环境

CentOS Linux release 7.9.2009 (Core)
nginx 1.16.1
Confluence 7.12.0
Jira 8.16.1

配置

nginx.conf

/etc/nginx/nginx.conf

#worker_processes 1;
worker_processes auto;
 
proxy_ignore_client_abort on;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;

/etc/nginx/conf.d/jira.conf

server {
    listen 80;
    server_name jira.domain.com;
 
    return 301 https://jira.domain.com$request_uri;
}
 
server {
    listen 443 ssl;
    #listen [::]:443 ssl http2;
    server_name jira.domain.com;
 
    ssl_certificate /etc/pki/nginx/证书.crt;
    ssl_certificate_key /etc/pki/nginx/私钥.key;
 
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
 
    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8080;
        client_max_body_size 1000m;
    }
}

/etc/nginx/conf.d/wiki.conf

server {
    listen 80;
    server_name wiki.domain.com;
 
    return 301 https://wiki.domain.com$request_uri;
}
 
server {
    listen 443 ssl;
    server_name wiki.domain.com;
 
    ssl_certificate /etc/pki/nginx/证书.crt;
    ssl_certificate_key /etc/pki/nginx/私钥.key;
 
    ssl_session_timeout 10m;
    ssl_session_cache shared:SSL:10m;
 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers   on;
 
    location / {
        client_max_body_size 100m;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8090;
    }
 
    location /synchrony {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8090/synchrony;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

server.xml

由于 80 通过 nginx 301 到 443 使用 SSL,所以通常只保留 https Connector,以下均显示 https Connector。
测试期间可保留原非https 8080/8090 Connector,并更改为其他端口,避免端口重复。
记得更改 Jira 和 Confluence 的基本 URL。
/opt/atlassian/jira/conf/server.xml

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
           maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
           maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
           acceptCount="100" disableUploadTimeout="true" bindOnInit="false" proxyName="jira.doamin.com" proxyPort="65443" scheme="https"/>

/opt/atlassian/confluence/conf/server.xml

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
           maxThreads="48" minSpareThreads="10"
           enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           scheme="https" secure="true" proxyName="wiki.domain.com" proxyPort="443"/>

参考

confluence.atlassian.com/jirakb/configure-jira-server-to-run-behind-a-nginx-reverse-proxy-426115340.html
confluence.atlassian.com/jirakb/configure-jira-server-to-run-behind-a-nginx-reverse-proxy-426115340.html
confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html

最后修改:2022 年 01 月 17 日 10 : 10 AM
© 允许规范转载
如果觉得文章帮助了您,您可以随意赞赏。