SSL ãš Apache ã䜿çšããŠã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ãä¿è·ãã
ãã©ãããã©ãŒã ã«ã€ããŠ: ãµãŒããŒãš Data Center ã®ã¿ããã®èšäºã¯ããµãŒããŒããã³ Data Center ãã©ãããã©ãŒã ã®ã¢ãã©ã·ã¢ã³è£œåã«ã®ã¿é©çšãããŸãã
ã¢ãã©ã·ã¢ã³ã®è£œåã¯SSLã«å¯Ÿå¿ããŠããŸããããããã¢ãã©ã·ã¢ã³ã®ãµããŒãã¯ãã®èšå®ã«å¯ŸããŠæ¯æŽã¯è¡ããŸãããã€ãŸããã¢ãã©ã·ã¢ã³ã§ã¯ãããã«é¢ãããããããµããŒãã®æäŸãä¿èšŒãããŸããã
èšå®ã«é¢ããŠãµããŒããå¿ èŠã§ããã°ãAtlassian Answers ã«è³ªåããããŠãã ããã
ãã®ããŒãžã§ã¯ãApache ããªããŒã¹ ãããã·ãšããŠäœ¿çšããå Žåã« HTTPS (HTTP over SSL) ãæ§æããæ¹æ³ã«ã€ããŠèª¬æããŸããã€ã³ã¿ãŒãããçµç±ã®ã¢ããªã±ãŒã·ã§ã³ ã¢ã¯ã»ã¹ã§ããŠãŒã¶ãŒåããã¹ã¯ãŒããããã³ãã®ä»ã®å¿åããŒã¿ãæå·åããããšãã«ãã®æ¹æ³ãæ€èšããããšãããããããŸãã
ãã®ããŒãžã®æé ã¯ãã¢ãã©ã·ã¢ã³ã®æ¬¡ã®ãµãŒã㌠ã¢ããªã±ãŒã·ã§ã³ã«é©çšãããŸããÂ
- Jira Server ã¢ããªã±ãŒã·ã§ã³ (Jira Software ServerãJira CoreãJira Service Desk)
- Confluence Server
- Bamboo Server
- Bitbucket Server
- Fisheye
- Crucible
- Crowd
In the examples that follow on this page, <atlassianapp> refers to the name of any of the Atlassian server applications above.
Prerequisites
æ¬¡ã®æ¡ä»¶ãæºãããŠããå¿ èŠããããŸãã
æå¹ãªèªèšŒå±ã® SSL èšŒææž
SSL èšŒææžã¯ã蚪åè ã® web ãã©ãŠã¶ãšèªèº«ã®ãµãŒããŒãšã®éã®éä¿¡ãæå·åããããã«äœ¿çšããããäžé£ã®ãã¡ã€ã«ã§ãããå©çšã® web ãµã€ãã®ã¢ã€ãã³ãã£ãã£ã蚌æããããã«ã圹ç«ã¡ãŸããèªå·±çœ²åèšŒææžã§ã¯ãªããèªèšŒå± (CA) ãçºè¡ããã³çœ²åãã SSL èšŒææžã䜿çšããããšãããããããŸãã
CA ãçºè¡ããèšŒææžã䜿çšããããšã®äž»ãªã¡ãªããã¯ã蚪åè ã web ãµã€ãã«æ¥ç¶ããŠããä»ã®ã¢ããªã±ãŒã·ã§ã³ãããµã€ãã®ã¢ã€ãã³ãã£ãã£ããšã©ãŒãªãã§æ€èšŒã§ããããšã§ããCA ãçºè¡ããŠããªã SSL èšŒææžã䜿çšããŠãããšæ¥ç¶ãšã©ãŒãçºçããå Žåããããããããã¯ãã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³éã§ã¢ããªã±ãŒã·ã§ã³ ãªã³ã¯ãæ§æããŠããå Žåãªã©ãèªèº«ã®ã¢ããªã±ãŒã·ã§ã³ãä»ã®ã¢ããªã±ãŒã·ã§ã³ãšããåãããŠãããšãã«ç¹ã«éèŠã§ãã
ã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ã Apache ãªããŒã¹ ãããã·ã®èåŸã§å®è¡ãããŠãã
ãHTTP ã§ãªããŒã¹ ãããã·çµç±ã§ã¢ããªã±ãŒã·ã§ã³ã«æ¥ç¶ãããã®ã¹ããããå®äºããŠããããšã確èªããŠç¶è¡ããŸãããŒãããéå§ããå Žåãæšæºã® HTTP ã§ãªããŒã¹ ãããã·ãåäœããããšã確èªããŠãããSSL æ§æãå¥åã®ã¹ããããšããŠæ±ãããšãããããããŸãã
ããŒã A. ã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ãèšå®ãã
