配置nginx反向代理jira并实现https
配置Tomcat
在本文中,我们设置可以在地址http://jira.aniu.so/jira(标准HTTP端口80)上访问JIRA,而JIRA本身可以使用上下文路径/ jira监听端口8080。
修改配置文件server.xml(在jira安装目录下)
更改前: <Context docBase=<span class="hljs-string">"<span class="hljs-variable">${catalina.home}</span>/atlassian-jira"</span> path=<span class="hljs-string">""</span> reloadable=<span class="hljs-string">"false"</span> useHttpOnly=<span class="hljs-string">"true"</span>> 更改后: <Context docBase=<span class="hljs-string">"<span class="hljs-variable">${catalina.home}</span>/atlassian-jira"</span> path=<span class="hljs-string">"/jira"</span> reloadable=<span class="hljs-string">"false"</span> useHttpOnly=<span class="hljs-string">"true"</span>>更改前: <Context docBase=<span class="hljs-string">"<span class="hljs-variable">${catalina.home}</span>/atlassian-jira"</span> path=<span class="hljs-string">""</span> reloadable=<span class="hljs-string">"false"</span> useHttpOnly=<span class="hljs-string">"true"</span>> 更改后: <Context docBase=<span class="hljs-string">"<span class="hljs-variable">${catalina.home}</span>/atlassian-jira"</span> path=<span class="hljs-string">"/jira"</span> reloadable=<span class="hljs-string">"false"</span> useHttpOnly=<span class="hljs-string">"true"</span>>更改前: <Context docBase="${catalina.home}/atlassian-jira" path="" reloadable="false" useHttpOnly="true"> 更改后: <Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">
配置连接器
- 添加proxyName和proxyPort元素(用适当的属性替换它们),以及下面的另一个连接器——这用于故障排除,以绕过代理:
# 仅仅使用nginx不使用https <span class="hljs-tag"><<span class="hljs-title">Connector</span> <span class="hljs-attribute">port</span>=<span class="hljs-value">"8080"</span> <span class="hljs-attribute">maxThreads</span>=<span class="hljs-value">"150"</span> <span class="hljs-attribute">minSpareThreads</span>=<span class="hljs-value">"25"</span> <span class="hljs-attribute">connectionTimeout</span>=<span class="hljs-value">"20000"</span> <span class="hljs-attribute">enableLookups</span>=<span class="hljs-value">"false"</span> <span class="hljs-attribute">maxHttpHeaderSize</span>=<span class="hljs-value">"8192"</span> <span class="hljs-attribute">protocol</span>=<span class="hljs-value">"HTTP/1.1"</span> <span class="hljs-attribute">useBodyEncodingForURI</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">redirectPort</span>=<span class="hljs-value">"8443"</span> <span class="hljs-attribute">acceptCount</span>=<span class="hljs-value">"100"</span> <span class="hljs-attribute">disableUploadTimeout</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">proxyName</span>=<span class="hljs-value">"jira.aniu.so"</span> <span class="hljs-attribute">proxyPort</span>=<span class="hljs-value">"80"</span>/></span> # 本文使用这次方式 <span class="hljs-tag"><<span class="hljs-title">Connector</span> <span class="hljs-attribute">port</span>=<span class="hljs-value">"8081"</span> <span class="hljs-attribute">maxThreads</span>=<span class="hljs-value">"150"</span> <span class="hljs-attribute">minSpareThreads</span>=<span class="hljs-value">"25"</span> <span class="hljs-attribute">connectionTimeout</span>=<span class="hljs-value">"20000"</span> <span class="hljs-attribute">enableLookups</span>=<span class="hljs-value">"false"</span> <span class="hljs-attribute">maxHttpHeaderSize</span>=<span class="hljs-value">"8192"</span> <span class="hljs-attribute">protocol</span>=<span class="hljs-value">"HTTP/1.1"</span> <span class="hljs-attribute">useBodyEncodingForURI</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">redirectPort</span>=<span class="hljs-value">"8443"</span> <span class="hljs-attribute">acceptCount</span>=<span class="hljs-value">"100"</span> <span class="hljs-attribute">disableUploadTimeout</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">proxyName</span>=<span class="hljs-value">"jira.aniu.so"</span> <span class="hljs-attribute">proxyPort</span>=<span class="hljs-value">"443"</span> <span class="hljs-attribute">scheme</span>=<span class="hljs-value">"https"</span> <span class="hljs-attribute">secure</span>=<span class="hljs-value">"true"</span>/></span> <span class="hljs-tag"><<span class="hljs-title">Connector</span> <span class="hljs-attribute">port</span>=<span