LoginSignup
19
15

More than 3 years have passed since last update.

@kooohei(Kohei Yamada)inハンジュ株式会社

bitnami redmineにSSL証明書(Let's Encrypt)を導入する

Posted at

はじめに

bitnamiにはSSL証明書(Let's Encrypt)を導入するためのツールがあります。
今回はそれを使って導入しようと思います。

SSL証明書の導入

bncert-toolを実行します。

bncert-tool
$ sudo /opt/bitnami/bncert-tool 
----------------------------------------------------------------------------
Welcome to the Bitnami HTTPS Configuration tool.

----------------------------------------------------------------------------
Domains

Please provide a valid space-separated list of domains for which you wish to 
configure your web server.

ドメイン名を入力します。

bncertt-tool
Domain list []: hoge.hengjiu.jp

www付きのマルチドメインに対応するかを聞かれますが、とりあえず今回はNoにしておきます。

bncertt-tool
The following domains were not included: www.hoge.hengjiu.jp. Do you want to add them? [Y/n]: n

Warning: No www domains (e.g. www.example.com) or non-www domains (e.g. 
www.example.com) have been provided, so the following redirections will be 
disabled: non-www to www, www to non-www.
Press [Enter] to continue:

----------------------------------------------------------------------------
Enable/disable redirections

HTTP→HTTPSへのリダイレクト設定を行うかどうか聞かれるので「y」で同意します。

bncertt-tool
Please select the redirections you wish to enable or disable on your Bitnami 
installation.



Enable HTTP to HTTPS redirection [Y/n]: y


----------------------------------------------------------------------------
Changes to perform

反映するために「以下の手順で再起動しますよ」ということなので「y」で再起動を行います。

bncertt-tool
The following changes will be performed to your Bitnami installation:

1. Stop web server
2. Configure web server to use a free Let's Encrypt certificate for the domains: 
hoge.hengjiu.jp
3. Configure a cron job to automatically renew the certificate each month
4. Configure web server name to: hoge.hengjiu.jp
5. Enable HTTP to HTTPS redirection (example: redirect http://hoge.hengjiu.jp 
to https://hoge.hengjiu.jp)
6. Start web server once all changes have been performed



Do you agree to these changes? [Y/n]: y


----------------------------------------------------------------------------
Create a free HTTPS certificate with Let's Encrypt

証明書の期限が近づいた際に更新通知を送るメールアドレスを登録します。

bncertt-tool
Please provide a valid e-mail address for which to associate your Let's Encrypt 
certificate.

Domain list: hoge.hengjiu.jp

Server name: hoge.hengjiu.jp

E-mail address []: xxxxx@hengjiu.jp

下記のサイトに記載されている内容を確認の上「y」で同意します。

bncertt-tool
The Let's Encrypt Subscriber Agreement can be found at:

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

Do you agree to the Let's Encrypt Subscriber Agreement? [Y/n]: y


----------------------------------------------------------------------------
Performing changes to your installation

The Bitnami HTTPS Configuration Tool will perform any necessary actions to your 
Bitnami installation. This may take some time, please be patient.

----------------------------------------------------------------------------
Success

以上で導入完了です。バックアップファイルとログファイルの場所が以下に表示されます。
ひととおり確認したらEnterで終了します。

bncertt-tool
The Bitnami HTTPS Configuration Tool succeeded in modifying your installation.

The configuration report is shown below.

Backup files:
* /opt/bitnami/apache2/conf/httpd.conf.back.202001140617
* /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf.back.202001140617
* /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back.202001140617

Find more details in the log file:

/tmp/bncert-202001140617.log

If you find any issues, please check Bitnami Support forums at:

https://community.bitnami.com

Press [Enter] to continue:

証明書にwwwドメインを追加する

やっぱりwwwドメインも追加したいという場合もbncert-toolで追加することが可能です。
導入したサイト同じようにツールを実行します。

bncert-tool
$ sudo /opt/bitnami/bncert-tool 
----------------------------------------------------------------------------
Welcome to the Bitnami HTTPS Configuration tool.