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãåã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ã«çµã¿èŸŒãŸãã Tomcat (Fisheye ãŸã㯠Crucible ã®å Žå㯠Jetty) web ãµãŒããŒã®ãããã·æ§æããSSL ãæå¹åããããªããŒã¹ ãããã·ã®èåŸã§å®è¡ããããã«æŽæ°ããæ¹æ³ã«ã€ããŠèª¬æããŸãã
1. ã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ã忢ãã
ã¢ããªã±ãŒã·ã§ã³ã忢ãããšãTomcat ã忢ããŸãã
Â
2. Connector æ§æãæŽæ°ãã
Bitbucket Server 5.0 ãæ§æããŠããå Žå
Bitbucket Server 5.0 以éã§ã¯ Tomcat ã®ã³ãã¯ã¿ãçŽæ¥èšå®ããããšãã§ããŸããããã®ããããã®ã»ã¯ã·ã§ã³ã®èšå®ã¯ãBitbucket Server 4.14 以åã§ã®ã¿å©çšã§ããŸãã
server.xml
æ§æã¯ <Bitbucket home directory>
/shared/bitbucket.properties
ã§çœ®ãæããããŠããŸãã
察å¿ããããããã£ãšã以éã®èšå®ã«å¯Ÿå¿ããæé ã«ã€ããŠã¯ããserver.xml ã®ã«ã¹ã¿ãã€ãºã bitbucket.properties ã«ç§»è¡ãããããåç
§ãã ãããbitbucket.properties
ãžã®ãããã³ã°ãå®äºãããããããŒã B: SSL ãæ§æãããã«é²ãã§ãã ããã
FishEye ãŸãã¯Â Crucible ã䜿çšããŠããå Žåã管çé åãããããã· ãã¹ãããããã· ã¹ããŒã ãããã³ãããã· ããŒããèšå®ããŸãã詳现ã«ã€ããŠã¯ããFisheye web ãµãŒããŒãèšå®ããããåç §ããŠãã ããã
ãã®ä»ã®ããããã¢ãã©ã·ã¢ã³ ãµãŒã㌠ã¢ããªã±ãŒã·ã§ã³ã®ããããã䜿çšããŠããå ŽåãConnector
ãã£ã¬ã¯ãã£ããæ¬¡ã®ããã«èšå®ããŸããæ³š: mod_proxy_ajp
ã䜿çšããŠãªããŒã¹ ãããã·ãã»ããã¢ããããŠããå Žåããã®ã¹ããããã¹ãããããŠä»¥éã®ããŒã B ã«é²ãã§ããŸããŸããã
åã¢ããªã±ãŒã·ã§ã³ã«ãããŠãTomcat ã® server.xmlÂ
ãã¡ã€ã«ã§éåžžã® (é SSL) Connector
ãã£ã¬ã¯ãã£ããèŠã€ããæ¬¡ã®ããã« Connector
ãã£ã¬ã¯ãã£ãã§ scheme
ããã³ proxyPort
屿§ãæŽæ°ããŸãããããã®å±æ§ã¯ãªããŒã¹ ãããã·ã®æ§ææã«è¿œå æžã¿ã§ããããšãæ³å®ããŠããŸããæ¬¡ã®ããã«ãscheme
ã "https" ã«ãproxyPort
ã Apache ã SSL ããªãã¹ã³ããŠããããŒãã« (äŸ: "443") 倿Žããå¿
èŠããããŸãã
<Connector port=<default>
maxThreads=<default>
minSpareThreads=<default>
connectionTimeout=<default>
enableLookups=<default>
maxHttpHeaderSize=<default>
protocol=<default>
useBodyEncodingForURI=<default>
redirectPort=<default>
acceptCount=<default>
disableUploadTimeout=<default>
proxyName="<subdomain>.<domain>.com"
proxyPort="443"
secure="true"
scheme="https"/>
For more information about configuring the Tomcat Connector, refer to the Apache Tomcat 8.0 HTTP Connector Reference.
