Nginx通过https代理Confluence

场景

通过在nginx中增加ssl证书认证，并将客户的请求转发到JIRA中。JIRA中无需再配置认证证书。

在以下配置过程中，我们假定需要进行的配置上下文件为

Confluence人访问地址为：http://confluene.hktxcn.com 现需要通过https来进行访问，即地址为：https://confluene.hktxcn.com

JIRA的IP地址为： 10.10.1.1 端口号为8080
Nginx的IP地址为： 20.20.1.1 端口号为80

信息来源

https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html

步骤一：修改配置文件server.xml

                   maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

                   maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
                   proxyName="..com" proxyPort="443"/>











                              factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>







                   pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/>

                   maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
                   proxyName="jira.hktx.com" proxyPort="443"/>

                              factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>







                   pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/>

步骤二

server {
    listen jira.hktx.com:80;
    server_name jira.hktx.com;

    listen 443 default ssl;
    ssl_certificate     /usr/local/etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key;

    ssl_session_timeout 5m;

    location / {
        client_max_body_size 100m;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.10.1.1:8090;
    }
}

说明

ssl_certificate和ssl_certificate_key填写证书存放的地址位置

这里指响应超时时间为5分钟

将请求转发到 http://10.10.1.1:8090地址上

Page tree

场景

步骤一：修改配置文件server.xml

步骤二

8 Comments

Anonymous

Anonymous

Anonymous

Anonymous

Anonymous

Anonymous

Anonymous

Anonymous