----------------------------------------------------------------------------
Domains

追加するドメインを入力し、追加しますかと聞かれるので「y」で同意します。

bncertt-tool
Please provide a valid space-separated list of domains for which you wish to 
configure your web server.

Domain list []: www.hoge.hengjiu.jp

The following domains were not included: hoge.hengjiu.jp. Do you want to add them? [Y/n]: y

----------------------------------------------------------------------------
Enable/disable redirections

HTTP→HTTPSへのリダイレクト設定を行うかどうか聞かれるので「y」で同意します。
また、non-www→wwwへのリダイレクトへも聞かれるのでこれも「y」にしておきます。
www→non-wwwは「n」にしておきます。

bncertt-tool
Please select the redirections you wish to enable or disable on your Bitnami 
installation.



Enable HTTP to HTTPS redirection [Y/n]: y




Enable non-www to www redirection [Y/n]: y




Enable www to non-www redirection [Y/n]: n


----------------------------------------------------------------------------
Changes to perform

反映するために「以下の手順で再起動しますよ」ということなので「y」で再起動を行います。

bncertt-tool
The following changes will be performed to your Bitnami installation:

1. Stop web server
2. Configure web server to use a free Let's Encrypt certificate for the domains: 
www.redmine.hengjiu.jp redmine.hengjiu.jp
3. Configure a cron job to automatically renew the certificate each month
4. Configure web server name to: www.redmine.hengjiu.jp
5. Enable HTTP to HTTPS redirection (example: redirect http://redmine.hengjiu.jp 
to https://redmine.hengjiu.jp)
6. Enable non-www to www redirection (example: redirect redmine.hengjiu.jp to 
www.redmine.hengjiu.jp)
7. Start web server once all changes have been performed



Do you agree to these changes? [Y/n]: y


----------------------------------------------------------------------------
Create a free HTTPS certificate with Let's Encrypt

下記のサイトに記載されている内容を確認の上「y」で同意します。

bncertt-tool
Please provide a valid e-mail address for which to associate your Let's Encrypt 
certificate.

Domain list: www.hoge.hengjiu.jp hoge.hengjiu.jp

Server name: www.hoge.hengjiu.jp

E-mail address []: xxxxx@hengjiu.jp

The Let's Encrypt Subscriber Agreement can be found at:

https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf

Do you agree to the Let's Encrypt Subscriber Agreement? [Y/n]: y


----------------------------------------------------------------------------
Performing changes to your installation

The Bitnami HTTPS Configuration Tool will perform any necessary actions to your 
Bitnami installation. This may take some time, please be patient.

----------------------------------------------------------------------------
Success

以上で導入完了です。バックアップファイルとログファイルの場所が以下に表示されます。
ひととおり確認したらEnterで終了します。

bncertt-tool
The Bitnami HTTPS Configuration Tool succeeded in modifying your installation.

The configuration report is shown below.

Backup files:
* /opt/bitnami/apache2/conf/httpd.conf.back.202001140629
* /opt/bitnami/apache2/conf/bitnami/bitnami-apps-prefix.conf.back.202001140629
* /opt/bitnami/apache2/conf/bitnami/bitnami.conf.back.202001140629

Find more details in the log file:

/tmp/bncert-202001140629.log

If you find any issues, please check Bitnami Support forums at:

https://community.bitnami.com

Press [Enter] to continue:

サイトに確認し、HTTPSでアクセスできていれば完了です。

おわりに

bitnamiのredmineを初めて利用しましたが、証明書も簡単に導入できるしホントに楽だなと感じました。

[参考]
・Auto-Configure A Let's Encrypt Certificate(bitnami公式)
https://docs.bitnami.com/aws/apps/redmine/administration/generate-configure-certificate-letsencrypt/

19
15
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
19
15