ããŒã B: SSL ãæ§æãã
1. ç°å¢ãæºåãã
SSL èšŒææžãã¡ã€ã«ããµãŒããŒã«ã³ããŒ
äžè¬ç㪠SSL èšŒææžã¯æ¬¡ã®ãããªããã€ãã®ãã¡ã€ã«ã§æ§æãããŸãã
- èšŒææžãã¡ã€ã«
- èšŒææžãã¡ã€ã«ã¯ SSL èšŒææžã®å ¬ééšåã§ãããæ¥ç¶çžæãåç §å¯èœã§ããèªèº«ã®èšŒææžãã¡ã€ã«ã®ã¿ã埩å·åã§ããããã«ããŒã¿ãæå·åããæ¹æ³ãã¯ã©ã€ã¢ã³ãã«äŒããŸããã¯ã©ã€ã¢ã³ãã«å¯ŸããŠãªãããŸãã®å±éºæ§ããªãããšã蚌æãããããèšŒææžãã¡ã€ã«ã«ã¯èªèº«ã®ãµã€ãã®ã¢ã€ãã³ãã£ãã£ãšãèšŒææžãçºè¡ããèªèšŒå± (CA) ã«ã€ããŠã®æ å ±ãå«ãŸããŸãã
- èšŒææžã㌠ãã¡ã€ã«
- èšŒææžã㌠ãã¡ã€ã«ã¯ãSSL èšŒææžã®éå ¬ééšåã§ããèšŒææžãã¡ã€ã«ã«ã¯ãèªèº«ã®å ¬éæžã¿ã®èšŒææžã䜿çšããŠããŒã¿ãæå·åããã¯ã©ã€ã¢ã³ãããåãåã£ãããŒã¿ã埩å·åããããã«å¿ èŠãªæ å ±ãå«ãŸããŸããããããªããšãèšŒææžãã¡ã€ã«ã§æå·åããããŒã¿ãèªã¿åãããšãã§ããªãããã第äžè ãå ¬éèšŒææžã䜿çšããŠèªèº«ã«ãªãããŸãããšã¯ã§ããŸããã
- èšŒææž ãã§ãŒã³ ãã¡ã€ã« (ä»»æ)
- èšŒææžãã¡ã€ã«ããµã€ãã®ã¢ã€ãã³ãã£ãã£ã蚌æããããšãšåæ§ã«ãèšŒææžã㌠ãã¡ã€ã«ã¯ CA ã®ã¢ã€ãã³ãã£ãã£ã蚌æããŸããæ¥ç¶å ã®ã¯ã©ã€ã¢ã³ããèªèããªã CA ã«ãã£ãŠ SSL èšŒææžãçºè¡ãããŠããå Žåãã¯ã©ã€ã¢ã³ãã¯èšŒææžãã§ãŒã³ ãã¡ã€ã«ã§ CA ã®ã¢ã€ãã³ãã£ãã£ããããã«ãã£ãŠãµã€ãã®ã¢ã€ãã³ãã£ãã£ã確èªããŸããããã¯å³å¯ã«ã¯å¿ é ã§ã¯ãããŸããããèšŒææžãã§ãŒã³ ãã¡ã€ã«ã«ããã倿°ã®ã¯ã©ã€ã¢ã³ããžã®äºææ§ãæã€ SSL æ§æãå®çŸã§ããŸãã
ãããã®ãã¡ã€ã«ã¯ãµãŒããŒå
ã§ Apache ãå°éå¯èœãªä»»æã®å Žæã«ã³ããŒããææè
ã root
ãŠãŒã¶ãŒã«èšå®ããå¿
èŠããããŸããèªå·±çœ²åèšŒææžã䜿çšããããšãã§ããŸãããæ¬çªç°å¢ã§ã®èªå·±çœ²åèšŒææžã®äœ¿çšã¯æšå¥šãããŸããã
Apache SSL ã¢ãžã¥ãŒã«ã®æå¹å
SSL ãµããŒãã Apache ã§æå¹åããŠãã SSL èšŒææžãæ§æããŸãã
2. VirtualHost æ§æãæŽæ°ãã
çŸåšã® VirtualHost ã®ãªããŒã¹ ãããã·æ§æã¯æ¬¡ã®ããã«èšå®ãããŠããããšãæ³å®ããŠããŸãã
<VirtualHost *:80>
ServerName <subdomain>.<domain>.com
ProxyRequests Off
<Proxy *>
Require all granted
</Proxy>
ProxyPass /<contextpath> http://<domain>:<port>/<contextpath>
ProxyPassReverse /<contextpath> http://<domain>:<port>/<contextpath>
