In Ubuntu server, Apache comes pre-installed with virtual server software. That means that if I specify hosts to my domain name they are processed by separate configuration. That way I can create a nexus.server.com and point it to the nexus server running on port 8081, and a jira.server.com and point it to jira running on port 8082. All call are served by Apache httpd, so will be coming from the default port 80. It's mostly a naming convenience, I could just poke a hole in my firewall at ports 8081 and 8082, but I like having a minimal amount of holes in my firewall. In addition, since Apache httpd will be the front end, it has a good reputation for being secure and responsive.
Unfortunately, making a reverse proxy can often be a problematic adventure. If webapps all played by the rules, it would not be a problem. But webapps occasionally do redirects, and if the redirect points to the internal server, any external browsers aren't going to process them. The outside world doesn't know anything about codemonkey, however I have several domain names registered which I can use.
The first thing, once you have a domain name registered, is to set up the DNS zone. All of my domain name are registered with godaddy.com, and mostly they are registered with the godaddy nameserver (NS). From there I can edit the DNS zone file and add CNAME that point to '@' which means they all point to the same server (my home server). So I created a CNAME for www, nexus, and jira, which all point to the same server, and Apache sorts out who the requests should go to. If you're having trouble following this, I can't blame you DNS is one of the older systems on the internet, and it's configuration is rather arcane. There are several books on DNS, but I can't recommend any. Exposing these services is completely optional, I just do it for experience, and I do need nexus outside my house if I ever do any Java programming on the road. The other two are just nice to have, Confluence will be my www, which is the default host, so that's what will be associated with my domain. Jira and Confluence go hand-in-hand, so might as well expose both of them. But exposing them, also means exposing yourself to risk, although it is minimal. You probably expose yourself more if you use Internet Explorer.
With godaddy all configured, now I have to configure Apache. In Ubuntu, the configuration file is split up in a very logical manner. They have directories 'sites-available' and 'sites-enabled'. You create the specifics about a virtual server in the 'sites-available' directory and then when they are ready, you link them into the sites-enabled directory. That way you can take your site down for maintenance by removing them from the sites-enabled directory, work on them in sites-available and then link them back when you're finished. To start off, there's a default configuration that you can copy into the sites-available directory:
cd /etc/apache2
sudo cp sites-available/000-default.conf sites-available/nexus.conf
sudo cp sites-available/000-default.conf sites-available/jira.conf
sudo cp sites-available/000-default.conf sites-available/confluence.conf
Confluence will be the default server, but I keep 000-default around for safe keeping. It's named with the 000 so that it will be the first configuration picked up for when hosts don't match. It points to /var/www/html, so you might put in a simple html file that always redirects to www. Always make sure your html is simple so that hackers don't have anything to take advantage of. Now I will edit each of the conf files to do the reverse proxying. First Jira, here's the jira.conf:
<VirtualHost *:80>
ServerName jira.myserver.com
ServerAdmin randysr@kamradtfamily.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# JIRA Proxy Configuration:
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://codemonkey:8082/
ProxyPassReverse / http://codemonkey:8082/
</VirtualHost>
Now we enable the site and restart apache:
sudo a2ensite jira.conf
sudo service apache2 reload
The only issue is that if I use http://jira.myserver.com I get the defaut site, but if I type http://jira.myserver.com/ I get Jira. It needs that trailing slash. But ok, that shouldn't be an issue. Finally I need to log on to Jira as admin, and set the base URL so it references the new external name.
So far, so good, next is nexus. Nexus has an issue: it has the name nexus in the path. I'm sure there a way to get rid of that, but for now, I'll keep it just to make things easy. Otherwise the redirects don't work. In order to allow the name nexus in the path I need to add it to the two slashes in the jira.conf. So now the config file looks like this:
<VirtualHost *:80>
ServerName nexus.myserver.com
ServerAdmin randysr@kamradtfamily.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Nexus Proxy Configuration:
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /nexus http://codemonkey:8081/nexus
ProxyPassReverse /nexus http://codemonkey:8081/nexus
</VirtualHost>
Again, not a major problem, I just need to use the path http://nexus.myserver.com/nexus. Now I can set up my mirror in my settings.xml to point to myserver, and I can use Maven to code at my local coffee shop.
Finally I need to install and configure Confluence and set it up as my default server. It's pretty similar to Jira, the first step is to run the bin file. Run it as root to be able to set it up as a service. In this case you can use all default values as it uses ports 8090 and 8000, which are not currently used. Test out the install by browsing to http://localserver:8090. So since it doesn't use a path, I can now copy the apache config file from jira.conf to confluence.conf and just change the ServerName and ports. I can restart apache and now run the configuration from the external URL. First thing we need to do is to create a database for confluence just like we did for jira. You can refer to my previous blog for the details, but I just create a user called confluence and a database called confluencedb. Back at the confluence app, it will ask for the parameters you just created. The default database is confluence, and I changed it to confluencedb so I could create a user named confluence. I'm pretty new to postgres, and I'm not sure how it would deal with a user and database having the same name. Plus it makes it consistent with the naming I used for jira. Next it wants to know if I want an empty site or a demo site. I hate demo sites, they are often hard to remove once you get going, and hang around like an appendix ready to be exploited once someone find a loophole. So I start with an empty site, and I'll do a little research before I really start making spaces/pages. Next it asks if I want to import the users from jira, and I can't think of why not. That all works without a hitch. Now comes the fun of configuration spaces and pages in Confluence. But I've done enough work today. I'll finish up configuration later. I may or may not blog about the specifics, but I'll probably have something to say about using all of these apps, and how well they work together along with all the other development stuff I have. Since I installed all these to assist my programming, I'll probably get back to some programming, which I'll talk about on my programming blog http://rlkamradt.wordpress.com So see you there!
No comments:
Post a Comment