Using Apache2 with Atlassian Products
This worked fairly well out of the box (somewhat surprisingly).
Atlassian tries to make things easy by having a ‘Standalone’ edition of each of their products. Essentially this is the product bundled with tomcat so that you don’t have to configure your system’s tomcat. This is very useful if you want to run multiple instances on the same machine. We have Jira, Confluence, and Crowd all running on the same box.
Tomcat can be a standalone web server, but the problem is, it doesn’t want to listen at port 80 or 443. You can configure it to listen over ssl, but that still means your end-users have to type in the port at the end. So, what you do is you have apache2 act as a proxy. Here’s an example vhost that has apache2 listening on a specific interface, redirecting to https, and acting as a proxy with tomcat.
Listen 10.12.10.102:80
<VirtualHost 10.12.10.102:80>
ServerAdmin webmaster@example.com
ServerName confluence.example.com
ServerAlias confluence.example.com
Redirect / https://confluence.example.com
</VirtualHost>
Listen 10.12.10.102:443
<VirtualHost 10.12.10.102:443>
ServerAdmin webmaster@example.com
ServerName confluence.example.com
ServerAlias confluence.example.com
AddDefaultCharset utf-8
DocumentRoot /opt/atlassian/confluence/confluence/
<Directory /opt/atlassian/confluence/confluence/>
Options MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
ProxyPreserveHost On
<Proxy balancer://confluence>
ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
BalancerMember http://127.0.0.1:8090
Order deny,allow
Allow from 10.12.20.0/24
Allow from 10.12.22.0/24
</Proxy>
<Location “/”>
ProxyPass balancer://confluence/
ProxyPassReverse balancer://confluence/
RequestHeader set X-FORWARDED-PROTO ‘https’
</Location>
LogLevel warn
CustomLog /var/log/apache2/confluence-access.log combined
ErrorLog /var/log/apache2/confluence-error.log
SSLEngine On
SSLCertificateFile /etc/ssl/certs/confluence.example.com.crt
SSLCertificateKeyFile /etc/ssl/private/confluence.example.com.key
SSLCACertificateFile /etc/ssl/certs/ca.example.com.crt
</VirtualHost>
So there you have it. We use mod_proxy and mod_ssl to provide a secure, user-friendly address to access these tomcat applications.