</VirtualHost>
ãªããŒã¹ ãããã·æ§æã§ mod_proxy_http
ã§ã¯ãªã mod_proxy_ajp
ã䜿çšããŠããå Žåãäžèšã®ãããã· URL ã®äŸã¯ http://
ã§ã¯ãªã ajp://
ã§éå§ãããŸããSSL ããµããŒããã VirtualHost æ§æã®æŽæ°æé ã¯ããããã®ãããã· ã¿ã€ãã§ãåãã§ãã
Confluence 6.0.x 以éã§ã¯å ±åç·šéã®ãããAJproxy æ¥ç¶ã¯ãµããŒããããŸããã
ãªãã¹ã³ ããŒãã®å€æŽ
æ¢åã® VirtualHost æ§æã倿ŽããŠãHTTP æ¥ç¶ã§ã¯ãªã HTTPS æ¥ç¶ããªãã¹ã³ããããã«ããå¿
èŠããããŸããVirtualHost ã®ãªãã¹ã³ ããŒãã HTTPS ããªãã¹ã³ããããŒã (æ¢å®ã¯ 443
) ã«å€æŽããããã®æåã®ã¹ãããã¯ã次ã®ãšããã§ãã
<VirtualHost *:443>
...
</VirtualHost>
SSL èšŒææžã®è¿œå
VirtualHost ã®å éšã§ SSL ãæå¹åããŠèšŒææžãã¡ã€ã«ãæ·»ä»ãããããVirtualHost æ§æã®æ«å°Ÿã«æ¬¡ã®è¡ã远å ããŸãã
<VirtualHost *:443>
...
Â
SSLEngine On
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
SSLCertificateChainFile /path/to/your/chain.pem
</VirtualHost>
HTTP ã HTTPS ã«ãªãã€ã¬ã¯ã
ãµãŒããŒãžã®å®å šãªæ¥ç¶ã匷å¶ãããããHTTP ã HTTPS ã«ãªãã€ã¬ã¯ãããããšãããããããŸãããããè¡ãã«ã¯ãå ã® HTTP ããŒãããªãã¹ã³ããæ°ãã VirtualHost ã远å ããŸãã
<VirtualHost *:80>
ServerName <subdomain>.<domain>.com
Redirect Permanent /<contextpath> https://<subdomain>.<domain>.com/<contextpath>
</VirtualHost>
å®å šãª VirtualHost æ§æã¯æ¬¡ã®ããã«ãªããŸãã
<VirtualHost *:443>
ServerName <subdomain>.<domain>.com
ProxyRequests Off
<Proxy *>
Require all granted
</Proxy>
ProxyPass /<contextpath> http://<domain>:<port>/<contextpath>
ProxyPassReverse /<contextpath> http://<domain>:<port>/<contextpath>
Â
SSLEngine On
SSLCertificateFile /path/to/your/cert.pem
SSLCertificateKeyFile /path/to/your/privkey.pem
SSLCertificateChainFile /path/to/your/chain.pem
</VirtualHost>
Â
<VirtualHost *:80>
ServerName <subdomain>.<domain>.com