class="hljs-value">"8082"</span> <span class="hljs-attribute">maxThreads</span>=<span class="hljs-value">"150"</span> <span class="hljs-attribute">minSpareThreads</span>=<span class="hljs-value">"25"</span> <span class="hljs-attribute">connectionTimeout</span>=<span class="hljs-value">"20000"</span> <span class="hljs-attribute">enableLookups</span>=<span class="hljs-value">"false"</span> <span class="hljs-attribute">maxHttpHeaderSize</span>=<span class="hljs-value">"8192"</span> <span class="hljs-attribute">protocol</span>=<span class="hljs-value">"HTTP/1.1"</span> <span class="hljs-attribute">useBodyEncodingForURI</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">redirectPort</span>=<span class="hljs-value">"8443"</span> <span class="hljs-attribute">acceptCount</span>=<span class="hljs-value">"100"</span> <span class="hljs-attribute">disableUploadTimeout</span>=<span class="hljs-value">"true"</span>/></span> # 仅仅使用nginx不使用https <span class="hljs-tag"><<span class="hljs-title">Connector</span> <span class="hljs-attribute">port</span>=<span class="hljs-value">"8080"</span> <span class="hljs-attribute">maxThreads</span>=<span class="hljs-value">"150"</span> <span class="hljs-attribute">minSpareThreads</span>=<span class="hljs-value">"25"</span> <span class="hljs-attribute">connectionTimeout</span>=<span class="hljs-value">"20000"</span> <span class="hljs-attribute">enableLookups</span>=<span class="hljs-value">"false"</span> <span class="hljs-attribute">maxHttpHeaderSize</span>=<span class="hljs-value">"8192"</span> <span class="hljs-attribute">protocol</span>=<span class="hljs-value">"HTTP/1.1"</span> <span class="hljs-attribute">useBodyEncodingForURI</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">redirectPort</span>=<span class="hljs-value">"8443"</span> <span class="hljs-attribute">acceptCount</span>=<span class="hljs-value">"100"</span> <span class="hljs-attribute">disableUploadTimeout</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">proxyName</span>=<span class="hljs-value">"jira.aniu.so"</span> <span class="hljs-attribute">proxyPort</span>=<span class="hljs-value">"80"</span>/></span> # 本文使用这次方式 <span class="hljs-tag"><<span class="hljs-title">Connector</span> <span class="hljs-attribute">port</span>=<span class="hljs-value">"8081"</span> <span class="hljs-attribute">maxThreads</span>=<span class="hljs-value">"150"</span> <span class="hljs-attribute">minSpareThreads</span>=<span class="hljs-value">"25"</span> <span class="hljs-attribute">connectionTimeout</span>=<span class="hljs-value">"20000"</span> <span class="hljs-attribute">enableLookups</span>=<span class="hljs-value">"false"</span> <span class="hljs-attribute">maxHttpHeaderSize</span>=<span class="hljs-value">"8192"</span> <span class="hljs-attribute">protocol</span>=<span class="hljs-value">"HTTP/1.1"</span> <span class="hljs-attribute">useBodyEncodingForURI</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">redirectPort</span>=<span class="hljs-value">"8443"</span> <span class="hljs-attribute">acceptCount</span>=<span class="hljs-value">"100"</span> <span class="hljs-attribute">disableUploadTimeout</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">proxyName</span>=<span class="hljs-value">"jira.aniu.so"</span> <span class="hljs-attribute">proxyPort</span>=<span class="hljs-value">"443"</span> <span class="hljs-attribute">scheme</span>=<span class="hljs-value">"https"</span> <span class="hljs-attribute">secure</span>=<span class="hljs-value">"true"</span>/></span> <span class="hljs-tag"><<span class="hljs-title">Connector</span> <span class="hljs-attribute">port</span>=<span class="hljs-value">"8082"</span> <span class="hljs-attribute">maxThreads</span>=<span class="hljs-value">"150"</span> <span class="hljs-attribute">minSpareThreads</span>=<span class="hljs-value">"25"</span> <span class="hljs-attribute">connectionTimeout</span>=<span class="hljs-value">"20000"</span> <span class="hljs-attribute">enableLookups</span>=<span class="hljs-value">"false"</span> <span class="hljs-attribute">maxHttpHeaderSize</span>=<span class="hljs-value">"8192"</span> <span class="hljs-attribute">protocol</span>=<span class="hljs-value">"HTTP/1.1"</span> <span