通过Apache反向代理访问Jira

时间:2017-02-15 09:01:23

标签: apache proxy jira

我已经设置了正在运行的Jira Core 7.3.0,并且使用以下设置是server.xml:

<Connector  port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="https" proxyName="SERVERNAME" proxyPort="443"/>
<Connector  port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

使用Jira的这个“版本”是完全功能和运行。

一旦我将Apache安装为反向代理,Jira就不像以前那样了。我无法使用现有的Administartor帐户首次登录。 如果我登录jira(没有apache代理)(suceed)然后在apache代理的“jira版本”上工作。这非常令人困惑。

我使用Apache httpd.conf的以下设置:

<VirtualHost *:80>
    ServerName SERVERNAME
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    ServerName SERVERNAME
    ProxyRequests Off
    ProxyVia Off
    <Proxy *>
         Require all granted
    </Proxy>
    SSLEngine On
    SSLProxyEngine On
    ProxyPreserveHost On
    ProxyPass /jira http://localhost:8080/jira
    ProxyPassReverse /jira http://localhost:8080/jira
    SSLCertificateFile C:\Path\to\cert\file.crt
    SSLCertificateKeyFile C:\Path\to\cert\file.key
</VirtualHost>

怎么会这样?

2 个答案:

答案 0 :(得分:0)

您的重写规则未传递整个原始网址。

http://httpd.apache.org/docs/current/mod/mod_rewrite.html州:

REQUEST_URI     请求的URI的路径组件,例如“/index.html”。 这显然排除了查询字符串,该字符串可用作名为QUERY_STRING的变量。

混淆JIRA的原因我在上面做了大胆的。

我成功使用: RewriteRule(。*)https://% {HTTP_HOST} $ 1 [R,L]

答案 1 :(得分:0)

这是一个有效且Nessus扫描的配置。另外,Certbot.eff.org可以帮助您获取免费的Let's Encrypt SSL证书,该证书是此配置的一部分。

除此之外,将Jira中的上下文路径更改为/ jira。将其他所有内容保留为默认值。

<IfModule mod_ssl.c>
<VirtualHost *:443> 
Timeout 10000
ProxyTimeout 10000
ServerName intranet.mydomain.com
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"  
Header always append X-Frame-Options SAMEORIGIN
ProxyRequests off
ProxyPreserveHost on
ProxyVia off
ProxyPass /jira http://myserver.local:8080/jira
ProxyPassReverse /jira http://myserver.local:8080/jira
RewriteEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/intranet.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/intranet.mydomain.com/privkey.pem
</VirtualHost> 
</IfModule>

<VirtualHost *:80>
ServerName intranet.mydomain.com
redirect / https://intranet.mydomain.com
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always append X-Frame-Options SAMEORIGIN
ProxyRequests off
ProxyPreserveHost on
ProxyVia off
RewriteEngine on
</VirtualHost>
</IfModule>
相关问题
最新问题