1.route53の設定
言うまでもなさそうなので端折ります。
2.nginxのインストール
extrasからnginxをインストール
sudo amazon-linux-extras install nginx1
3.lets encrypt導入
こちらを参考にした qiita.com
cd /var/www git clone https://github.com/certbot/certbot cd certbot cp certbot-auto certbot-auto.bak vi certbot-auto
# before
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
# after
elif grep -i "Amazon Linux" /etc/issue > /dev/null 2>&1 || \
grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
書き換えたら実行
./certbot-auto certonly --standalone --no-self-upgrade -d your.domain -m xxx@your.domain --agree-tos --debug
4.nginx設定
basic認証の準備
sudo yum install httpd-tools
cd /etc/nginx/conf.d sudo vi app_name.conf
error_log /var/www/rails/app_name/log/nginx.error.log;
access_log /var/www/rails/app_name/log/nginx.access.log;
client_max_body_size 2G;
upstream app_server {
server unix:/var/www/rails/app_name/tmp/sockets/.unicorn.sock fail_timeout=0;
}
server {
listen 443 ssl;
server_name your.domain;
ssl_certificate /etc/letsencrypt/live/your.domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your.domain/privkey.pem;
keepalive_timeout 5;
root /var/www/rails/app_name/public;
try_files $uri/index.html $uri.html $uri @app;
location @app {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header X_FORWARDED_SSL on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /var/www/rails/app_name/public;
}
}
設定は適宜変更
5.unicornの起動
冗談はさておき
bundle exec unicorn_rails -c /var/www/rails/app_name/config/unicorn.conf.rb -D -E production
以上!
