{"id":1817,"date":"2016-01-18T23:34:37","date_gmt":"2016-01-18T14:34:37","guid":{"rendered":"https:\/\/ecpplus.net\/weblog\/?p=1817"},"modified":"2020-06-06T19:32:11","modified_gmt":"2020-06-06T10:32:11","slug":"lets-encrypt-on-caddy","status":"publish","type":"post","link":"https:\/\/ecpplus.net\/weblog\/lets-encrypt-on-caddy\/","title":{"rendered":"Let&#8217;s Encrypt \u3092 Caddy \u3067\u7c21\u5358\u306b\u4f7f\u3046"},"content":{"rendered":"<p><a class=\"wp-editor-md-post-content-link\" href=\"https:\/\/caddyserver.com\">Caddy<\/a> \u3068\u3044\u3046 web server \u304c\u30c7\u30d5\u30a9\u30eb\u30c8TLS\u3068\u3044\u3046\u30dd\u30ea\u30b7\u30fc\u3067\u3001<a class=\"wp-editor-md-post-content-link\" href=\"https:\/\/letsencrypt.org\/\">Let&#8217;s Encrypt<\/a> \u3092\u7c21\u5358\u306b\u8a2d\u5b9a\u51fa\u6765\u3066\u3001\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u3092\u3057\u3066\u304f\u308c\u308b\u3088\u3046\u3060\u3063\u305f\u306e\u3067\u4f7f\u3063\u3066\u307f\u305f\u3002Let&#8217;s Encrypt \u306f\u7121\u6599\u3067TLS\u8a3c\u660e\u66f8\u4f7f\u3048\u308b\u30b5\u30fc\u30d3\u30b9\u3067\u3059\u3002<\/p>\n<p><a class=\"wp-editor-md-post-content-link\" href=\"http:\/\/www.vultr.com\/?ref=6869445\">Vultr<\/a>\u306eVPS\u3092\u4f7f\u3063\u3066\u307f\u305f\u3089\u3001Documents\u306bCaddy\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306b\u3064\u3044\u3066\u8f09\u3063\u3066\u305f\u306e\u3067\u77e5\u308a\u307e\u3057\u305f\u3002<a class=\"wp-editor-md-post-content-link\" href=\"http:\/\/www.vultr.com\/?ref=6869445\">Vultr<\/a> \u306e Tokyo \u30ea\u30fc\u30b8\u30e7\u30f3\u826f\u3055\u305d\u3046\u3067\u3059\u306d\u3002<\/p>\n<h2>Caddy \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n<p><a class=\"wp-editor-md-post-content-link\" href=\"https:\/\/caddyserver.com\/download\">https:\/\/caddyserver.com\/download<\/a> \u304b\u3089\u3001\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3059\u308b\u3068\u30d0\u30a4\u30ca\u30ea\u304c\u843d\u3061\u3066\u304f\u308b\u306e\u3067\u3001\u305d\u308c\u3092\u5b9f\u884c\u3059\u308b\u3060\u3051\u3067\u3059\u3002\u30d0\u30a4\u30ca\u30ea\u751f\u6210\u6642\u306b\u3001Select Features \u3068\u3057\u3066\u3001\u8ffd\u52a0\u6a5f\u80fd\u3092\u5165\u308c\u308b\u4e8b\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>Caddy \u306e\u8a2d\u5b9a<\/h2>\n<p><code>\/path\/to\/caddy.conf<\/code><\/p>\n<pre><code class=\"line-numbers\">hoge.example.com {\n  tls hoge@example.com\n}\n<\/code><\/pre>\n<p>\u6700\u5c0f\u69cb\u6210\u3060\u3068\u3001\u30c9\u30e1\u30a4\u30f3\u306b\u5bfe\u3057\u3066\u81ea\u5206\u306e\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u8a2d\u5b9a\u3057\u305f\u3089\u52d5\u304f\u307f\u305f\u3044\u3067\u3059\u3002<code>ecpplus.net<\/code> \u306e\u30c9\u30e1\u30a4\u30f3\u3060\u3068\u52d5\u3044\u305f\u3051\u308c\u3069\u3001 <code>ecp.plus<\/code> \u306e\u30c9\u30e1\u30a4\u30f3\u3060\u3068\u52d5\u304b\u306a\u304b\u3063\u305f\u3002\u3042\u307e\u308a\u8abf\u3079\u3066\u3044\u306a\u3044\u3051\u308c\u3069\u3001Let&#8217;s Encrypt \u5074\u3067\u4f55\u304b\u3084\u308b\u5fc5\u8981\u304c\u3042\u308a\u305d\u3046\u3002<\/p>\n<h2>Caddy \u306e\u8d77\u52d5<\/h2>\n<p>80, 443 \u30dd\u30fc\u30c8\u3092Listen\u3059\u308b\u306e\u3067\u3001setcap \u3057\u3066\u304a\u304f\u304b\u3001sudo \u3067\u306e\u5b9f\u884c\u304c\u5fc5\u8981\u3067\u3059\u3002<\/p>\n<pre><code class=\"line-numbers\">sudo setcap cap_net_bind_service=+ep \/path\/to\/caddy\n\/path\/to\/caddy --conf \/path\/to\/caddy.conf -agree=true\n<\/code><\/pre>\n<p><code>-agree<\/code> \u306f\u3001Agree to Let&#8217;s Encrypt Subscriber Agreement \u3067\u3001<code>-email<\/code>\u306f Default Let&#8217;s Encrypt