🌟

EC2に立てたCantaloupeをHTTPS対応する

2023/09/20に公開

はじめに

以下の記事で、EC2にCantaloupeを立てる方法を記載しました。

https://zenn.dev/nakamura196/articles/a4d0b95ab20e1e

今回は、独自ドメインの設定とHTTPS対応を行います。

独自ドメインの設定

今回、cantaloupe.aws.ldas.jpというドメインを54.172.71.20に割り当てます。Route 53を使う場合、以下のように設定できます。

SSL証明書の取得

sudo su
apt  install certbot
certbot certonly --standalone -d cantaloupe.aws.ldas.jp
root@ip-172-31-62-61:/home/ubuntu# certbot certonly --standalone -d cantaloupe.aws.ldas.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): xxx@gmail.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for cantaloupe.aws.ldas.jp

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/privkey.pem
This certificate expires on 2023-12-19.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Webサーバの設定: Nginxのインストール

apt install nginx
vi /etc/nginx/sites-available/cantaloupe.aws.ldas.jp

設定

/etc/nginx/sites-available/cantaloupe.aws.ldas.jp
server {
    listen 80;
    server_name cantaloupe.aws.ldas.jp;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name cantaloupe.aws.ldas.jp;

    ssl_certificate /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/privkey.pem;

    location / {
        proxy_pass http://localhost:8182; # これはcantaloupeのデフォルトのポートです
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

シンボリックリンクを作成して、リスタートします。

root@ip-172-31-62-61:/home/ubuntu# ln -s /etc/nginx/sites-available/cantaloupe.aws.ldas.jp /etc/nginx/sites-enabled/cantaloupe.aws.ldas.jp
root@ip-172-31-62-61:/home/ubuntu# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@ip-172-31-62-61:/home/ubuntu# systemctl restart nginx

結果、以下のURLでCantaloupeにアクセスできるようになりました。

https://cantaloupe.aws.ldas.jp/

まとめ

Cantaloupeのセットアップの参考になりましたら幸いです。

なお、今回はLet’s Encryptを用いましたが、AWSの証明書を使うこともできるようです。

Discussion