JIRA & Confluence behind Apache with SSL on CentOS 6.3

Recently, I needed to install JIRA (5.2.2) and Confluence (4.3.5) on CentOS (6.3). Atlassian documentation is pretty straightforward but I was struggling for some time with my specific configuration that is not so common (I think). Im using Apache as a reverse proxy to JIRA / Confluence tomcats. Jira is running on :8080 and Confluence on :8090. Apache is using SSL and both Tomcats only http.

My goals were:

  • run both applications on same machine behind Apache
  • run both applications on same mysql instance (on same server)
  • use Apache with SSL and use apaches reverse proxy module to access both application
  • run JIRA on https://jira.example.com
  • run Confluence on https://jira.example.com/confluence

So if you need to install JIRA & Confluence like me, you can use my guide. I hope it will help you and you won’t waste time like I did :).

Requirements

  • CentOS 6.3
  • Apache >= 2.2 (with mod_ssl & mod_proxy installed)
  • Mysql >= 5.1
  • ssh root access to server

So lets begin:

Download jira standalone somewhere (eg. root home folder)

I’ve downloaded atlassian-jira-5.2.2.tar.gz and atlassian-confluence-4.3.5.tar.gz from Atlassian.

Create users

Create folder structure

Copy application to destination folder

Copy atlassian-jira-5.2.2.tar.gz content to /opt/atlasian/jira/5.2.2/ and
atlassian-confluence-4.3.5.tar.gz content to /opt/atlasian/confluence/4.3.5/.
Now set permissions one more time:

Configure JIRA & Cunfluence server.xml

What you need is to config JIRA and Confluence tomcat to work behind https proxy.

Also you need to change path for Confluence so that you can access confluence on https://jira.example.com/confluence.

Configure confluence-init.properties

JIRA is using JIRA_HOME env variable to find its home (data) folder but confluence needs to be configured manualy.

Setup apache ssl and reverse proxy

I have my certificate and key file in /etc/httpd/ssl/. So if you need just change SSLCertificateFile and SSLCertificateKeyFile path to your files.

Now you can check Apache configuration. If it says “Syntax OK” than everything should be ok. If no then check for any error in your configuration (typos, …).

Configure mysql users and databases

Dont forget to change passwords in the script.

Create starting scripts

JIRA
Confluence

Then add permisions to execute:

Start apache, mysql, jira and confluence

When you type https://jira.example.com you should get this:
JiraSuccess
When you type https://jira.example.com/confluence you should get this:
ConfluenceSuccess

Basic troubleshooting

If there is some problem check Apache log for error and catalina logs for Tomcats.

I found out that I need to allow Apache to connect, so my proxy can work.

[Wed Dec 19 16:19:08 2012] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:8080 (127.0.0.1) failed

If you find something like this, just run this command and restart Apache.

So I hope this “cookbook” will help someone. I wrote it down only do not forget how I did it and to save some time next time, when I do something like this.

Resources

https://confluence.atlassian.com/display/JIRA052/Installing+JIRA+from+an+Archive+File+on+Windows%2C+Linux+or+Solaris
https://confluence.atlassian.com/display/JIRA052/Connecting+JIRA+to+MySQL
https://confluence.atlassian.com/display/JIRA/Starting+JIRA+Automatically+on+Linux
https://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPS
https://confluence.atlassian.com/display/DOC/Installing+Confluence+on+Linux+from+Archive+File
https://confluence.atlassian.com/display/DOC/Using+Apache+with+mod_proxy
https://confluence.atlassian.com/display/DOC/Database+Setup+For+MySQL

17 thoughts on “JIRA & Confluence behind Apache with SSL on CentOS 6.3

  1. David Summers

    Uh, the most interesting part of your discussion is shown as “…” in the code text boxes! I have everything else working except the Confluence server.xml part. Please show what you put there!

    You customized Jira/Confluence a lot more than I did. I put symlinks from /opt/atlassian and /var/atlassian to /home/atlassian and then took the installer defaults. I automatically created start scripts in /etc/init.d, users in the passwd/group files, home directories, etc. I didn’t have to touch those.

    The only thing I had to do was customize Jira/Confluence to edit the server.xml files to set up the Apache reverse proxy, I had /etc/httpd/conf.d/jira.conf and /etc/httpd/conf.d/confluence.conf with just the location and ReverseProxy commands.

