTTP\u3067\u30da\u30fc\u30b8\u95b2\u89a7<\/strong><\/span><\/p>\n

\u2605 Apache\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n

# yum -y install httpd<\/pre>\n
\u2605 Apache\u8d77\u52d5<\/p>\n
# \/etc\/init.d\/httpd start<\/pre>\n
\u2605 http:\/\/\u30b5\u30fc\u30d0IP<\/span>\u3078\u30a2\u30af\u30bb\u30b9
\nApache\u306e\u30c6\u30b9\u30c8\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\nHTTP\u3067\u30a2\u30af\u30bb\u30b9\u3067\u304d\u3066\u3044\u307e\u3059\u306d\u3002<\/p>\n
\u2605 https:\/\/\u30b5\u30fc\u30d0IP<\/span>\u3078\u30a2\u30af\u30bb\u30b9
\nApache\u30c6\u30b9\u30c8\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u305b\u3093\u3002
\nHTTPS\u3067\u306f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u3066\u3044\u307e\u305b\u3093\u3002<\/p>\n
\u3067\u306fHTTPS\u901a\u4fe1\u306b\u5fc5\u8981\u306a\u8a2d\u5b9a\u3092\u884c\u3063\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n
\u2461HTTP\/HTTPS\u3067\u30da\u30fc\u30b8\u95b2\u89a7<\/strong><\/span><\/p>\n
\u25bcHTTPS(SSL)\u901a\u4fe1\u306b\u5fc5\u8981\u306a\u3082\u306e
\n\u30fbSSL\u30e2\u30b8\u30e5\u30fc\u30eb(mod_ssl)
\n\u30fb\u79d8\u5bc6\u9375(SSLCertificateKeyFile)
\n\u30fb\u8a3c\u660e\u66f8(SSLCertificateFile)<\/p>\n
\u203b\u4eca\u56de\u306f\u79d8\u5bc6\u9375\u3068\u8a3c\u660e\u66f8(\u3068CSR)\u3092\/etc\/httpd\/\u914d\u4e0b\u306b\u751f\u6210\u3057\u307e\u3059\u3002<\/p>\n
\u2605 mod_ssl\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/p>\n
# yum -y install mod_ssl<\/pre>\n
\u2605 \u79d8\u5bc6\u9375\u3092\u751f\u6210\u3059\u308b<\/p>\n
# openssl genrsa -out \/etc\/httpd\/server.key 2048<\/pre>\n
genrsa\uff1a\u79d8\u5bc6\u9375\u3092\u751f\u6210\u3059\u308b
\n-out\uff1a\u751f\u6210\u3059\u308b\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u6307\u5b9a\u3059\u308b
\n2048\uff1a\u751f\u6210\u3059\u308b\u9375\u306e\u30d3\u30c3\u30c8\u6570<\/p>\n
\u2605 CSR(\u8a3c\u660e\u66f8\u767a\u884c\u8981\u6c42)\u3092\u751f\u6210\u3059\u308b<\/p>\n
# openssl req -new -key \/etc\/httpd\/server.key -out \/etc\/httpd\/server.csr<\/pre>\n
req\uff1aCSR\u7ba1\u7406\u30aa\u30d7\u30b7\u30e7\u30f3
\n-new\uff1aCSR\u3092\u65b0\u898f\u751f\u6210\u3059\u308b
\n-key\uff1aCSR\u751f\u6210\u306b\u4f7f\u7528\u3059\u308b\u9375\u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a\u3059\u308b<\/p>\n
CSR\u751f\u6210\u306b\u3042\u305f\u3063\u3066\u4f55\u70b9\u304b\u5165\u529b\u3092\u6c42\u3081\u3089\u308c\u307e\u3059\u3002
\nCommon Name(\u30b5\u30fc\u30d0\u306e\u30db\u30b9\u30c8\u540d)\u4ee5\u5916\u306f\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u3059\u3002<\/p>\n
Country Name (2 letter code) [XX]:JP\nState or Province Name (full name) []:Tokyo\nLocality Name (eg, city) [Default City]:Minato\nOrganization Name (eg, company) [Default Company Ltd]:Skyarch Networks.Inc\nOrganizational Unit Name (eg, section) []:Tech\nCommon Name (eg, your name or your server's hostname) []:satoshun.com\nEmail Address []:test@skyarch.net\n\nA challenge password []:password\nAn optional company name []:None<\/pre>\n
\u2605 \u8a3c\u660e\u66f8\u3092\u751f\u6210\u3059\u308b<\/p>\n
