{"id":374,"date":"2018-03-20T05:02:03","date_gmt":"2018-03-19T20:02:03","guid":{"rendered":"https:\/\/blog.capilano-fw.com\/?p=374"},"modified":"2018-03-20T05:02:03","modified_gmt":"2018-03-19T20:02:03","slug":"%e6%84%8f%e5%a4%96%e3%81%a8%e7%b0%a1%e5%8d%98%ef%bc%81flask%e3%82%92https%e5%af%be%e5%bf%9c%e3%81%99%e3%82%8b%e6%96%b9%e6%b3%95%e3%80%90lets-encrypt%e3%80%91","status":"publish","type":"post","link":"https:\/\/blog.capilano-fw.com\/?p=374","title":{"rendered":"\u610f\u5916\u3068\u7c21\u5358\uff01Flask\u3092HTTPS\u5bfe\u5fdc\u3059\u308b\u65b9\u6cd5\u3010Let’s encrypt\u3011"},"content":{"rendered":"

\u524d\u56de\u306e\u8a18\u4e8b\u300cmod_wsgi\u3068httpd\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u6c17\u3092\u3064\u3051\u308b\u3079\u304d\u4e8b<\/a>\u300d\u3067\u3082\u66f8\u304d\u307e\u3057\u305f\u304c\u3001\u73fe\u5728\u3061\u3087\u3063\u3068\u3057\u305f\u6642\u9593\u3092\u898b\u3064\u3051\u3066\u500b\u4eba\u7684\u306bflask\u30b5\u30a4\u30c8<\/strong>\u3092\u69cb\u7bc9\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

\u305d\u3057\u3066\u3001\u3053\u306e\u958b\u767a\u3082\u4e00\u65e6\u5b8c\u4e86\u3057\u305f\u3093\u3067\u30b5\u30a4\u30c8\u3092\u516c\u958b\u3059\u308b\u3053\u3068\u306b\u3057\u307e\u3057\u305f\u3002\u6642\u4ee3\u306e\u6d41\u308c\u3092\u8003\u3048\u3066HTTPS\u5bfe\u5fdc<\/strong>\u306b\u3057\u305f\u304b\u3063\u305f\u306e\u3067\u3001\u3044\u3064\u3082\u304a\u4e16\u8a71\u306b\u306a\u3063\u3066\u3044\u308b\u7121\u6599\u30fb\u8a3c\u660e\u66f8\u767a\u884c\u30b5\u30fc\u30d3\u30b9\u306e\u3001Let’s encrypt<\/a>\u3092\u4f7f\u3063\u3066\u5b9f\u88c5\u3057\u307e\u3057\u305f\u3002<\/p>\n

\u6b63\u76f4\u8a00\u3046\u3068\u5c11\u3057\u624b\u9593\u53d6\u3063\u305f\u3093\u3067\u3059\u3051\u3069\u3001\u5168\u3066\u3046\u307e\u304f\u3044\u3051\u3070\uff11\uff10\u301c15\u5206\u3042\u308c\u3070\u4f5c\u696d\u306f\u5341\u5206\u5b8c\u4e86\u3067\u304d\u308b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n

\u3010\u5b9f\u88c5\u3057\u305f\u74b0\u5883\u3011
\nOS\uff1a CentOS 7<\/strong>
\n\u30a6\u30a7\u30d6\u30b5\u30fc\u30d0\u30fc\uff1a httpd\uff08apache2.4\uff09<\/strong><\/p>\n

Let’s encrypt\u306ecertbot\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b<\/h1>\n

\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3059\u308b\u305f\u3081\u306b\u5fc5\u8981\u306acertbot<\/strong>\u3068\u547c\u3070\u308c\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059\u3002<\/p>\n

\uff08\u300c\u3044\u3084\u3001\u305d\u308c\u5fc5\u8981\u306a\u3044\u308f\u300d\u3063\u3066\u4eba\u306f\u3001\u201dLet’s encrypt\u3067\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3059\u308b\u6d41\u308c\u201d\u3078\u6025\u3052\uff01\uff09<\/p>\n

\u4e00\u6614\u524d\u307e\u3067\u306f\u3001git\u304b\u3089\u30bd\u30fc\u30b9\u3092clone\u3057\u3066\u4f7f\u3046\u5fc5\u8981\u304c\u3042\u3063\u305f\u3093\u3067\u3059\u3051\u3069\u3001\u3082\u3046CentOS\u3060\u3068yum\u30d1\u30c3\u30b1\u30fc\u30b8\u306b\u3057\u3066\u304f\u308c\u3066\u307e\u3057\u305f\u3002<\/strong><\/p>\n