Redirect Permanent /<contextpath> https://<subdomain>.<domain>.com/<contextpath>
</VirtualHost>
Confluence 6.0 以éã Synchrony (å ±åç·šéã«å¿ èŠ) ãšäœ¿çšããŠããå ŽåãApache 2.4 ã«å ãã
ä»®æ³ãã¹ã ãããã¯å ã®æ°ãããã£ã¬ã¯ãã£ãã¯æ¬¡ã®æ©èœãå®è¡ããŸãã
ç¹å®ã®ä»®æ³ãã¹ãçšã®ãã£ã¬ã¯ãã£ãã®æ§æ
<VirtualHost *:443>
ãã¹ãŠã® IP ã¢ãã¬ã¹ãšç
§åããããã®ã¯ã€ã«ãã«ãŒããšããŠæå *
ããæ¢å®ã® https ããŒããšã㊠443 ã䜿çšããŸããããã«ãããApache ã§ã¯ä»®æ³ãã¹ãã® ServerName å€ã§ãªã¯ãšã¹ããç
§åããŸãã
Apache 2.4 ã® VirtualHost
ããã¥ã¡ã³ãããåç
§ãã ããã
SSL ãšã³ãžã³ã®æå¹å
SSLEngine On
ãã®ãã£ã¬ã¯ãã£ã㯠Apache ã«å¯Ÿãã察象ã®ä»®æ³ãã¹ãã§ SSL ã䜿çšãããŠããããšãäŒããŸãã
Apache 2.4 ã® SSLEngine
ããã¥ã¡ã³ãããåç
§ãã ããã
èšŒææžãã¡ã€ã«ã®æ§æ
SSLCertificateFile /path/to/cert.pem
ããã¯ãã£ã¹ã¯äžã®èšŒææžãã¡ã€ã«ãžã®å®å šãªãã¹ã§ããèšŒææžãã¡ã€ã«ãžã®ãã¹ã«ã¹ããŒã¹ãå«ãŸããå Žåããã¹ãããã« ã¯ã©ãŒããŒã·ã§ã³ã§å²ãå¿ èŠããããŸãã
Apache 2.4 ã® SSLCertificateFile
ããã¥ã¡ã³ãããåç
§ãã ããã
èšŒææžã®éå ¬éã㌠ãã¡ã€ã«ã®æ§æ
SSLCertificateKeyFile /path/to/privkey.pem
ããã¯ãã£ã¹ã¯äžã®éå ¬éã㌠ãã¡ã€ã«ãžã®å®å šãªãã¹ã§ããéå ¬éã㌠ãã¡ã€ã«ãžã®ãã¹ã«ã¹ããŒã¹ãå«ãŸããå Žåããã¹ãããã« ã¯ã©ãŒããŒã·ã§ã³ã§å²ãå¿ èŠããããŸãã
Apache 2.4 ã® SSLCertificateKeyFile
ããã¥ã¡ã³ãããåç
§ãã ããã
èšŒææžãã§ãŒã³ ãã¡ã€ã«ã®æ§æ
SSLCertificateChainFile /path/to/chain.pem
ããã¯ãã£ã¹ã¯äžã®éå ¬éã㌠ãã¡ã€ã«ãžã®å®å šãªãã¹ã§ãããã®èšå®ã¯ä»»æã§ããããã¡ã€ã«ãååšããå Žåã¯æ§æããããšãããããããŸããéå ¬éã㌠ãã¡ã€ã«ãžã®ãã¹ã«ã¹ããŒã¹ãå«ãŸããå Žåããã¹ãããã« ã¯ã©ãŒããŒã·ã§ã³ã§å²ãå¿ èŠããããŸãã
Apache 2.4 ã® SSLCertificateChainFile
ããã¥ã¡ã³ãããåç
§ãã ããã
HTTP ã HTTPS ã«ãªãã€ã¬ã¯ã
Redirect permanent /<contextpath> https://<subdomain>.<domain>.com/<contextpath>
Redirect permanent
ãã£ã¬ã¯ãã£ãã¯ãªãœãŒã¹ãžã®ãã¹ãŠã®ã¢ã¯ã»ã¹ã«å¯Ÿããå®å
ãæ°ããå Žæã«æ°žç¶çã«ç§»åãããŠããæšãäŒããŸãããã®ã€ã³ã¹ã¿ã³ã¹ã§ã¯ Apache ã«æ¥ç¶ããä»ã®ãœãããŠã§ã¢ã«å¯Ÿããã¢ããªã±ãŒã·ã§ã³ã http
