refirio.org

Memo

メモ > 技術 > サービス: AmazonSNS > 環境の確認

環境の確認
サーバサイドの環境は、通常のLAMPでいい。 AmazonSNSのためにAWSのSDKを使用するので、PHPはその時点での最新版を使うことが推奨される。 DockerやVagrantで環境を構築することも可能。 ただしアプリからPHPにアクセスさせたい場合、当然ながら同一LAN内の他端末からアクセスできるようにしておく必要がある。 curlコマンドやPHPで通信を行うため、まずは環境を確認する。 PHP curlでHTTP/2リクエストを実行するための設定 on CentOS 7 | 稲葉サーバーデザイン https://inaba-serverdesign.jp/blog/20171011/php_curl_http2_centos7.html Amazon Linux 2 なら特別な更新作業なしにPHP+curlでHTTP/2リクエストを送信できた。 以下は2021年9月に構築した Amazon Linux 2。PHPはExtrasリポジトリからインストールしたもの。
$ cat /etc/system-release Amazon Linux release 2 (Karoo) $ openssl version OpenSSL 1.0.2k-fips 26 Jan 2017 $ php --version PHP 7.4.21 (cli) (built: Jul 7 2021 17:35:08) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies $ curl --version curl 7.76.1 (x86_64-koji-linux-gnu) libcurl/7.76.1 OpenSSL/1.0.2k-fips zlib/1.2.7 libidn2/2.3.0 libssh2/1.4.3 nghttp2/1.41.0 Release-Date: 2021-04-14 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL UnixSockets $ php -r 'phpinfo();' | grep SSL SSL => Yes MULTI_SSL => No SSL Version => OpenSSL/1.0.2k-fips core SSL => supported extended SSL => supported OpenSSL support => enabled OpenSSL Library Version => OpenSSL 1.0.2k-fips 26 Jan 2017 OpenSSL Header Version => OpenSSL 1.0.2k 26 Jan 2017 Native OpenSSL support => enabled OpenSSL => Stig Venaas, Wez Furlong, Sascha Kettler, Scott MacVicar $ curl -vso /dev/null --http2 https://www.google.co.jp/ * Trying 142.250.207.3:443... * Connected to www.google.co.jp (142.250.207.3) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.2 (IN), TLS handshake, Server hello (2): { [96 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [4009 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [149 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=*.google.co.jp * start date: Aug 14 08:23:49 2023 GMT * expire date: Nov 6 08:23:48 2023 GMT * subjectAltName: host "www.google.co.jp" matched cert's "*.google.co.jp" * issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 } [5 bytes data] * Using Stream ID: 1 (easy handle 0xc26600) } [5 bytes data] > GET / HTTP/2 > Host: www.google.co.jp > user-agent: curl/7.76.1 > accept: */* > { [5 bytes data] < HTTP/2 200 < date: Fri, 15 Sep 2023 02:02:38 GMT < expires: -1 < cache-control: private, max-age=0 < content-type: text/html; charset=Shift_JIS < content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-DzUUpbjjm6zwKLvJsasAFA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp < p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." < server: gws < x-xss-protection: 0 < x-frame-options: SAMEORIGIN < set-cookie: 1P_JAR=2023-09-15-02; expires=Sun, 15-Oct-2023 02:02:38 GMT; path=/; domain=.google.co.jp; Secure < set-cookie: AEC=Ad49MVHajKAOpVrRPnIwK-msTAiUwUdGNpMKT8SiU444GjxwuDuApwL2r1s; expires=Wed, 13-Mar-2024 02:02:38 GMT; path=/; domain=.google.co.jp; Secure; HttpOnly; SameSite=lax < set-cookie: NID=511=Mo9ACzb5BLQ6s--enshWZGJ_aJR9z59-J1ozzZNJWiSssDdTS7aihWx6tURtjsq3eGVjb_dk9RjUyAIEg_9R2R5wU5pxOJ8LNElZliyyHn8WNYgt7gk0Tc53ytT3dTvVGm6mrFv9GLgQoqP8bl9NX90MEIQKDpIh8QW4fSGWmEI; expires=Sat, 16-Mar-2024 02:02:38 GMT; path=/; domain=.google.co.jp; HttpOnly < alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 < accept-ranges: none < vary: Accept-Encoding < { [5 bytes data] * Connection #0 to host www.google.co.jp left intact
PHPプログラムからもcurlコマンドを実行できることを確認しておく。 (ファイルの文字コードは UTF-8N にする。)
$ cat curl_test.php <?php if (!defined('CURL_HTTP_VERSION_2_0')) { define('CURL_HTTP_VERSION_2_0', CURL_HTTP_VERSION_1_1 + 1); } $url = 'https://www.google.co.jp/'; $opts = [ CURLOPT_VERBOSE => true, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_2_0, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_SSL_VERIFYPEER => false ]; $ch = curl_init($url); curl_setopt_array($ch, $opts); curl_exec($ch); curl_close($ch);
以下のとおり実行できる。 Googleのページデータを取得できれば成功。
$ php curl_test.php * Trying 142.250.207.3:443... * Connected to www.google.co.jp (142.250.207.3) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=*.google.co.jp * start date: Aug 14 08:23:49 2023 GMT * expire date: Nov 6 08:23:48 2023 GMT * issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x5647b92d6360) > GET / HTTP/2 Host: www.google.co.jp accept: */* < HTTP/2 200 < date: Fri, 15 Sep 2023 02:05:51 GMT < expires: -1 < cache-control: private, max-age=0 < content-type: text/html; charset=Shift_JIS < content-security-policy-report-only: object-src 'none';base-uri 'self';script-src 'nonce-24lYDgFlIXzIPGj39wOGtg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp < p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." < server: gws < x-xss-protection: 0 < x-frame-options: SAMEORIGIN < set-cookie: 1P_JAR=2023-09-15-02; expires=Sun, 15-Oct-2023 02:05:51 GMT; path=/; domain=.google.co.jp; Secure < set-cookie: AEC=Ad49MVF7GxHzcpVDA9KugVDkq5bfulVFD1MIxyXAX1eiBjjLbYVtTJQSbbg; expires=Wed, 13-Mar-2024 02:05:51 GMT; path=/; domain=.google.co.jp; Secure; HttpOnly; SameSite=lax < set-cookie: NID=511=FIn9mttV5kF9-t52WJGMQ0HJ-Xv6yfwXkFsqSvpBpk0Zg5dSu352hgAPCiCUQwjogG8WOrHCjB7Z3R3dp7fBl8CSYlqJjMWYzPOR0tfzluNlpB_8fNyLBH-6WBN1x3W97kormoZ0U8BGfcwLR9Yc_vQsAxPrktYJOYbWpQHC2Ew; expires=Sat, 16-Mar-2024 02:05:51 GMT; path=/; domain=.google.co.jp; HttpOnly < alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 < accept-ranges: none < vary: Accept-Encoding < <!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="ja"><head> 〜〜中略 </body></html>* Connection #0 to host www.google.co.jp left intact

Advertisement