我们经常会在JIRA前面使用Nginx作为方向代理,主要可以起到以下作用

  • 使用Nginx对用户提供80和443端口,因为如果在JIRA上直接起这些1024以下的端口需要root权限,这样做并不是一件安全的事
  • 通过Nginx可以方便的做一些访问限制,比如限制一些IP和URL的访问
  • 通过Nginx可以做流控管理
  • 方便的把用户的访问日志接入您的日志管理系统

那么如何配置Nginx和JIRA呢,下面分成集中情况

Http

这是最基础的配置,使用http协议,通过域名直接访问

JIRA URL :http://mydomain.com  


Nginx 配置

server {
    listen mydomain.com:80;
    server_name mydomain.com;
    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_pass http://jira-hostname:8080;
        client_max_body_size 10M;
    }
}
CODE


JIRA配置

设置 <JIRA-INSTALL>/conf/server.xml 文件中的 proxyName 和 proxyPort

<!-- Nginx Proxy Connector -->
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="mydomain.com" proxyPort="80"/> 
CODE


自定义Context路径

除了域名之外 ,加上自定义的路径如jira

JIRA URLhttp://mydomain.com/Jira

Nginx 配置

server {
    listen mydomain.com:80;
    server_name mydomain.com;
    location /jira {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_pass http://jira-hostname:8080/jira;
        client_max_body_size 10M;
    }
}
CODE


JIRA配置

设置 <JIRA-INSTALL>/conf/server.xml 文件中的 proxyName 和 proxyPort, 以及context

<!-- Nginx Proxy Connector -->
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="mydomain.com" proxyPort="80"/> 
CODE

将Context 中的 path设置成您的路径

<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">
CODE


Https 并自定义Context

JIRA URLhttps://mydomain.com/Jira


Nginx 配置

# 将http重定向到https
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name mydomain.com;
 
    listen 443 default ssl;
    ssl_certificate     /usr/local/etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key;
 
    ssl_session_timeout  5m;
 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-
POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-
AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-
AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-
ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-
RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-
SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-
SHA:!DSS';
    ssl_prefer_server_ciphers   on;

    location /jira {
        client_max_body_size 100m;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:jira/jira;
    }
    
}
CODE


JIRA配置

设置 <JIRA-INSTALL>/conf/server.xml 文件中的 proxyName 和 proxyPort, 以及context

<!-- Nginx Proxy Connector with https  --> 
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="mydomain.com" proxyPort="443" scheme="https" secure="true"/>  
CODE

将Context 中的 path设置成您的路径

<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">
CODE