URL ããæ°ãã https
URL ã«ç§»åããããšãäŒããŸãã
Apache ã§ã¯ Redirect permanent
ã®ä»£ããã« mod_rewrite
ã¢ãžã¥ãŒã«ã䜿çšã㊠http ãã https ãžã®ãªãã€ã¬ã¯ããæ§æããããšãã§ããŸãããã ããApache ã§ã¯ Redirect
ãå©çšå¯èœãªå Žåã¯ããã mod_rewrite
ãããåªå
çã«äœ¿çšããããšãæšå¥šãããŠããŸãã
Apache 2.4 ã®ãmod_rewrite
ã䜿çšãã¹ãã§ãªãã¿ã€ãã³ã°ã«ã€ããŠã®ããã¥ã¡ã³ãããåç
§ãã ããã
3. Apache ã®æ¢å®ã® SSL æ§æããªãŒããŒã©ã€ããã
Apache ã«ã¯æ¢å®ã§ããã€ãã®è¿œå æ§æãã¡ã€ã«ã忢±ãããŠãããããã«ã¯æ¢å®ã® SSL æ§æãå«ãŸããŸããVirtualHost ã®åã«æ¢å®ã® SSL æ§æãèªã¿èŸŒãŸããå Žåãã¯ã©ã€ã¢ã³ããžã®èšŒææžãã§ãŒã³ã®æäŸã§åé¡ãçºçããå¯èœæ§ããããŸããããã«ãããç¹å®ã®ç¶æ³äžã§ããã©ãŠã¶ã§ã¯ã¢ããªã±ãŒã·ã§ã³ã SSL ã§åäœããŠããããã«èŠããããä»ã®ã¢ããªã±ãŒã·ã§ã³ã¯ç¡å¹ãªæ§æãæ€åºããæ¥ç¶ã«å€±æããŸãã
æ¢å®ã® SSL æ§æãã¡ã€ã«ã¯Â /etc/httpd/conf.d/ssl.conf
ã«æ ŒçŽãããŠããŸããVirtualHost ãã£ã¬ã¯ãã£ãããã®ãã£ã¬ã¯ããªã§ç¬èªã®Â .conf
 ãã¡ã€ã«ã«æ ŒçŽãããŠããå Žåããã®ãã£ã¬ã¯ããªã®ãã¡ã€ã«ã¯ã¢ã«ãã¡ãããé ã§èªã¿èŸŒãŸããããã.conf
 ãã¡ã€ã«ãã¢ã«ãã¡ãããé ã§Â ssl.conf
ãããåã«ããããã«ããŸãã
VirtualHost ãã£ã¬ã¯ãã£ãã /etc/httpd/conf/httpd.conf
ã«çŽæ¥æžã蟌ãŸããŠããå Žåãæ¬¡ã®è¡ãèŠã€ãããããã VirtualHost ãšã³ããªã®åã§ã¯ãªãããšã«è¡šç€ºãããããã«ããŸãã
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
4. Apache ãåèµ·åãã
Debian ããã³ Ubuntu
以äžã䜿çšããŠãã³ãã³ã ã©ã€ã³ãã Apache ãåèµ·åããŸãã
$ sudo service apache2 restart
Fedora ããã³ CentOS
以äžã䜿çšããŠãã³ãã³ã ã©ã€ã³ãã Apache ãåèµ·åããŸãã
$ sudo apachectl graceful
systemd
ã䜿çšã㊠Apache ãåèµ·åããããšãã§ããŸããCentOS ã®å Žåã®äŸã¯æ¬¡ã®ããã«ãªããŸãã
$ sudo systemctl restart httpd.service
Windows
Apache ãµãŒãã¹ã忢ããã³éå§ããã«ã¯ã[ã³ã³ãããŒã« ããã«] > [管çããŒã«] > [ãµãŒãã¹] ã«ç§»åãã"Apache2" ãèŠã€ãããããéžæããŸããã¡ãã¥ãŒ ããŒãã忢ãã¿ã³ (åè§åœ¢) ãéžæãããµãŒãã¹ã®ã¹ããŒã¿ã¹ã [忢] ã«ãªããŸã§åŸ ã¡ãŸãããµãŒãã¹ã忢ããããéå§ãã¿ã³ (äžè§åœ¢) ãéžæããã¹ããŒã¿ã¹ã [éå§] ã«ãªããŸã§åŸ ã¡ãŸãã
