ProHoster > Блог > Whakahaerenga > Aunoatanga o Kia Whakamuna te whakahaere tiwhikete SSL ma te whakamahi i te wero DNS-01 me te AWS
Aunoatanga o Kia Whakamuna te whakahaere tiwhikete SSL ma te whakamahi i te wero DNS-01 me te AWS
Ko te pou e whakaatu ana i nga huarahi ki te whakahaere aunoa i nga tiwhikete SSL mai i Kia Whakamuna CA whakamahi ana DNS-01 wero и AWS.
acme-dns-route53 he taputapu ka taea e tatou te whakatinana i tenei ahuatanga. Ka taea e ia te mahi me nga tiwhikete SSL mai i Let's Encrypt, tiakina i roto i te Kaiwhakahaere Tiwhikete Amazon, whakamahia te Route53 API ki te whakatinana i te wero DNS-01, a, ka mutu, pana whakamohiotanga ki SNS. IN acme-dns-route53 He mahi hanga-i roto ano hei whakamahi i roto i te AWS Lambda, koinei te mea e hiahiatia ana e matou.
Kua wehea tenei tuhinga kia 4 nga waahanga:
te hanga kōnae kōtui;
te hanga mahi IAM;
te hanga i te mahi lambda e rere ana acme-dns-route53;
te hanga i te matawā CloudWatch e whakaoho ana i te mahi 2 nga wa ia ra;
Ko te acme-dns-route53 kua tuhia ki GoLang me te tautoko i te putanga kaua e iti iho i te 1.9.
Me hanga e tatou he konae zip me te rua acme-dns-route53 roto. Ki te mahi i tenei me whakauru koe acme-dns-route53 mai i te putunga GitHub ma te whakamahi i te whakahau go install:
$ env GOOS=linux GOARCH=amd64 go install github.com/begmaroman/acme-dns-route53
Kua whakauruhia te rua ki roto $GOPATH/bin whaiaronga. Kia mahara mai i te wa o te whakaurunga i tohua e matou nga taiao rereke e rua: GOOS=linux и GOARCH=amd64. Ka whakamaramatia e ratou ki te Kaihoko Haere me hanga he takirua e tika ana mo te Linux OS me te hoahoanga amd64 - koinei te mea e rere ana i runga i te AWS.
Ko te tumanako a AWS ka tukuna to tatou hotaka ki roto i te konae zip, no reira me hanga acme-dns-route53.zip pūranga kei roto te rua hou kua whakauruhia:
$ zip -j ~/acme-dns-route53.zip $GOPATH/bin/acme-dns-route53
Tuhipoka: Me noho te rua ki te putake o te puranga zip. Mo tenei ka whakamahia e matou -j haki.
Inaianei kua reri to tatou ingoa īngoa kōtui mo te tuku, ko te mea e toe ana ko te hanga mahi me nga mana tika.
Te hanga mahi IAM
Me whakarite he mahi IAM me nga tika e hiahiatia ana e to tatou lambda i te wa e mahia ana.
Karangatia tenei kaupapa here lambda-acme-dns-route53-executor ka hoatu tonu ki a ia he mahi taketake AWSLambdaBasicExecutionRole. Ma tenei ka taea e taatau lambda te whakahaere me te tuhi i nga raarangi ki te ratonga AWS CloudWatch.
Tuatahi, ka hangaia e matou he konae JSON e whakaatu ana i o maatau tika. Ma tenei ka taea e nga ratonga lambda te whakamahi i te mahi lambda-acme-dns-route53-executor:
Inaianei me whakahaere te whakahau aws iam create-role ki te hanga tūranga:
$ aws iam create-role --role-name lambda-acme-dns-route53-executor
--assume-role-policy-document ~/lambda-acme-dns-route53-executor-policy.json
Tuhipoka: mahara ki te kaupapa here ARN (Amazon Resource Name) - ka hiahia tatou i nga waahanga e whai ake nei.
Tuhinga o mua lambda-acme-dns-route53-executor i hangaia, inaianei me tohu whakaaetanga mo tera. Ko te huarahi ngawari ki te mahi i tenei ko te whakamahi i te whakahau aws iam attach-role-policy, haere kaupapa here ARN AWSLambdaBasicExecutionRole e whai ake nei:
$ aws iam attach-role-policy --role-name lambda-acme-dns-route53-executor
--policy-arn arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Tuhipoka: ka kitea he rarangi me etahi atu kaupapa here konei.
Te hanga mahi lambda e rere ana acme-dns-route53
Hore! Inaianei ka taea e koe te tuku i ta maatau mahi ki te AWS ma te whakamahi i te whakahau aws lambda create-function. Me whirihora te lambda ma te whakamahi i nga taurangi taiao e whai ake nei:
AWS_LAMBDA - e whakamarama ana acme-dns-route53 ka puta taua mahi i roto i te AWS Lambda.