# openssl x509 -req -days 3650 -in \/etc\/httpd\/server.csr -signkey \/etc\/httpd\/server.key -out \/etc\/httpd\/server.crt<\/pre>\n
x509\uff1aX.509\u8a3c\u660e\u66f8\u7ba1\u7406\u30aa\u30d7\u30b7\u30e7\u30f3
\n-days\uff1a\u8a3c\u660e\u66f8\u306e\u671f\u9650\u3092\u8a2d\u5b9a(10\u5e74)
\n-in\uff1a\u8a3c\u660e\u66f8\u751f\u6210\u3067\u4f7f\u7528\u3059\u308bCSR\u3092\u6307\u5b9a
\n-signkey\uff1a\u8a3c\u660e\u66f8\u751f\u6210\u3067\u4f7f\u7528\u3059\u308b\u79d8\u5bc6\u9375\u3092\u6307\u5b9a<\/p>\n
\u901a\u5e38\u306f\u8a8d\u8a3c\u5c40(\uff1d\u7b2c\u4e09\u8005)\u306e\u79d8\u5bc6\u9375\u3092\u4f7f\u7528\u3057\u307e\u3059\u304c\u3001\u3053\u3053\u3067\u306f\u81ea\u8eab\u306e\u79d8\u5bc6\u9375\u3092\u4f7f\u7528\u3057\u3066\u8a3c\u660e\u66f8\u3092\u751f\u6210\u3057\u3066\u3044\u307e\u3059\u3002
\n\u3053\u306e\u624b\u6cd5\u304c\u81ea\u5df1\u8a3c\u660e\u66f8\u3068\u547c\u3070\u308c\u308b\u3086\u3048\u3093\u3067\u3059\u3002<\/p>\n
\u2605 httpd.conf\u306b\u3066\u8a3c\u660e\u66f8\u30d5\u30a1\u30a4\u30eb\u3068\u9375\u30d5\u30a1\u30a4\u30eb\u3092\u6307\u5b9a<\/p>\n
# vi \/etc\/httpd\/conf\/httpd.conf<\/pre>\n
\u4e0b\u8a18\u3092\u8ffd\u8a18\u3057\u307e\u3059\u3002<\/p>\n
#SSL-Settinggs\nSSLCertificateFile \"\/etc\/httpd\/server.crt\"\nSSLCertificateKeyFile \"\/etc\/httpd\/server.key\"<\/pre>\n
\u2605 Apache\u518d\u8d77\u52d5(\u8a2d\u5b9a\u53cd\u6620)<\/p>\n
# \/etc\/init.d\/httpd restart<\/pre>\n
\u2605 http:\/\/\u30b5\u30fc\u30d0IP<\/span>\u3078\u30a2\u30af\u30bb\u30b9
\nApache\u306e\u30c6\u30b9\u30c8\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\nHTTP\u306f\u5909\u308f\u3089\u305a\u30a2\u30af\u30bb\u30b9\u3067\u304d\u3066\u3044\u307e\u3059\u3002<\/p>\n
\u2605 https:\/\/\u30b5\u30fc\u30d0IP<\/span>\u3078\u30a2\u30af\u30bb\u30b9
\n\u4e0b\u8a18\u306e\u3088\u3046\u306a\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u3059(Firefox\u306e\u5834\u5408)\u3002
\n\u81ea\u5df1\u8a3c\u660e\u66f8\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u305f\u3081\u306b\u8d77\u3053\u308b\u30a8\u30e9\u30fc\u3067\u3059\u3002
\n\"\u5b89\u5168\u3067\u306f\u306a\u3044\u63a5\u7d9a\"<\/a>
\n[\u30a8\u30e9\u30fc\u5185\u5bb9]\u2192[\u4f8b\u5916\u3092\u8ffd\u52a0]\u2192[\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4f8b\u5916\u3092\u627f\u8a8d]\u3068\u30af\u30ea\u30c3\u30af\u3057\u3066\u9032\u307f\u307e\u3059\u3002
\n\u3059\u308b\u3068Apache\u30c6\u30b9\u30c8\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\n\u4e0a\u8a18\u8a2d\u5b9a\u306b\u3088\u308aHTTPS\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3057\u305f\uff01<\/p>\n
\u3057\u304b\u3057\u901a\u4fe1\u3092\u6697\u53f7\u5316\u3057\u305f\u3044\u30da\u30fc\u30b8\u306bHTTP(\u6697\u53f7\u5316\u3057\u3066\u3044\u306a\u3044\u72b6\u614b)\u3067\u3082\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3068\u3044\u3046\u306e\u306f\u8003\u3048\u3082\u306e\u3067\u3059\u3002
\nHTTPS\u3067\u306e\u307f\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u8a2d\u5b9a\u3092\u8ffd\u52a0\u3057\u3066\u307f\u307e\u3059\u3002<\/p>\n
\u2462HTTPS\u3067\u306e\u307f\u30da\u30fc\u30b8\u95b2\u89a7<\/span><\/strong><\/p>\n
\u2605 httpd.conf\u306b\u30ea\u30e9\u30a4\u30c8(\u8ee2\u9001)\u8a2d\u5b9a\u3092\u8ffd\u8a18<\/p>\n
# vi \/etc\/httpd\/conf\/httpd.conf<\/pre>\n
\u4e0b\u8a18\u3092\u8ffd\u8a18\u3057\u307e\u3059\u3002<\/p>\n
