🌟
EC2に立てたCantaloupeをHTTPS対応する
はじめに
以下の記事で、EC2にCantaloupeを立てる方法を記載しました。
今回は、独自ドメインの設定とHTTPS対応を行います。
独自ドメインの設定
今回、cantaloupe.aws.ldas.jpというドメインを54.172.71.20に割り当てます。Route 53を使う場合、以下のように設定できます。
SSL証明書の取得
sudo su
apt install certbot
certbot certonly --standalone -d cantaloupe.aws.ldas.jp
root@ip-172-31-62-61:/home/ubuntu# certbot certonly --standalone -d cantaloupe.aws.ldas.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): xxx@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for cantaloupe.aws.ldas.jp
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/fullchain.pem
Key is saved at: /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/privkey.pem
This certificate expires on 2023-12-19.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Webサーバの設定: Nginxのインストール
apt install nginx
vi /etc/nginx/sites-available/cantaloupe.aws.ldas.jp
設定
/etc/nginx/sites-available/cantaloupe.aws.ldas.jp
server {
listen 80;
server_name cantaloupe.aws.ldas.jp;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name cantaloupe.aws.ldas.jp;
ssl_certificate /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/privkey.pem;
location / {
proxy_pass http://localhost:8182; # これはcantaloupeのデフォルトのポートです
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
シンボリックリンクを作成して、リスタートします。
root@ip-172-31-62-61:/home/ubuntu# ln -s /etc/nginx/sites-available/cantaloupe.aws.ldas.jp /etc/nginx/sites-enabled/cantaloupe.aws.ldas.jp
root@ip-172-31-62-61:/home/ubuntu# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@ip-172-31-62-61:/home/ubuntu# systemctl restart nginx
結果、以下のURLでCantaloupeにアクセスできるようになりました。
https://cantaloupe.aws.ldas.jp/
まとめ
Cantaloupeのセットアップの参考になりましたら幸いです。
なお、今回はLet’s Encryptを用いましたが、AWSの証明書を使うこともできるようです。
Discussion