class="hljs-attribute">useBodyEncodingForURI</span>=<span class="hljs-value">"true"</span> <span class="hljs-attribute">redirectPort</span>=<span class="hljs-value">"8443"</span> <span class="hljs-attribute">acceptCount</span>=<span class="hljs-value">"100"</span> <span class="hljs-attribute">disableUploadTimeout</span>=<span class="hljs-value">"true"</span>/></span>
# 仅仅使用nginx不使用https <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="jira.aniu.so" proxyPort="80"/> # 本文使用这次方式 <Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="jira.aniu.so" proxyPort="443" scheme="https" secure="true"/> <Connector port="8082" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/>
配置nginx
配置https,需要证书,使用CSR在线生成工具(https://ssl.sundns.com/tool/csrgenerator),生成csr和key文件,方便后面的使用
<span class="hljs-preprocessor"># 在线制作的csr和key上传到服务器/etc/pki/tls/certs目录下,如下:</span> -rw-r--r-- <span class="hljs-number">1</span> root root <span class="hljs-number">1050</span> Jul <span class="hljs-number">25</span> <span class="hljs-number">20</span>:<span class="hljs-number">26</span> jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.csr</span> -rw-r--r-- <span class="hljs-number">1</span> root root <span class="hljs-number">1675</span> Jul <span class="hljs-number">25</span> <span class="hljs-number">20</span>:<span class="hljs-number">27</span> jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.key</span> <span class="hljs-preprocessor"># 使用下面命令生成crt文件,如下:</span> [root@sh-kvm-<span class="hljs-number">3</span>-<span class="hljs-number">1</span> certs]<span class="hljs-preprocessor"># openssl x509 -in jira.aniu.so.csr -out jira.aniu.so.crt -req -signkey jira.aniu.so.key -days 3650</span> Signature ok subject=/C=CN/O=aniu/OU=DevOps/<span class="hljs-keyword">ST</span>=Shanghai/L=Shanghai/CN=jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span>/emailAddress=yunwei@aniu<span class="hljs-preprocessor">.tv</span> Getting Private key<span class="hljs-preprocessor"># 在线制作的csr和key上传到服务器/etc/pki/tls/certs目录下,如下:</span> -rw-r--r-- <span class="hljs-number">1</span> root root <span class="hljs-number">1050</span> Jul <span class="hljs-number">25</span> <span class="hljs-number">20</span>:<span class="hljs-number">26</span> jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.csr</span> -rw-r--r-- <span class="hljs-number">1</span> root root <span class="hljs-number">1675</span> Jul <span class="hljs-number">25</span> <span class="hljs-number">20</span>:<span class="hljs-number">27</span> jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.key</span> <span class="hljs-preprocessor"># 使用下面命令生成crt文件,如下:</span> [root@sh-kvm-<span class="hljs-number">3</span>-<span class="hljs-number">1</span> certs]<span class="hljs-preprocessor"># openssl x509 -in jira.aniu.so.csr -out jira.aniu.so.crt -req -signkey jira.aniu.so.key -days 3650</span> Signature ok subject=/C=CN/O=aniu/OU=DevOps/<span class="hljs-keyword">ST</span>=Shanghai/L=Shanghai/CN=jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span>/emailAddress=yunwei@aniu<span class="hljs-preprocessor">.tv</span> Getting Private key
# 在线制作的csr和key上传到服务器/etc/pki/tls/certs目录下,如下: -rw-r--r-- 1 root root 1050 Jul 25 20:26 jira.aniu.so.csr -rw-r--r-- 1 root root 1675 Jul 25 20:27 jira.aniu.so.key # 使用下面命令生成crt文件,如下: [root@sh-kvm-3-1 certs]# openssl x509 -in jira.aniu.so.csr -out jira.aniu.so.crt -req -signkey jira.aniu.so.key -days 3650 Signature ok subject=/C=CN/O=aniu/OU=DevOps/ST=Shanghai/L=Shanghai/CN=jira.aniu.so/emailAddress=yunwei@aniu.tv Getting Private key
- 更新Nginx设置以拥有以下服务器(以FQDN和jira-hostname替换jira.aniu.so,并使用服务器的主机名):
