Using Apache2 with Atlassian Products

This worked fairly well out of the box (somewhat surprisingly).

Atlassian tries to make things easy by having a ‘Standalone’ edition of each of their products. Essentially this is the product bundled with tomcat so that you don’t have to configure your system’s tomcat. This is very useful if you want to run multiple instances on the same machine. We have Jira, Confluence, and Crowd all running on the same box.

Tomcat can be a standalone web server, but the problem is, it doesn’t want to listen at port 80 or 443. You can configure it to listen over ssl, but that still means your end-users have to type in the port at the end. So, what you do is you have apache2 act as a proxy. Here’s an example vhost that has apache2 listening on a specific interface, redirecting to https, and acting as a proxy with tomcat.

Listen 10.12.10.102:80
<VirtualHost 10.12.10.102:80>
ServerAdmin webmaster@example.com
ServerName confluence.example.com
ServerAlias confluence.example.com

Redirect / https://confluence.example.com

</VirtualHost>

Listen 10.12.10.102:443
<VirtualHost 10.12.10.102:443>
ServerAdmin webmaster@example.com
ServerName confluence.example.com
ServerAlias confluence.example.com

AddDefaultCharset utf-8
DocumentRoot /opt/atlassian/confluence/confluence/
<Directory /opt/atlassian/confluence/confluence/>
Options MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>

ProxyPreserveHost On

<Proxy balancer://confluence>
ProxySet stickysession=JSESSIONID|jsessionid scolonpathdelim=On
BalancerMember http://127.0.0.1:8090
Order deny,allow
Allow from 10.12.20.0/24
Allow from 10.12.22.0/24
</Proxy>

<Location “/”>
ProxyPass balancer://confluence/
ProxyPassReverse balancer://confluence/
RequestHeader set X-FORWARDED-PROTO ‘https’
</Location>

LogLevel warn
CustomLog /var/log/apache2/confluence-access.log combined
ErrorLog /var/log/apache2/confluence-error.log

SSLEngine On
SSLCertificateFile /etc/ssl/certs/confluence.example.com.crt
SSLCertificateKeyFile /etc/ssl/private/confluence.example.com.key
SSLCACertificateFile /etc/ssl/certs/ca.example.com.crt
</VirtualHost>

So there you have it. We use mod_proxy and mod_ssl to provide a secure, user-friendly address to access these tomcat applications.

 
0
Kudos
 
0
Kudos

Now read this

Web Bloat

[edit] As an amusing update to this article, I found this site: http://www.webbloatscore.com/ it turns any page you give it into an image map and then compares that size to your original payload. I’ve linked an interesting article here,... Continue →