\u306a\u306e\u3067\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u4e00\u767a\u3067\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n

sudo yum install certbot-apache<\/strong><\/pre>\n
\u203b CentOS\u4ee5\u5916\u306e\u74b0\u5883\u3067\u3082\u5927\u4e08\u592b\uff01\u300ccertbot.eff.org<\/a>\u300d\u3068\u3044\u3046\u30b5\u30a4\u30c8\u304c\u3001\u81ea\u5206\u306e\u74b0\u5883\u3092\u9078\u3079\u3070\u3069\u3046\u3059\u3079\u304d\u304b\u6559\u3048\u3066\u304f\u308c\u308b\u3093\u3067\u3001\u3053\u308c\u3092\u4f7f\u3063\u3066\u307f\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
Let’s encrypt\u3067\u8a3c\u660e\u66f8\u3092\u53d6\u5f97\u3059\u308b\u6d41\u308c<\/h1>\n
\u3067\u306f\u3001\u307e\u305a\u306fLet’s encrypt\u304c\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b\u6d41\u308c\u304b\u3089\u3002<\/p>\n
\uff08\u300c\u3044\u3084\u3001\u305d\u308c\u5fc5\u8981\u306a\u3044\u308f\u300d\u3063\u3066\u4eba\u306f\u3001\u201d\u5b9f\u969b\u306e\u30b3\u30fc\u30c9\u201d\u3078\u6025\u3052\uff01\uff09<\/p>\n
Let’s encrypt \u306ewebroot\u3092\u4f7f\u3063\u305f\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306f\u3001\u4ee5\u4e0b\u306e\u6d41\u308c\u3067\u3042\u306a\u305f\u306e\u6240\u6709\u3057\u3066\u308b\u30b5\u30a4\u30c8\u304b\u3092\u30c1\u30a7\u30c3\u30af\u3057\u307e\u3059\u3002<\/p>\n
\uff11\uff0e\uff09 \u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u3092\u30b5\u30a4\u30c8\u5185\u306b\u4f5c\u6210<\/strong>
\n\uff12\uff0e\uff09 \u5916\u90e8\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3057\u3066\u672c\u5f53\u306b\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b\u304b\u30c1\u30a7\u30c3\u30af<\/strong>
\n\uff13\uff0e\uff09 \u30c1\u30a7\u30c3\u30af\u3092\u901a\u904e\u3057\u305f\u3089\u8a3c\u660e\u66f8\u3092\u767a\u884c<\/strong><\/p>\n
\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n
\u305d\u3057\u3066\u3001\uff12\u756a\u306e\u30a2\u30af\u30bb\u30b9\u3057\u3066\u304f\u308bURL\u306f\u3001<\/p>\n
http:\/\/***.com\/.well-known\/acme-challenge\/***********<\/strong><\/pre>\n
\u3067\u3059\u3002<\/p>\n
\u306a\u306e\u3067\u3001\u3053\u306eURL\u306b\u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u8eab\u304c\u8868\u793a\u3055\u308c\u308b\u3088\u3046\u3001flask\u306e\u65b9\u3067\u8abf\u6574\u3057\u3066\u3084\u308b\u5fc5\u8981\u304c\u3042\u308b\u308f\u3051\u3067\u3059\u306d\u3002<\/p>\n
\u5b9f\u969b\u306e\u30b3\u30fc\u30c9<\/h1>\n
\u307e\u305a\u306f\u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u3092\u4fdd\u5b58\u3059\u308b\u305f\u3081\u306e\u30d5\u30a9\u30eb\u30c0\u3092\u4f5c\u308a\u307e\u3059\u3002\uff08\u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u306f\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3068\u3057\u3066\u8aad\u307f\u8fbc\u3053\u3080\u3088\u3046\u306b\u3057\u307e\u3059\uff09<\/p>\n
\/templates\/.well-known<\/strong><\/pre>\n
\u203b \u5b9f\u969b\u306b\u306fcertbot\u304c\u3053\u3053\u306b\u300cacme-challenge\u300d\u30d5\u30a9\u30eb\u30c0\u3092\u4f5c\u308a\u3001\u305d\u306e\u4e2d\u3078\u4e00\u6642\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3053\u3068\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n
\u3067\u306f\u3001\u6b21\u306bapp.py<\/strong>\u306b\u4f5c\u308broute<\/strong>\u3067\u3059\u3002<\/p>\n
# Let's encrypt\r\n\r\n@app.route('\/.well-known\/acme-challenge\/<filename>')<\/strong>\r\ndef well_known(filename):<\/strong>\r\n    return render_template('.well-known\/acme-challenge\/'+ filename)<\/strong><\/pre>\n
Let’s encrypt \u304c\u30a2\u30af\u30bb\u30b9\u3057\u3066\u304f\u308bURL\u304b\u3089\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u53d6\u5f97\u3057\u3066\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3068\u3057\u3066\u547c\u3073\u51fa\u3059\u3060\u3051\u3067\u3059\u306d\u3002<\/p>\n
