环境
CentOS Linux release 7.9.2009 (Core)
nginx 1.16.1
Confluence 7.12.0
Jira 8.16.1
配置
nginx.conf
/etc/nginx/nginx.conf
#worker_processes 1;
worker_processes auto;
proxy_ignore_client_abort on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;/etc/nginx/conf.d/jira.conf
server {
listen 80;
server_name jira.domain.com;
return 301 https://jira.domain.com$request_uri;
}
server {
listen 443 ssl;
#listen [::]:443 ssl http2;
server_name jira.domain.com;
ssl_certificate /etc/pki/nginx/证书.crt;
ssl_certificate_key /etc/pki/nginx/私钥.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080;
client_max_body_size 1000m;
}
}/etc/nginx/conf.d/wiki.conf
server {
listen 80;
server_name wiki.domain.com;
return 301 https://wiki.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name wiki.domain.com;
ssl_certificate /etc/pki/nginx/证书.crt;
ssl_certificate_key /etc/pki/nginx/私钥.key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}server.xml
由于 80 通过 nginx 301 到 443 使用 SSL,所以通常只保留 https Connector,以下均显示 https Connector。
测试期间可保留原非https 8080/8090 Connector,并更改为其他端口,避免端口重复。
记得更改 Jira 和 Confluence 的基本 URL。
/opt/atlassian/jira/conf/server.xml
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" proxyName="jira.doamin.com" proxyPort="65443" scheme="https"/>/opt/atlassian/confluence/conf/server.xml
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" proxyName="wiki.domain.com" proxyPort="443"/>参考
confluence.atlassian.com/jirakb/configure-jira-server-to-run-behind-a-nginx-reverse-proxy-426115340.html
confluence.atlassian.com/jirakb/configure-jira-server-to-run-behind-a-nginx-reverse-proxy-426115340.html
confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html
proxy_pass http://localhost:8090/synchrony;
这行是不是写错了
没有。
这个 NGINX 和 应用在同一台服务器。如果不是同一台的话,需要改为对应的 IP 或域名。