5. åã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ãåèµ·åãã
Now, restart each Atlassian application. See the "stopping and starting" instructions above.Â
補åã«æ°ãã URL ã䜿çšããŠã¢ã¯ã»ã¹å¯èœãã©ããã確èªããŸãã
6. ã¢ããªã±ãŒã·ã§ã³ã®ããŒã¹ URL ãæŽæ°ãã
åã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ã§ããŒã¹ URL ãæŽæ°ããhttp
ã§ã¯ãªã https
ãããã³ã«ã䜿çšããããã«ããŸã (äŸ:  https://www.example.com/<atlassianapp>
)ã
ããŒã C. SSL æ§æããã¹ããã
SSL ãæ§æããããã§ãã£ãšãéèŠãªã¹ãããã¯ãæ§æã培åºçã«ãã¹ãããããŸããŸãªãã©ãŠã¶ãã¢ããªã±ãŒã·ã§ã³ã§ã®äºææ§ã確èªããããšã§ããSSL ããããã©ãŠã¶ã§ã¯æåŸ ãããšããã«åäœããããã»ãã®ã¢ããªã±ãŒã·ã§ã³ãæ¥ç¶ãããšå€±æããå ŽåããããŸããããã«ãããã¢ããªã±ãŒã·ã§ã³ã«æ¥ç¶ããã·ã¹ãã ã§åé¡ãçºçããå¯èœæ§ããããŸããã¢ããªã±ãŒã·ã§ã³ã«æ¥ç¶ããå¯èœæ§ããããã®ã«ã¯ã次ã®ãããªäŸããããŸãã
- ã¢ããªã±ãŒã·ã§ã³ ãªã³ã¯
- ãµãŒãããŒãã£è£œã®ãã©ã°ã€ã³
- REST API ã䜿çšããã¹ã¯ãªãããããŒã«
- ã¢ããªã±ãŒã·ã§ã³åºæã®æ©èœ (Bamboo ã®ãªã¢ãŒã ãšãŒãžã§ã³ããBitbucket Server ã® Smart Mirror ãµãŒããŒãªã©)
ãã®ãããªåé¡ã¯å³åº§ã«ã¯æ€ç¥ããããæéãçµéããŠããæ€åºãããå Žåã«åå ã®çµã蟌ã¿ãé£ãããªãå ŽåããããŸãããã®ãããSSL æ§æã¯ããã«ãã¹ãããããšããæ€åºããã³èšºæããããšãé£ããæ§æã®åé¡ãä¿®æ£ããŠããããšãéèŠã§ãã
次ã®ãããªãã¹ããå®è¡ããããšãããããããŸãã3 ã€ã®ãã¹ãã®ãã¡ 1 ã€ã®ã¿ã倱æããå Žåãå€ãããããã¹ãŠã®ãã¹ããå®è¡ããããšãéèŠã§ããÂ
1. ãã©ãŠã¶ ãã¹ã
ãã£ãšãã·ã³ãã«ãªãã¹ãã¯ãweb ãã©ãŠã¶ããã¢ããªã±ãŒã·ã§ã³ã«ã¢ã¯ã»ã¹ããããšã§ããæ¬¡ã®é ç®ãå®çŸãããŠããããšã確èªããŸãã
- é HTTPS ã® URL (äŸ:
http://<subdomain>.<domain>.com
) ã§ã¢ããªã±ãŒã·ã§ã³ã«ã¢ã¯ã»ã¹ãããšãhttps://<subdomain>.<domain>.com
ã«èªåçã«ãªãã€ã¬ã¯ããããããš - èŠåããããã¢ãã ãã€ã¢ãã°ã衚瀺ãããªãããš
- ã¢ãã¬ã¹ ããŒã§ web ãµã€ãã®ã¢ãã¬ã¹ã®æšªã«éµã®ã¢ã€ã³ã³ã衚瀺ãããããš
