EC2 + Ubuntu + Nginx + Passenger を Let’s Encrypt!

EC2 + Ubuntu + Nginx + Passenger で組んだ Rails アプリ用のサーバを、Let’s Encrypt で HTTPS 化する方法をまとめます。

順調に進めば、15分ぐらいで完了します。

新規サーバのセットアップはこちら:

▶︎ Rails5:EC2 + Ubuntu + Nginx + Passenger でデプロイ

環境

  • Ruby 2.5.1
  • rvm 1.29.7
  • Rails 5.2
  • AMS EC2
  • Ubuntu 18.04 LTS 20180814

Let’s Encrypt の導入手順

certbot のインストール

$ sudo apt-get update
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install -y python-certbot-nginx

certbot の実行

$ sudo certbot --nginx

自分のメアドを入力。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [YOUR_EMAIL]

利用規約に同意。

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

Let’s Encrypt からのメルマガを受け取る。

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

HTTPS 化させるドメインを選択。

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: [YOUR_DOMAIN]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1

常時 HTTPS にする。

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

以上で HTTPS 化完了!

ブラウザからドメインを叩いて、「HTTPS」になっていることを確認しましょう。

Source

兵庫県西宮市生まれのフリーランスRailsエンジニア。海外を拠点にデジタルノマド生活中。/ 前職・資格:公認会計士 / プログラミング言語:Ruby, JavaScript, HTML, CSS / 日本語・英語
コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です