#HTTP-to-HTTPS-Settings\nRewriteEngine On\nRewriteCond %{SERVER_PORT} 80\nRewriteRule ^(.*)$ https:\/\/\u30b5\u30fc\u30d0IP\/$1 [R,L]<\/pre>\n
\u30fb\u300c\u30ea\u30e9\u30a4\u30c8\u3092\u6709\u52b9\u306b\u3057\u3066\u300d
\n\u30fb\u300c\u30dd\u30fc\u30c880(http:\/\/\u30b5\u30fc\u30d0IP<\/span>)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u300d
\n\u30fb\u300chttps:\/\/\u30b5\u30fc\u30d0IP<\/span>\u3078\u30ea\u30e9\u30a4\u30c8\u3059\u308b\u300d
\n\u3068\u3044\u3046\u8a2d\u5b9a\u3067\u3059\u3002<\/p>\n
\u2605 Apache\u518d\u8d77\u52d5(\u8a2d\u5b9a\u53cd\u6620)<\/p>\n
# \/etc\/init.d\/httpd restart<\/pre>\n
\u2605 http:\/\/\u30b5\u30fc\u30d0IP<\/span>\u3078\u30a2\u30af\u30bb\u30b9
\nApache\u306e\u30c6\u30b9\u30c8\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\n\u3057\u304b\u3057\u3088\u304f\u898b\u308b\u3068URL\u6b04\u304c\u300chttps:\/\/\uff5e\u300d\u306b\u5909\u308f\u3063\u3066\u3044\u307e\u3059\u3002
\n\u4e0a\u8a18\u8a2d\u5b9a\u306b\u3088\u308ahttps:\/\/\uff5e\u3078\u30ea\u30e9\u30a4\u30c8\u3055\u308c\u3066\u3044\u307e\u3059\u306d\u3002<\/p>\n
\u2605 https:\/\/\u30b5\u30fc\u30d0IP<\/span>\u3078\u30a2\u30af\u30bb\u30b9
\nApache\u30c6\u30b9\u30c8\u30da\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u307e\u3059\u3002
\n\u3053\u3061\u3089\u306f\u5f15\u304d\u7d9a\u304dHTTPS\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u306a\u72b6\u614b\u3067\u3059\u3002<\/p>\n
\u672c\u8a18\u4e8b\u306e\u5185\u5bb9\u306f\u4ee5\u4e0a\u3067\u3059\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
\u81ea\u5df1\u8a3c\u660e\u66f8\u3067Web\u30b5\u30fc\u30d0\u306bHTTPS\u3092\u5b9f\u88c5\u3057\u3066\u307f\u307e\u3059\u3002 \u672c\u8a18\u4e8b\u306f\u4e0b\u8a18\u306e\u3088\u3046\u306a\u6bb5\u968e\u3092\u8e0f\u307f\u307e\u3059\u3002 \u2460HTTP\u3067\u30da\u30fc\u30b8\u95b2\u89a7 \u2026Apache\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u3060\u3051\u306e\u72b6\u614b \u2026HTTP\u30a2\u30af\u30bb\u30b9\u306f\u53ef\u80fd\u3060\u304cHTTPS\u30a2\u30af\u30bb\u30b9\u306f\u4e0d\u53ef \u2461H…<\/p>\n","protected":false},"author":60,"featured_media":1008,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_locale":"ja","_original_post":"6842","footnotes":""},"categories":[29,34],"tags":[],"class_list":{"0":"post-6842","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-linux","8":"category-web","9":"ja"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/6842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/users\/60"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/comments?post=6842"}],"version-history":[{"count":6,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/6842\/revisions"}],"predecessor-version":[{"id":7110,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/posts\/6842\/revisions\/7110"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media\/1008"}],"wp:attachment":[{"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/media?parent=6842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/categories?post=6842"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyarch.net\/blog\/wp-json\/wp\/v2\/tags?post=6842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}