- éµã®ã¢ã€ã³ã³ãã¯ãªãã¯ã㊠[詳现] ãŸã㯠[èšŒææžã衚瀺] ãã¯ãªãã¯ãããšãèšŒææžãæå¹ã§ããããšãšãèšŒææžãçºè¡ãã CA ã衚瀺ãããããš
2. SSLPoke
SSLPoke ã¯ã¢ãã©ã·ã¢ã³ãäœæãããSSL ã®åé¡ã®èšºæãæ¯æŽããããã®ã·ã³ãã«ãª Java ãŠãŒãã£ãªãã£ã§ãããã®ãã¹ãã¯ããŒã«ã«ã® Java ã€ã³ã¹ããŒã«ã®èªèº«ã®ä¿¡é Œæžã¿èªèšŒå±ã¹ãã¢ã«äŸåãããããæ¢åã®ã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ããã¹ãããŠãããµãŒããŒãªã©ã®ã察象ã®ã¢ããªã±ãŒã·ã§ã³ã«æ¥ç¶ããããšãäºå®ããŠããã·ã¹ãã ããå®è¡ããããšãããããããŸãã
The KB article Unable to connect to SSL services due to "PKIX Path Building Failed" error covers the steps to download and run the SSLPoke utility. When using SSLPoke from another server that needs to connect to your app, it's important to make sure the version of Java being used is the same one used by that server to run its applications.
3. OpenSSL
ã»ãšãã©ã® Unix ã©ã€ã¯ã®ã·ã¹ãã ã§ã¯ OpenSSL ãã€ããªãã€ã³ã¹ããŒã«æžã¿ã§ããããã®ãã€ããªã¯ Windows ã§ãå©çšã§ããŸããOpenSSL ãã¹ãã¯èšŒææžãšèšŒææžãã§ãŒã³ã®äž¡æ¹ãæ€èšŒãããããæœåšçãªæ€èšŒã®åé¡ã®ç¹å®ã«åœ¹ç«ã¡ãŸãã
OpenSSL ãã¹ããå®è¡ããã«ã¯ã次ã®ã³ãã³ããå®è¡ããŸããÂ
openssl s_client -connect <subdomain>.<domain>.com:443
ãã®ãã¹ãã¯èšŒææžã«ã€ããŠã®å€æ°ã®æ å ±ãè¿ããŸããæåãããšãåºåã®æåŸã®è¡ã¯æ¬¡ã®ããã«ãªããŸããÂ
Verify return code: 0 (ok)
---
äžèšã®ãã¹ããçµããããããã§å®äºã§ãã
æ··åã³ã³ãã³ãã«ã€ããŠ
ãã©ãŠã¶ã HTTPS ã® URL ããã³ã³ãã³ããèªã¿èŸŒãã éã«ãã©ãŠã¶ã«é HTTPS ã³ã³ãã³ããå«ãŸããŠãããšãã»ãã¥ãªãã£äžã®çç±ã«ããããã©ãŠã¶ã¯é HTTPS ã³ã³ãã³ãããããã¯ããŸããããã¯æ··åã³ã³ãã³ãã®ãããã¯ãšããŠç¥ãããŠããŸããã¢ããªã±ãŒã·ã§ã³ã«æ¥ç¶ããä»ã®ã¢ãã©ã·ã¢ã³ ã¢ããªã±ãŒã·ã§ã³ãããå Žåãäžéšã®é£æºæ©èœã§ã¯ãªã¢ãŒã ã¢ããªããã®ã³ã³ãã³ãã®èªã¿èŸŒã¿ãå¿ èŠã§ããããããã¹ãŠã®ã¢ããªã HTTPS ã§å®è¡ããããã«ã»ããã¢ããããããšãããããããŸãã
ãã®å 容ã¯ã圹ã«ç«ã¡ãŸããã?
ã¯ã ãã®èšäºã«ã€ããŠã®ãã£ãŒãããã¯ãéä¿¡ãã