Your cart is currently empty!
Adding Free SSL/TLS with bncert-tool on GCP WordPress
This is a hands-on of configuration of SSL/TLS certificate using bncert-tool in instance on Google Cloud Platform(GCP) Compute Engine using WordPress with NGINX and SSL Certified by Bitnami and Automattic in Marketplace
See more in Bitnami package for WordPress with NGINX and SSL and my website www.gabriel.cyou
SSH to Your Instance and Execute bncert-tool
To begin with, click SSH in your Compute Engine page, my vm is named cyou-vm.
* Please add an A record in your DNS pointing the VM’s external IP before entering your server using domain name.
$ sudo /opt/bitnami/bncert-toolFollowing is the steps happens in bncert-tool
Warning: Support for the nginx web server is limited. This tool will only be
able to generate HTTPS certificates and configure certificate renewal. It will
not enable/disable redirections or apply other types of server configurations.
Press [Enter] to continue:
----------------------------------------------------------------------------
Welcome to the Bitnami HTTPS Configuration tool.
----------------------------------------------------------------------------
Domains
Please provide a valid space-separated list of domains for which you wish to
configure your web server.
Domain list []: gabriel.cyou
The following domains were not included: www.gabriel.cyou. Do you want to add them? [Y/n]:
----------------------------------------------------------------------------
Changes to perform
The following changes will be performed to your Bitnami installation:
1. Stop web server
2. Configure web server to use a free Let's Encrypt certificate for the domains:
gabriel.cyou www.gabriel.cyou
3. Configure a cron job to automatically renew the certificate each month
4. Start web server once all changes have been performed
Do you agree to these changes? [Y/n]:
----------------------------------------------------------------------------
Create a free HTTPS certificate with Let's Encrypt
Please provide a valid e-mail address for which to associate your Let's Encrypt
certificate.
Domain list: gabriel.cyou www.gabriel.cyou
Server name: gabriel.cyou
E-mail address []: [email protected]
The Let's Encrypt Subscriber Agreement can be found at:
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
Do you agree to the Let's Encrypt Subscriber Agreement? [Y/n]:
----------------------------------------------------------------------------
Performing changes to your installation
The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.
----------------------------------------------------------------------------
Success
The Bitnami HTTPS Configuration Tool succeeded in modifying your installation.
The configuration report is shown below.
Backup files:
* /opt/bitnami/nginx/conf/nginx.conf.back.202401030103
*
/opt/bitnami/nginx/conf/server_blocks/default-https-server-block.conf.back.202401
030103
*
/opt/bitnami/nginx/conf/server_blocks/wordpress-https-server-block.conf.back.2024
01030103
*
/opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf.back.2024010301
03
Find more details in the log file:
/tmp/bncert-202401030103.log
If you find any issues, please check Bitnami Support forums at:
https://github.com/bitnami/vms
Press [Enter] to continue:Configure NGINX Files
It may take some time for domain and www.domain to take effect. Bitnami stated as mentioned in bncert-tool that “It will not enable/disable redirections or apply other types of server configurations.”
Additionally, Bitnami allows entering by both IP and Domain, we’re going to limit to only enter by https domain. Reference: Access An Application Using Only A Single Domain With NGINX ; Force HTTPS Redirection With NGINX.
Therefore we are going to make a redirection from domain to www. domain directly in NGINX conf documents.
If your interested in the original code
In the file wordpress-https-server-block.conf, which returns where Bitnami file WordPress.
$ cat wordpress-server-block.conf
server {
# Port to listen on, can also be set in IP:PORT format
listen 80 default_server;
root /opt/bitnami/wordpress;
# Catch-all server block
# See: https://nginx.org/en/docs/http/server_names.html#miscellaneous_names
server_name _;
# BEGIN Fix for WordPress plugins and themes
# Certain WordPress plugins and themes do not properly link to PHP files because of symbolic links
# https://github.com/bitnami/bitnami-docker-wordpress-nginx/issues/43
rewrite ^/bitnami/wordpress(/.*) $1 last;
# END Fix for WordPress plugins and themes
# BEGIN WordPress
# https://wordpress.org/support/article/nginx/#general-wordpress-rules
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
# END WordPress
include "/opt/bitnami/nginx/conf/bitnami/*.conf";
}Replace the WordPress Conf File
wordpress-server-block.conf is the file that will configure NGINX to listen to port 80 and 301 redirect to https.
$ sudo vim /opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.confUsing vim, to select code row by pressing “V”, or single string by “v”. To select all and delete, select top row and go all the way to bottom, using “gg + V + G + d”. Normal Command/Ctrl + C to paste the following code. “:wq” to execute write and quit.
Here is the link for you to learn vim commands: [Linux] vi 與 vim 指令一覽表整理
* Note that there are not “root /opt/bitnami/APPNAME;” as in the Bitnami code because we eventually redirect entries.
# server_blocks/wordpress-server-block.conf
server {
listen 80 default_server;
if ($host != "www.gabriel.cyou") {
return 301 https://www.gabriel.cyou$request_uri;
}
# redirect if using http
return 301
https://www.gabriel.cyou$request_uri;
}Same in server_blocks/wordpress-https-server-block.conf
In vim, move indicator to where you want to insert string and press “I” to insert.
$ sudo vim /opt/bitnami/nginx/conf/server_blocks/wordpress-server-block.conf
if ($host != "www.gabriel.cyou") {
return 301 https://www.gabriel.cyou$request_uri;
}Restart NGINX
$ sudo /opt/bitnami/ctlscript.sh restart nginx