场景
通过在nginx中增加ssl证书认证,并将客户的请求转发到JIRA中。JIRA中无需再配置认证证书。
在以下配置过程中,我们假定需要进行的配置上下文件为
Confluence人访问地址为:http://jiraconfluene.hktxcn.com 现需要通过https来进行访问,即地址为:https://jiraconfluene.hktxcn.com
- JIRA的IP地址为: 10.10.1.1 端口号为8080
- Nginx的IP地址为: 20.20.1.1 端口号为80
...
https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html
步骤一:修改配置文件server.xml
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="..com" proxyPort="443"/>
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/>
|
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https" proxyName="jira.hktx.com" proxyPort="443"/>
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/>
|
---|
步骤二
server { listen jira.hktx.com:80; server_name jira.hktx.com; listen 443 default ssl; ssl_certificate /usr/local/etc/nginx/ssl/nginx.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key; ssl_session_timeout 5m;
location / { client_max_body_size 100m; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://10.10.1.1:8090; } } | 说明
ssl_certificate和ssl_certificate_key填写证书存放的地址位置
这里指响应超时时间为5分钟
将请求转发到 http://10.10.1.1:8090地址上
|
---|
...