\u8a3c\u660e\u66f8\u3092\u767a\u884c\u3059\u308b<\/h1>\n
\u3042\u3068\u306f\u3001\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305fcertbot\u306b\u5fc5\u8981\u306a\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u4ed8\u3051\u3066\u30a8\u30f3\u30bf\u30fc\u30ad\u30fc\u3092\u300c\u30bf\u30fc\u30f3\u30c3\uff01\u300d\u3059\u308b\u3060\u3051\u3067\u3059\u3002<\/p>\n
sudo certbot certonly --webroot -w \/var\/www\/html\/***\/templates\/ -d example.com<\/strong><\/pre>\n
\u3042\u3068\u306f\u3001\u6b21\u306e\u3088\u3046\u306bhttpd\u306econf\u30d5\u30a1\u30a4\u30eb\u3078\u8a18\u8ff0\u3057\u3066\u3042\u3052\u3066\u518d\u8d77\u52d5\u3059\u308c\u3070OK\u3067\u3059\u3002<\/p>\n
NameVirtualHost *:443<\/strong>\r\n\r\n<VirtualHost *:443><\/strong>\r\n  SSLEngine on<\/strong>\r\n  SSLCertificateFile \/etc\/letsencrypt\/live\/example.com\/cert.pem<\/strong>\r\n  SSLCertificateChainFile \/etc\/letsencrypt\/live\/example.com\/chain.pem<\/strong>\r\n  SSLCertificateKeyFile \/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/strong>\r\n  ServerName example.com<\/strong>\r\n  WSGIScriptAlias \/ \/var\/www\/html\/***\/***.wsgi<\/strong>\r\n  WSGIApplicationGroup %{GLOBAL}<\/strong>\r\n  <Directory \/var\/www\/html\/***><\/strong>\r\n    Require all granted<\/strong>\r\n  <\/Directory><\/strong>\r\n<\/VirtualHost><\/strong><\/pre>\n
\u203bfirewall\u3068\u304b\u3092\u8a2d\u5b9a\u3057\u3066\u308b\u4eba\u306f\u3001\u305d\u3063\u3061\u3067\u30dd\u30fc\u30c8\u306e\u8a2d\u5b9a\u3068\u304b\u3082\u3057\u3066\u304f\u3060\u3055\u3044\u306d\u3002<\/p>\n
\u3055\u3041\u3001\u3053\u308c\u3067\u5168\u3066\u5b8c\u4e86\u3067\u3059\uff01
\n\u307f\u306a\u3055\u3093\u3082flask\u3067\u30b5\u30a4\u30c8\u3065\u304f\u308a\u3092\u697d\u3057\u3093\u3067\u307f\u3066\u306f\u3044\u304b\u304c\u3067\u3057\u3087\u3046\u304b\u266a<\/p>\n
\u3067\u306f\u3067\u306f\u301c\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
\u524d\u56de\u306e\u8a18\u4e8b\u300cmod_wsgi\u3068httpd\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u6c17\u3092\u3064\u3051\u308b\u3079\u304d\u4e8b\u300d\u3067\u3082\u66f8\u304d\u307e\u3057\u305f\u304c\u3001\u73fe\u5728\u3061\u3087\u3063\u3068\u3057\u305f\u6642\u9593\u3092\u898b\u3064\u3051\u3066\u500b\u4eba\u7684\u306bflask\u30b5\u30a4\u30c8\u3092\u69cb\u7bc9\u3057\u3066\u3044\u307e … <\/p>\n
“\u610f\u5916\u3068\u7c21\u5358\uff01Flask\u3092HTTPS\u5bfe\u5fdc\u3059\u308b\u65b9\u6cd5\u3010Let’s encrypt\u3011” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":377,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39],"tags":[51,53],"class_list":["post-374","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-python","tag-flask","tag-httpd"],"_links":{"self":[{"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=\/wp\/v2\/posts\/374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=374"}],"version-history":[{"count":1,"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=\/wp\/v2\/posts\/374\/revisions"}],"predecessor-version":[{"id":376,"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=\/wp\/v2\/posts\/374\/revisions\/376"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=\/wp\/v2\/media\/377"}],"wp:attachment":[{"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.capilano-fw.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}