You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
场景
通过在nginx中增加ssl证书认证,并将客户的请求转发到JIRA中。JIRA中无需再配置认证证书。
在以下配置过程中,我们假定需要进行的配置上下文件为
Confluence人访问地址为:http://jira.hktxcn.com 现需要通过https来进行访问,即地址为:https://jira.hktxcn.com
- JIRA的IP地址为: 10.10.1.1 端口号为8080
- Nginx的IP地址为: 20.20.1.1 端口号为80
信息来源
https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html
步骤一:修改配置文件server.xml
<?xml version="1.0" encoding="utf-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener"/> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Service name="Catalina"> <!-- ======== DEFAULT - Direct connector with no proxy for unproxied access to Jira.
If using a http/https proxy, comment out this connector. ======== -->
<!-- Relaxing chars because of JRASERVER-67974 --> <!-- 将以下内容进行屏蔽 --> <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
<!-- ======== HTTP - Proxying Jira via Apache or Nginx over HTTP
If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others. Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.
See the following for more information:
Apache - https://confluence.atlassian.com/x/4xQLM nginx - https://confluence.atlassian.com/x/DAFmGQ ======== -->
<!-- <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
--> <!-- ======== HTTPS - Proxying Jira via Apache or Nginx over HTTPS
If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others. Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.
See the following for more information:
Apache - https://confluence.atlassian.com/x/PTT3MQ nginx - https://confluence.atlassian.com/x/DAFmGQ ======== -->
<!-- 将以下内容打开,并进行修改--> <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="<subdomain>.<domain>.com" proxyPort="443"/>
<!-- ======== AJP - Proxying Jira via Apache over HTTP or HTTPS
If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line See the following for more information:
Apache - https://confluence.atlassian.com/x/QiJ9MQ ======== -->
<!-- <Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/> -->
<Engine name="Catalina" defaultHost="localhost"> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true"> <Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction" factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/> <Manager pathname=""/> <JarScanner scanManifest="false"/> <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" /> </Context>
</Host> <Valve className="org.apache.catalina.valves.AccessLogValve" pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/> </Engine> </Service> </Server>
| <?xml version="1.0" encoding="utf-8"?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener"/> <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Service name="Catalina"> <!-- ======== DEFAULT - Direct connector with no proxy for unproxied access to Jira.
If using a http/https proxy, comment out this connector. ======== -->
<!-- Relaxing chars because of JRASERVER-67974 --> <!-- 将以下内容进行屏蔽 --> <!--
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/> -->
<!-- ======== HTTP - Proxying Jira via Apache or Nginx over HTTP
If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others. Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.
See the following for more information:
Apache - https://confluence.atlassian.com/x/4xQLM nginx - https://confluence.atlassian.com/x/DAFmGQ ======== -->
<!-- <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
--> <!-- ======== HTTPS - Proxying Jira via Apache or Nginx over HTTPS
If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others. Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.
See the following for more information:
Apache - https://confluence.atlassian.com/x/PTT3MQ nginx - https://confluence.atlassian.com/x/DAFmGQ ======== -->
<!-- 将以下内容打开,并进行修改--> <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="jira.hktx.com" proxyPort="443"/> <!-- ======== AJP - Proxying Jira via Apache over HTTP or HTTPS
If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line See the following for more information:
Apache - https://confluence.atlassian.com/x/QiJ9MQ ======== -->
<!-- <Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/> -->
<Engine name="Catalina" defaultHost="localhost"> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true"> <Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction" factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/> <Manager pathname=""/> <JarScanner scanManifest="false"/> <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" /> </Context>
</Host> <Valve className="org.apache.catalina.valves.AccessLogValve" pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/> </Engine> </Service> </Server>
|
---|
步骤二
server { listen jira.hktx.com:80; server_name jira.hktx.com; listen 443 default ssl; ssl_certificate /usr/local/etc/nginx/ssl/nginx.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key; ssl_session_timeout 5m;
location / { client_max_body_size 100m; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.10.1.1:8090; } } | 说明
ssl_certificate和ssl_certificate_key填写证书存放的地址位置
这里指响应超时时间为5分钟
将请求转发到 http://10.10.1.1:8090地址上
|
---|