This post can be the continuation of this:

In this case, we want to install a Proxy Server (can be Apache or Nginx for example).

To install Apache in a Linux Debian installation:

  • apt-get update
  • apt-get install apache2

To start the service:

  • sudo service apache2 start

Enable mod_proxy modules in Apache:

  • sudo a2enmod proxy_http

Configuring virtual hosts using mod_proxy:

Captura de pantalla 2018-07-21 a las 22.50.03

Note that for Debian, the preferred approach is to add the virtual host block to a separate configuration file for each application in /etc/apache2/sites-available/<site>, for example named confluence.conf and/or jira.conf. These should be based on the default template, 000-default.conf.

Remember the last slash!! If not your jira will be visible without styles and render 🙂

In some cases, you may need to add a trailing slash to your ProxyPass and ProxyPassReverse directives. For example:

ProxyPass /<contextpath> http://<internal_domain&gt;:<port>/<contextpath>/
ProxyPassReverse /<contextpath> http://<internal_domain&gt;:<port>/<contextpath>/

If your Jira show this message:

Add_Page_-_hnnngggghhhh_-_Confluence

  • you are using a reverse proxy, but the values for proxyName and proxyPort  are incorrect in your <install-directory>/conf/server.xml file.

If you are using a reverse proxy, make sure the the proxyName and proxyPort attributes have correct values for your reverse proxy.  Your connector should look similar to the example below, and the recommended settings will be displayed in the warning.

Captura de pantalla 2018-07-21 a las 22.54.57

Now we have the Apache Reverse Proxy installed and listen in the port 80 (http).

To continue with the next part (listen in 443 https protocol) we need to create a valid certificate for the Proxy. 

We can use a multi-domain certificate *.mydomain.com or a custom certificate, for example jira.mydomain.com

If we don’t want a selfsigned certificate, but we want a “green” certificate, we can try the Let’s Encrypt certificate of the Linux Foundation.

Just write this instructions in your Linux Debian System:

  • sudo apt-get install python-certbot-apache -t stretch-backports
  • sudo certbot –authenticator webroot –installer apache
  • sudo certbot certonly –authenticator standalone –pre-hook “apachectl -k stop” –post-hook “apachectl -k start”

Remember to anote the Key and Pem files and paths of the certificate. We will need in the new virtual host for the https (Listen 443) port.

And to automating renewal of the certificate:

  • sudo certbot renew –dry-run

Now we can install the mod_ssl in Apache!

  • sudo a2enmod ssl

Now we are ready to config the ssl virtual host in /etc/apache2/sites-available/

Something similar to this…(but remove the JkMount part)

Captura de pantalla 2018-07-21 a las 23.09.06

Remember to copy the file to the /etc/apache2/sites-enabled/

And remember to change in the server.xml file of the Jira Tomcat again the connection to the Apache Reverse Proxy port 443.

Now we can do the final step, redirect http links to https protocol.

We install the mod_rewrite module to Apache:

  • sudo a2enmod rewrite

Just edit the 80 port virtual host file 000-default.conf. and add these lines:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Start Jira, and start Apache. That’s all! You have now https with green certificate enabled!

By MrAddon

 

 

 

Advertisements
Posted by:.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s