# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
H2O
# cat << 'EOF' >> /etc/yum.repos.d/h2o.repo
[bintray-tatsushid-h2o-rpm]
name=bintray-tatsushid-h2o-rpm
baseurl=https://dl.bintray.com/tatsushid/h2o-rpm/centos/$releasever/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1
EOF
# yum -y install h2o
# systemctl enable h2o
lotatelogs を使いたいので httpd もインストールしとく
# yum -y install httpd
Let's Encrypt とやりとりするする必要があるので、とりあえず http で動かす
/etc/h2o/h2o.conf
user: nobody
server-name: h2o
pid-file: /var/run/h2o/h2o.pid
error-log: "| rotatelogs /var/log/h2o/error.%Y%m%d 86400"
access-log: "| rotatelogs /var/log/h2o/access.%Y%m%d 86400"
hosts:
"*.oppara.tv:80":
listen:
port: 80
paths:
"/":
file.dir: /srv/oppara.tv/htdocs
設定をチェックして起動
# h2o -t -c h2o.conf
# systemctl start h2o
Let's Encrypt
# yum -y install certbot
# certbot certonly --webroot -w /srv/oppara.tv/htdocs -d oppara.tv -d www.oppara.tv --agree-tos
# ls -l /etc/letsencrypt/live
削除する場合は以下
# certbot delete --cert-name oppara.tv
H2O 設定
/etc/h2o/h2o.conf
user: nobody
server-name: h2o
pid-file: /var/run/h2o/h2o.pid
error-log: "| rotatelogs /var/log/h2o/error.%Y%m%d 86400"
access-log: "| rotatelogs /var/log/h2o/access.%Y%m%d 86400"
hosts:
"*.oppara.tv:443":
listen:
port: 443
ssl:
certificate-file: /etc/letsencrypt/live/oppara.tv/fullchain.pem
key-file: /etc/letsencrypt/live/oppara.tv/privkey.pem
cipher-suite: "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
cipher-preference: server
paths:
"/":
file.dir: /srv/oppara.tv/htdocs
"*.oppara.tv:80":
listen:
port: 80
paths:
"/":
redirect: "https://oppara.tv/"
# systemctl restart h2o
自動更新設定
dry-run
# certbot renew --post-hook "systemctl restart h2o" --dry-run
# crontab -l
03 05 01 * * /bin/certbot renew --post-hook "systemctl restart h2o"