account email address \u3068\u306e\u3053\u3068\u3067\u3059\u3002<\/p>\n<p>\u3053\u308c\u3067\u3001 https:\/\/hoge.example.com \u3068\u3057\u3066\u30b5\u30fc\u30d0\u304c\u7acb\u3061\u4e0a\u304c\u308a\u307e\u3059\u3002http \u3067\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3082\u81ea\u52d5\u7684\u306b https \u306b\u9077\u79fb\u3057\u307e\u3059\u3002<\/p>\n<h2>Caddy \u306e\u30b3\u30de\u30f3\u30c9\u5f15\u6570<\/h2>\n<pre><code class=\"language-bash line-numbers\">$ caddy --help\nUsage of caddy:\n  -agree=false: Agree to Let's Encrypt Subscriber Agreement\n  -ca=\"https:\/\/acme-v01.api.letsencrypt.org\/directory\": Certificate authority ACME server\n  -conf=\"\": Configuration file to use (default=Caddyfile)\n  -cpu=\"100%\": CPU cap\n  -email=\"\": Default Let's Encrypt account email address\n  -grace=5s: Maximum duration of graceful shutdown\n  -host=\"\": Default host\n  -http2=true: HTTP\/2 support\n  -log=\"\": Process log file\n  -pidfile=\"\": Path to write pid file\n  -port=\"2015\": Default port\n  -quiet=false: Quiet mode (no initialization output)\n  -revoke=\"\": Hostname for which to revoke the certificate\n  -root=\".\": Root path to default site\n  -version=false: Show version\n<\/code><\/pre>\n<h2>Caddy \u306e\u6a5f\u80fd<\/h2>\n<p><a class=\"wp-editor-md-post-content-link\" href=\"https:\/\/caddyserver.com\/docs\">https:\/\/caddyserver.com\/docs<\/a> \u306b\u3001\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u6c17\u306b\u306a\u3063\u305f\u6a5f\u80fd<\/p>\n<ul>\n<li><code>markdown<\/code> \u3067\u3001Caddy \u81ea\u4f53\u304c Markdown \u3092 HTML \u306b\u5909\u63db\u3057\u3066\u304f\u308c\u308b\u3002\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306e\u6307\u5b9a\u3082\u3067\u304d\u308b\u3002\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u5165\u3063\u3066\u308b\u306e\u306f\u9762\u767d\u3044\u304b\u3082\u3002<\/li>\n<li><code>git<\/code>\u3067\u3001<code>git push<\/code> \u3067\u81ea\u52d5\u7684\u306b\u30b5\u30a4\u30c8\u66f4\u65b0\u51fa\u6765\u308b\u306e\u3067\u3001<code>markdown<\/code> \u3068\u5408\u308f\u305b\u3066\u304a\u624b\u8efd\u306a\u30b5\u30a4\u30c8\u306b\u4fbf\u5229\u305d\u3046\u3002<\/li>\n<li><code>gzip<\/code> \u306f\u4f7f\u3048\u308b\u307d\u3044\u3067\u3059\u304c\u3001\u30ad\u30e3\u30c3\u30b7\u30e5\u7cfb\u306e\u6a5f\u80fd\u306f\u307e\u3060\u306a\u3044\u3063\u307d\u3044\u306e\u3067\u3001\u73fe\u72b6\u3060\u3068\u5225\u3067\u7528\u610f\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u305d\u3046\u3067\u3059\u3002<\/li>\n<li><code>fastcgi<\/code> \u3067\u6307\u5b9a\u3059\u308c\u3070\u3001\u88cf\u3067Wordpress\u3068\u304b\u52d5\u304b\u3057\u3066\u3082\u5927\u4e08\u592b\u305d\u3046\u3067\u3059\u3002<\/li>\n<li><code>proxy<\/code> \u3067\u30ea\u30d0\u30fc\u30b9\u30d7\u30ed\u30ad\u30b7\u306e\u8a2d\u5b9a\u3082\u3067\u304d\u308b\u306e\u3067\u3001Rails \u3068\u304b\u88cf\u306b\u304a\u3044\u3066\u3082\u5927\u4e08\u592b\u305d\u3046\u3067\u3059\u3002<\/li>\n<li><code>websocket<\/code> \u3067\u3001WebSocket \u306e\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u304c\u5f35\u3089\u308c\u305f\u3068\u304d\u306b\u5b9f\u884c\u3059\u308b\u30b3\u30de\u30f3\u30c9\u304c\u6307\u5b9a\u3067\u304d\u308b\u3002<\/li>\n<li><code>startup<\/code>, <code>shutdown<\/code> \u3067\u3001\u8d77\u52d5\u30fb\u505c\u6b62\u6642\u306b\u4efb\u610f\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3002\u4f8b\u3048\u3070 Rails \u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30b5\u30fc\u30d0\u3092\u7acb\u3061\u4e0a\u3052\u308b\u3068\u304b\u3002<\/li>\n<\/ul>\n<p>\u5b89\u3044TLS\u8a3c\u660e\u66f8\u4f7f\u3063\u3066\u305f\u3051\u3069\u3001\u5931\u52b9\u3057\u305f\u3089\u4e57\u308a\u63db\u3048\u3066\u3082\u826f\u3044\u304b\u3082\u3068\u3044\u3046\u611f\u3058\u304c\u3057\u307e\u3057\u305f\u3002<\/p>\n<h2>Rails5 \u3067\u4f7f\u3046\u5834\u5408<\/h2>\n<p>ActionCable \u8a66\u3057\u3066\u306a\u3044\u3051\u3069\u3001Websocket \u306e\u8a2d\u5b9a\u3082\u51fa\u6765\u308b\u306e\u3067\u591a\u5206\u3044\u3051\u305d\u3046\u3002\u3068\u308a\u3042\u3048\u305a\u3001 \/assets \/system \u3060\u3051 Caddy \u3067\u8fd4\u3057\u3066\u3001\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u306f Unicorn \u3068\u304b Puma \u3068\u304b\u3092 9292 \u756a\u30dd\u30fc\u30c8\u52d5\u304b\u3057\u3066\u308b\u5834\u5408\u306e\u8a2d\u5b9a\u4f8b\u3002proxy_header \u3092\u9069\u5207\u306b\u8a2d\u5b9a\u3057\u306a\u3044\u3068\u3001 redirect_to \u3068\u304b\u3055\u305b\u305f\u3068\u304d\u306b\u304a\u304b\u3057\u306a\u3053\u3068\u306b\u306a\u308b\u306e\u3067\u6ce8\u610f\u3002<\/p>\n<pre><code class=\"line-numbers\">example.com {\n  gzip\n  tls caddy@example.com\n  log \/var\/log\/access.log\n\n  root \/var\/www\/rails_root\/current\/public\n\n  proxy \/ localhost:9292 {\n    proxy_header Host {host}\n    proxy_header X-Real-IP {remote}\n    proxy_header X-Forwarded-Proto {scheme}\n    except \/assets \/system\n  }\n}\n\n<\/code><\/pre>\n<h2>Daemonize<\/h2>\n<p>caddy \u81ea\u8eab\u3067\u306f\u30c7\u30fc\u30e2\u30f3\u3068\u3057\u3066\u8d77\u52d5\u51fa\u6765\u306a\u3044\u3088\u3046\u3060\u3002 supervisord \u3092\u4f7f\u3063\u3066 daemon \u306b\u3057\u3066\u307f\u305f\u3002<\/p>\n<p>\/etc\/supervisord.d\/caddy.ini<\/p>\n<pre><code class=\"line-numbers\">[program:caddy]\ncommand=\/usr\/local\/bin\/caddy -conf=\"\/etc\/Caddyfile\" -agree=true\ndirectory=\/var\/www\/rails_root\/current\/public\nautostart=true\nuser=root\nredirect_stderr=true\nstdout_logfile=\/var\/log\/caddy.log\nstderr_logfile=\/var\/log\/caddyerr.log\n<\/code><\/pre>\n<p>\/etc\/supervisord.conf<\/p>\n<pre><code class=\"line-numbers\">[supervisord]\nminfds=4096\n<\/code><\/pre>\n<p>caddy \u3092\u8d77\u52d5\u3059\u308b\u3068\u304d\u3001\u5c11\u306a\u304f\u3068\u3082 <code>ulimit -n 4096<\/code> \u306b\u3057\u308d\u3068\u8a00\u308f\u308c\u308b\u306e\u3067\u3001supervisord \u306e\u65b9\u3067\u6307\u5b9a\u3057\u3066\u304a\u304f\u3068\u826f\u3044\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Caddy \u3068\u3044\u3046 web server \u304c\u30c7\u30d5\u30a9\u30eb\u30c8TLS\u3068\u3044\u3046\u30dd\u30ea\u30b7\u30fc\u3067\u3001Let&#8217;s Encrypt \u3092\u7c21\u5358\u306b\u8a2d\u5b9a\u51fa\u6765\u3066\u3001\u8a3c\u660e\u66f8\u306e\u81ea\u52d5\u66f4\u65b0\u3092\u3057\u3066\u304f\u308c\u308b\u3088\u3046\u3060\u3063\u305f\u306e\u3067\u4f7f\u3063\u3066\u307f\u305f\u3002Let&#8217;s En [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2306,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[7],"class_list":["post-1817","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-development","tag-linux"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/posts\/1817","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/comments?post=1817"}],"version-history":[{"count":14,"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/posts\/1817\/revisions"}],"predecessor-version":[{"id":2317,"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/posts\/1817\/revisions\/2317"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/media\/2306"}],"wp:attachment":[{"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/media?parent=1817"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/categories?post=1817"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ecpplus.net\/weblog\/wp-json\/wp\/v2\/tags?post=1817"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}