大道至简,知易行难
广阔天地,大有作为

Nginx HTTPS反向代理Confluence、Jira和Bitbucket

Nginx HTTPS反向代理Confluence、Jira和Bitbucket是一个常见的需求,在官网上有部分参考文档,架构大致为(另外承接Confluence、Jira全套破解版搭建):

Nginx Https反向代理Confluence、Jira、Bitbucket

Nginx Https反向代理Confluence、Jira、Bitbucket

其关键点在于SSL证书安装在Nginx上,客户端与Nginx之间使用HTTPS,Nginx与后端的Confluence、Jira和Bitbucket之间使用HTTP。

本文的目的是要使用诸如https://confluence.meilongkui.com:51443、https://jira.meilongkui.com:51443、https://bitbucket.meilongkui.com:51443,本文使用的环境为:

  • Confluence v6.7.2,安装在localhost:58101
  • Jira v7.8.1,安装在localhost:58103
  • Bitbucket v5.9.0,安装在localhost:58104
  • Nginx 1.13.10

主要步骤可以可以参考官方文档(但官网文档中声明了不提供支持服务)。其中,Confluence由于需要使用WebSocket(/synchrony)需要尤其注意,否则在编辑时会报错且无法保存。在官方文档中提到Confluence 6.0的synchrony端口为8091。

Nginx配置文件如下:

#user  nobody;
worker_processes  1;
#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;
#pid        logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    server_names_hash_bucket_size 64;
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  ‘$remote_addr – $remote_user [$time_local] “$request” ‘
    #                  ‘$status $body_bytes_sent “$http_referer” ‘
    #                  ‘”$http_user_agent” “$http_x_forwarded_for”‘;
    #access_log  logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    gzip  on;
    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    server{
        listen 80 default;
        server_name _;
        return 403;
     }
    server {
        listen 51443;
        ssl on;
        server_name confluence.meilongkui.com;
        ssl_certificate C:\ssl_cert\STAR_meilongkui_com-all.crt;
        ssl_certificate_key C:\ssl_cert\star.meilongkui.com_key.txt;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        location / {
              client_max_body_size 100m;
              proxy_set_header X-Forwarded-Host $host;
              proxy_set_header X-Forwarded-Server $host;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_pass http://localhost:58101;
        }
        location /synchrony {
              proxy_set_header X-Forwarded-Host $host;
              proxy_set_header X-Forwarded-Server $host;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_pass http://localhost:8091/synchrony;
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection “Upgrade”;
        }
    }
    server {
        listen       51443;
        ssl on;
        server_name  jira.meilongkui.com;
        ssl_certificate C:\ssl_cert\STAR_meilongkui_com-all.crt;
        ssl_certificate_key C:\ssl_cert\star.meilongkui.com_key.txt;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        location / {
              client_max_body_size 10M;
              proxy_set_header X-Forwarded-Host $host;
              proxy_set_header X-Forwarded-Server $host;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_pass http://localhost:58102;
        }
    }
    server {
        listen       51443;
        ssl on;
        server_name  bitbucket.meilongkui.com;
        ssl_certificate C:\ssl_cert\STAR_meilongkui_com-all.crt;
        ssl_certificate_key C:\ssl_cert\star.meilongkui.com_key.txt;
        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;
        location / {
              client_max_body_size 10M;
              proxy_set_header X-Forwarded-Host $host;
              proxy_set_header X-Forwarded-Server $host;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_redirect off;
              proxy_pass http://localhost:58104;
        }
    }
}

Confluence配置文件:

<Server port=”8101″ shutdown=”SHUTDOWN” debug=”0″>
<Service name=”Tomcat-Standalone”>
<Connector port=”58101″ connectionTimeout=”20000″ redirectPort=”8443″
maxThreads=”48″ minSpareThreads=”10″
enableLookups=”false” acceptCount=”10″ debug=”0″ URIEncoding=”UTF-8″
protocol=”org.apache.coyote.http11.Http11NioProtocol”
scheme=”https” proxyName=”confluence.meilongkui.com” proxyPort=”51443″ />

<Engine name=”Standalone” defaultHost=”localhost” debug=”0″>

<Host name=”localhost” debug=”0″ appBase=”webapps” unpackWARs=”true” autoDeploy=”false” startStopThreads=”4″>
<Context path=”” docBase=”../confluence” debug=”0″ reloadable=”false” useHttpOnly=”true”>
<!– Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-         INF/classes/log4j.properties –>
<Manager pathname=”” />
<Valve className=”org.apache.catalina.valves.StuckThreadDetectionValve” threshold=”60″ />
</Context>

<Context path=”${confluence.context.path}/synchrony-proxy” docBase=”../synchrony-proxy” debug=”0″ reloadable=”false” useHttpOnly=”true”>
<Valve className=”org.apache.catalina.valves.StuckThreadDetectionValve” threshold=”60″ />
</Context>
</Host>

</Engine>
</Service>
</Server>

Jira配置文件:

<Connector port=”58102″

maxThreads=”150″
minSpareThreads=”25″
connectionTimeout=”20000″

enableLookups=”false”
maxHttpHeaderSize=”8192″
protocol=”HTTP/1.1″
useBodyEncodingForURI=”true”
redirectPort=”8443″
acceptCount=”100″
disableUploadTimeout=”true”
bindOnInit=”false”
proxyName=”jira.meilongkui.com” proxyPort=”51443″ scheme=”https”/>

Bitbucket配置文件(在Windows平台下默认位于

C:\Atlassian\ApplicationData\Bitbucket\shared\bitbucket.properties):

#2018-04-01 – Configuration updated by the Bitbucket installer

server.port=58104
server.scheme=https
server.proxy-port=51443
server.proxy-name=bitbucket.meilongkui.com

附官方参考文档:

  • https://confluence.atlassian.com/confkb/how-to-use-nginx-to-proxy-requests-for-confluence-313459790.html
  • https://confluence.atlassian.com/confeap/running-confluence-behind-nginx-with-ssl-849150880.html
  • https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html
  • https://confluence.atlassian.com/bitbucketserver/proxying-and-securing-bitbucket-server-776640099.html
  • https://confluence.atlassian.com/bitbucketserver/securing-bitbucket-server-behind-nginx-using-ssl-776640112.html

转载时请保留出处,违法转载追究到底:进城务工人员小梅 » Nginx HTTPS反向代理Confluence、Jira和Bitbucket

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址