JIRA Nginx 配置:包含自定义路径、Https等场景
我们经常会在JIRA前面使用Nginx作为方向代理,主要可以起到以下作用
- 使用Nginx对用户提供80和443端口,因为如果在JIRA上直接起这些1024以下的端口需要root权限,这样做并不是一件安全的事
- 通过Nginx可以方便的做一些访问限制,比如限制一些IP和URL的访问
- 通过Nginx可以做流控管理
- 方便的把用户的访问日志接入您的日志管理系统
那么如何配置Nginx和JIRA呢,下面分成集中情况
Http
这是最基础的配置,使用http协议,通过域名直接访问
JIRA URL :http://mydomain.com
Nginx 配置
server {
listen mydomain.com:80;
server_name mydomain.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://jira-hostname:8080;
client_max_body_size 10M;
}
}
CODE
JIRA配置
设置 <JIRA-INSTALL>/conf/server.xml
文件中的 proxyName
和 proxyPort
<!-- Nginx Proxy Connector -->
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="mydomain.com" proxyPort="80"/>
CODE
自定义Context路径
除了域名之外 ,加上自定义的路径如jira
JIRA URL :http://mydomain.com/Jira
Nginx 配置
server {
listen mydomain.com:80;
server_name mydomain.com;
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://jira-hostname:8080/jira;
client_max_body_size 10M;
}
}
CODE
JIRA配置
设置 <JIRA-INSTALL>/conf/server.xml
文件中的 proxyName
和 proxyPort, 以及context
<!-- Nginx Proxy Connector -->
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="mydomain.com" proxyPort="80"/>
CODE
将Context 中的 path设置成您的路径
<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">
CODE
Https 并自定义Context
JIRA URL :https://mydomain.com/Jira
Nginx 配置
# 将http重定向到https
server {
listen 80 default_server;
listen [::]:80 default_server;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name mydomain.com;
listen 443 default ssl;
ssl_certificate /usr/local/etc/nginx/ssl/nginx.crt;
ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-
POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-
AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-
AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-
ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-
RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-
SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-
SHA:!DSS';
ssl_prefer_server_ciphers on;
location /jira {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:jira/jira;
}
}
CODE
JIRA配置
设置 <JIRA-INSTALL>/conf/server.xml
文件中的 proxyName
和 proxyPort, 以及context
<!-- Nginx Proxy Connector with https -->
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="mydomain.com" proxyPort="443" scheme="https" secure="true"/>
CODE
将Context 中的 path设置成您的路径
<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">
CODE