Categories

  • articles

Tags

  • java
  • jira
  • docker

Just going to give a quick explination of how I got JIRA Software running quick for new company. Going to use Docker container for database postgres and another for Jira. We will then use nginx to serve the site and do the HTTPS with letsencrypt.

First lets fire up a postgres docker.

sudo docker run --name jiradb-postgres -e POSTGRES_PASSWORD=mypassword -d postgres

Replace mypassword with your password. This will create docker container with name jiradb-postgres and database user postgres and password mypassword.

Next get JIRA instance going

sudo docker run --detach --publish 8080:8080 --link jiradb-postgres:postgres --name jira7 cptactionhank/atlassian-jira-software:latest

This will link postgress to the Jira container and here we name the Jira container jira7.

This next step is optional but something that always causes issues for me with docker. Setting the time! I am also installing nano here to configure JIRA.

sudo docker exec -i -t  --user root jira7 /bin/bash
dpkg-reconfigure tzdata
apt-get install nano
exit

Next step is to configure the nginx proxy config in the Jira instance.

sudo docker exec -i -t jira7 /bin/bash
export TERM=xterm
nano /opt/atlassian/jira/conf/server.xml

Here you need to find the connector section and replace/add the current HTTP connector with the following

	<!-- Nginx Proxy Connector -->
	<Connector port="8080"
		maxThreads="150"
		minSpareThreads="25"
		connectionTimeout="20000"
		enableLookups="false"
		maxHttpHeaderSize="8192"
		protocol="HTTP/1.1"
		useBodyEncodingForURI="true"
		secure="true"
		scheme="https"
		redirectPort="443"
		acceptCount="100"
		disableUploadTimeout="true"
		proxyName="example.com"
		proxyPort="443"/>

Just remember here to change your proxyName to the domain name you will be using. Once done there exit the container and lets install letsencrypt and configure nginx.

Install letsencrypt:

sudo apt-get -y install git bc
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

Now make sure no service is listening on port 80 or port 433 by stopping nginx:

sudo service nginx stop

Now you are ready to create your SSL certificate and again replace the email and domain details below with yours.

sudo /opt/letsencrypt/letsencrypt-auto certonly --standalone --rsa-key-size 4096 --email email@example -d example.com

If successful the certificates will be placed in /etc/letsencrypt/live/example.com where example.com is your domain name.

Create the nginx site

sudo nano /etc/nginx/sites-available/example
server {
    listen 80;
    server_name example.com;
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    # NGINX usually only allows 1M per request. Increase this to JIRA's maximum attachment size (10M by default)
    client_max_body_size 10M;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8080;
        client_max_body_size 10M;
    }
}

Again change example.com to your domain. Also note in the proxy_pass section set to the location where you installed the Jira Docker instance if not on the same machine.

That is it you should not be able to connect to Jira via SSL and configure.