    So I’m almost there except I’m looking for the Confluence server.xml settings to set up the Reverse Proxy.

    Your example just shows “…” for those parts!

    If you could show those server.xml files you had that would be wonderful!

    Thanks

    Reply
  2. Pingback: Upgrading JIRA 5.2.x & Confluence 4.3.x | Miroslav Magda's blog

  3. Justin Raja Kumar

    Hi,

    Need one help, I am trying to setup the same JIRA+confluence but I couldn’t be able to success this one.

    Could you please share your vhost.conf file clearly. I have done everything as the same your step only.

    Regards,
    Justin

    Reply
    1. Miroslav Magda Post author

      Hi Justin. Unfortunately Im not working for the company where I setup JIRA. So I cant provide you vhost.conf.
      I changed theme in WordPress and it messed my articles. Thats why vhost.conf in tjis article is broken 🙁

      Reply
  4. Dinesh

    Hi Miroslav,

    I am trying hard to configure HTTPS-SSL with JIRA and Confluence but apart from failure i have not received any thing. I have exactly same requirement like you had mentioned in this blog. I have successfully installed SSL,JIRA and Confluence as per below details:
    JIRA- 6.4.11
    Confluence 5.8.5
    OpenSSL 1.0.1e-fips
    Apache Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
    Server built: Aug 10 2015 07:39:34
    RHEL 7 running on EC2
    RDS database.

    Please find below my JIRA vhost and SSL file details:
    virtual host

    ServerName jira-test.www.w2ho4p.com
    Redirect permanent / https://jira-test.www.sample.com/

    SSL as per below:

    SSLEngine on
    SSLCertificateFile /etc/httpd/ssl/jira-test.www.sample.com.certfile.pem
    SSLCertificateKeyFile /etc/httpd/ssl/jira-test.www.sample.com.cert.key
    SSLCertificateChainFile /etc/httpd/ssl/jira-test.www.sample.com.cert.chain.pem

    # General setup for the virtual host, inherited from global configuration
    DocumentRoot “/var/www/html”
    ServerName jira-test.www.sample.com

    Order deny,allow
    Allow from all

    #SSLProxyEngine on

    ProxyRequests Off
    ProxyPreserveHost On

    ProxyPass /confluence http://127.0.0.1:8090/confluence
    ProxyPassReverse /confluence http://127.0.0.1:8090/confluence

    Order deny,allow
    Allow from all

    ProxyPass / http://127.0.0.1:8886/
    ProxyPassReverse / http://127.0.0.1:8886/

    #HTTP => HTTPS rewrite
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    Reply
  5. Dinesh

    Tomcat for JIRA:
    Server version: Apache Tomcat/7.0.55
    Server built: Jul 18 2014 05:34:04
    Server number: 7.0.55.0
    OS Name: Linux
    OS Version: 3.10.0-229.7.2.el7.x86_64
    Architecture: amd64
    JVM Version: 1.8.0_51-b16
    JVM Vendor: Oracle Corporation

    Tomcat for Confluence:
    Server version: Apache Tomcat/8.0.23
    Server built: May 19 2015 14:58:38 UTC
    Server number: 8.0.23.0
    OS Name: Linux
    OS Version: 3.10.0-229.7.2.el7.x86_64
    Architecture: amd64
    JVM Version: 1.8.0_45-b14
    JVM Vendor: Oracle Corporation

    Reply
  6. Dinesh

    Hi Miroslav,

    In JIRA xml file there are no changes, it is eaxct same. But in Confluence server.xml have JSSE Tomcat which i will share later.

    Reply
  7. Dinesh

    Please find Confluence server.xml setup:


    <!–
    <Connector port="8443" maxHttpHeaderSize="8192"
    maxThreads="150" minSpareThreads="25"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
    URIEncoding="UTF-8" keystorePass="”/>
    –>

    JIRA Confluence server.xml:

    <!–

    –>

    <!–

    –>

    Reply
  8. Dinesh

    Hi Miroslav,

    I have also one question for Confluence server.xml file. You have mention Connector for Tomcat 4 version. Can you able to tell me if i can use HTTP/1.1 or i have to use org.apache.coyote.http11.Http11NioProtocol.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *