进城务工人员小梅Nginx HTTPS反向代理Confluence、Jira和Bitbucket是一个常见的需求,在官网上有部分参考文档,架构大致为(另外承接Confluence、Jira全套破解版搭建):
Nginx Https反向代理Confluence、Jira、Bitbucket
其关键点在于SSL证书安装在Nginx上,客户端与Nginx之间使用HTTPS,Nginx与后端的Confluence、Jira和Bitbucket之间使用HTTP。
本文的目的是要使用诸如https://confluence.meilongkui.com:51443、https://jira.meilongkui.com:51443、https://bitbucket.meilongkui.com:51443,本文使用的环境为:
- Confluence v6.7.2,安装在localhost:58101
- Jira v7.8.1,安装在localhost:58103
- Bitbucket v5.9.0,安装在localhost:58104
- Nginx 1.13.10
主要步骤可以可以参考官方文档(但官网文档中声明了不提供支持服务)。其中,Confluence由于需要使用WebSocket(/synchrony)需要尤其注意,否则在编辑时会报错且无法保存。在官方文档中提到Confluence 6.0的synchrony端口为8091。
Nginx配置文件如下:
#user nobody;worker_processes 1;#error_log logs/error.log;#error_log logs/error.log notice;#error_log logs/error.log info;#pid logs/nginx.pid;events {worker_connections 1024;}http {server_names_hash_bucket_size 64;include mime.types;default_type application/octet-stream;#log_format main ‘$remote_addr – $remote_user [$time_local] “$request” ‘# ‘$status $body_bytes_sent “$http_referer” ‘# ‘”$http_user_agent” “$http_x_forwarded_for”‘;#access_log logs/access.log main;sendfile on;#tcp_nopush on;#keepalive_timeout 0;keepalive_timeout 65;gzip on;# another virtual host using mix of IP-, name-, and port-based configuration#server{listen 80 default;server_name _;return 403;}server {listen 51443;ssl on;server_name confluence.meilongkui.com;ssl_certificate C:\ssl_cert\STAR_meilongkui_com-all.crt;ssl_certificate_key C:\ssl_cert\star.meilongkui.com_key.txt;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;location / {client_max_body_size 100m;proxy_set_header X-Forwarded-Host $host;proxy_set_header X-Forwarded-Server $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Real-IP $remote_addr;proxy_pass http://localhost:58101;}location /synchrony {proxy_set_header X-Forwarded-Host $host;proxy_set_header X-Forwarded-Server $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Real-IP $remote_addr;proxy_pass http://localhost:8091/synchrony;proxy_http_version 1.1;proxy_set_header Upgrade $http_upgrade;proxy_set_header Connection “Upgrade”;}}server {listen 51443;ssl on;server_name jira.meilongkui.com;ssl_certificate C:\ssl_cert\STAR_meilongkui_com-all.crt;ssl_certificate_key C:\ssl_cert\star.meilongkui.com_key.txt;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;location / {client_max_body_size 10M;proxy_set_header X-Forwarded-Host $host;proxy_set_header X-Forwarded-Server $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Real-IP $remote_addr;proxy_pass http://localhost:58102;}}server {listen 51443;ssl on;server_name bitbucket.meilongkui.com;ssl_certificate C:\ssl_cert\STAR_meilongkui_com-all.crt;ssl_certificate_key C:\ssl_cert\star.meilongkui.com_key.txt;ssl_session_cache shared:SSL:1m;ssl_session_timeout 5m;location / {client_max_body_size 10M;proxy_set_header X-Forwarded-Host $host;proxy_set_header X-Forwarded-Server $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Real-IP $remote_addr;proxy_redirect off;proxy_pass http://localhost:58104;}}}
Confluence配置文件:
<Server port=”8101″ shutdown=”SHUTDOWN” debug=”0″>
<Service name=”Tomcat-Standalone”>
<Connector port=”58101″ connectionTimeout=”20000″ redirectPort=”8443″
maxThreads=”48″ minSpareThreads=”10″
enableLookups=”false” acceptCount=”10″ debug=”0″ URIEncoding=”UTF-8″
protocol=”org.apache.coyote.http11.Http11NioProtocol”
scheme=”https” proxyName=”confluence.meilongkui.com” proxyPort=”51443″ /><Engine name=”Standalone” defaultHost=”localhost” debug=”0″>
<Host name=”localhost” debug=”0″ appBase=”webapps” unpackWARs=”true” autoDeploy=”false” startStopThreads=”4″>
<Context path=”” docBase=”../confluence” debug=”0″ reloadable=”false” useHttpOnly=”true”>
<!– Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB- INF/classes/log4j.properties –>
<Manager pathname=”” />
<Valve className=”org.apache.catalina.valves.StuckThreadDetectionValve” threshold=”60″ />
</Context><Context path=”${confluence.context.path}/synchrony-proxy” docBase=”../synchrony-proxy” debug=”0″ reloadable=”false” useHttpOnly=”true”>
<Valve className=”org.apache.catalina.valves.StuckThreadDetectionValve” threshold=”60″ />
</Context>
</Host></Engine>
</Service>
</Server>
Jira配置文件:
<Connector port=”58102″
maxThreads=”150″
minSpareThreads=”25″
connectionTimeout=”20000″enableLookups=”false”
maxHttpHeaderSize=”8192″
protocol=”HTTP/1.1″
useBodyEncodingForURI=”true”
redirectPort=”8443″
acceptCount=”100″
disableUploadTimeout=”true”
bindOnInit=”false”
proxyName=”jira.meilongkui.com” proxyPort=”51443″ scheme=”https”/>
Bitbucket配置文件(在Windows平台下默认位于
C:\Atlassian\ApplicationData\Bitbucket\shared\bitbucket.properties):
#2018-04-01 – Configuration updated by the Bitbucket installer
server.port=58104
server.scheme=https
server.proxy-port=51443
server.proxy-name=bitbucket.meilongkui.com
Linxu平台下需要根据/opt/atlassian/bitbucket/7.9.1/bin/set-bitbucket-home.sh找到BITBUCKET_HOME,默认BITBUCKET_HOME是/var/atlassian/application-data/bitbucket,因此bitbucket.properties应该位于/var/atlassian/application-data/bitbucket/shared/bitbucket.properties(如果是用默认端口的话文件可能不存在,要自己建一个,看最后一个参考文档)。
附官方参考文档:
- https://confluence.atlassian.com/confkb/how-to-use-nginx-to-proxy-requests-for-confluence-313459790.html
- https://confluence.atlassian.com/confeap/running-confluence-behind-nginx-with-ssl-849150880.html
- https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html
- https://confluence.atlassian.com/bitbucketserver/proxying-and-securing-bitbucket-server-776640099.html
- https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-behind-nginx-using-ssl-776640112.html
- https://confluence.atlassian.com/bitbucketserver/bitbucket-server-home-directory-776640890.html
- https://confluence.atlassian.com/bitbucketserver/bitbucket-server-config-properties-776640155.html
转载时请保留出处,违法转载追究到底:进城务工人员小梅 » Nginx HTTPS反向代理Confluence、Jira和Bitbucket