<span class="hljs-preprocessor"># cat jira.aniu.so.conf (nginx使用yum安装)</span> server { listen <span class="hljs-number">80</span> server_name jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span> return <span class="hljs-number">301</span> https://$host$request_uri } server { listen <span class="hljs-number">443</span> ssl server_name jenkins<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span> access_log /var/log/nginx/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.access</span><span class="hljs-preprocessor">.log</span> main error_log /var/log/nginx/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.error</span><span class="hljs-preprocessor">.log</span> ssl on ssl_certificate /etc/pki/tls/certs/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.crt</span> ssl_certificate_key /etc/pki/tls/certs/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.key</span> location /jira { proxy_set_header Host $host:$server_port proxy_set_header <span class="hljs-built_in">X</span>-Real-IP $remote_addr proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-For $proxy_add_x_forwarded_for proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-Proto $scheme proxy_redirect http:// https:// proxy_pass http://sh-kvm-<span class="hljs-number">3</span>-<span class="hljs-number">1</span>:<span class="hljs-number">8080</span>/jira client_max_body_size <span class="hljs-number">10</span>M proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-Host $host proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-Server $host <span class="hljs-preprocessor"># Required for new HTTP-based CLI</span> proxy_http_version <span class="hljs-number">1.1</span> proxy_request_buffering off } } <span class="hljs-preprocessor"># 更改完成之后重启jira和nginx,访问https://jira.aniu.so/jira,能看到jira集成nginx已经成功</span><span class="hljs-preprocessor"># cat jira.aniu.so.conf (nginx使用yum安装)</span> server { listen <span class="hljs-number">80</span> server_name jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span> return <span class="hljs-number">301</span> https://$host$request_uri } server { listen <span class="hljs-number">443</span> ssl server_name jenkins<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span> access_log /var/log/nginx/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.access</span><span class="hljs-preprocessor">.log</span> main error_log /var/log/nginx/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.error</span><span class="hljs-preprocessor">.log</span> ssl on ssl_certificate /etc/pki/tls/certs/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.crt</span> ssl_certificate_key /etc/pki/tls/certs/jira<span class="hljs-preprocessor">.aniu</span><span class="hljs-preprocessor">.so</span><span class="hljs-preprocessor">.key</span> location /jira { proxy_set_header Host $host:$server_port proxy_set_header <span class="hljs-built_in">X</span>-Real-IP $remote_addr proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-For $proxy_add_x_forwarded_for proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-Proto $scheme proxy_redirect http:// https:// proxy_pass http://sh-kvm-<span class="hljs-number">3</span>-<span class="hljs-number">1</span>:<span class="hljs-number">8080</span>/jira client_max_body_size <span class="hljs-number">10</span>M proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-Host $host proxy_set_header <span class="hljs-built_in">X</span>-Forwarded-Server $host <span class="hljs-preprocessor"># Required for new HTTP-based CLI</span> proxy_http_version <span class="hljs-number">1.1</span> proxy_request_buffering off } } <span class="hljs-preprocessor"># 更改完成之后重启jira和nginx,访问https://jira.aniu.so/jira,能看到jira集成nginx已经成功</span># cat jira.aniu.so.conf (nginx使用yum安装) server { listen 80 server_name jira.aniu.so return 301 https://$host$request_uri } server { listen 443 ssl server_name jenkins.aniu.so access_log /var/log/nginx/jira.aniu.so.access.log main error_log /var/log/nginx/jira.aniu.so.error.log ssl on ssl_certificate /etc/pki/tls/certs/jira.aniu.so.crt ssl_certificate_key /etc/pki/tls/certs/jira.aniu.so.key location /jira { proxy_set_header Host $host:$server_port proxy_set_header X-Real-IP $remote_addr proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for proxy_set_header X-Forwarded-Proto $scheme proxy_redirect http:// https:// proxy_pass http://sh-kvm-3-1:8080/jira client_max_body_size 10M proxy_set_header X-Forwarded-Host $host proxy_set_header X-Forwarded-Server $host # Required for new HTTP-based CLI proxy_http_version 1.1 proxy_request_buffering off } } # 更改完成之后重启jira和nginx,访问https://jira.aniu.so/jira,能看到jira集成nginx已经成功
参考链接
原文链接:https://blog.csdn.net/wh211212/article/details/76098957
© 版权声明
声明📢本站内容均来自互联网,归原创作者所有,如有侵权必删除。
本站文章皆由CC-4.0协议发布,如无来源则为原创,转载请注明出处。
THE END
