CURVC DevOps

페이지 트리

버전 비교

이전 버전 9

changes.mady.by.user 황희연 대표

에 저장

비교대상

새 버전 현재

changes.mady.by.user 이학준 부장

에 저장

  • 이 줄이 추가되었습니다.
  • 이 줄이 삭제되었습니다.
  • 서식이 변경되었습니다.

...

Application1 – (HTTPS)→ Application2 의 경우 Application 2 신뢰토록 설정

정보

인증서를 시스템 공용으로 등록해도 된다면 Application이 사용하는 JVM keystore에 등록한다.

일반적인 keystore 파일 위치: <JVM install dir>/jre/lib/security/cacerts


Step 1)의 인증서와 key를 이용해 keyStore 생성 (wildcard 인증서라면 Atlassian application 공통 keystore 사용 권장)

...

코드 블럭
titleConnector directive
linenumberstrue
<!-- Additional connector for Application link -->
<Connector port="8180" connectionTimeout="20000" maxThreads="200" minSpareThreads="10"
enableLookups="false" acceptCount="10" URIEncoding="UTF-8" />

<Connector port=<default>
	maxThreads=<default>
    minSpareThreads=<default>
    connectionTimeout=<default>
    enableLookups=<default>
    maxHttpHeaderSize=<default>
    protocol=<default>
    useBodyEncodingForURI=<default>
    redirectPort=<default>
    acceptCount=<default>
    disableUploadTimeout=<default>
	proxyName="<subdomain>.<domain>.com"
	proxyPort="443"
	secure="true"
	scheme="https"/>

line 16 ~ 18 추가

...

코드 블럭
titlebitbucket.properties
linenumberstrue
server.secure=true
server.scheme=https
server.proxy-port=443
server.ssl.enabled=false
server.proxy-name=bitbucket.curvc.com

...

펼치기
titlesites-enabled/jira.curvc.com.conf


코드 블럭
<VirtualHost *:80>
    ServerName jira.curvc.com

    RemoteIPHeader X-Forwarded-For
    ProxyPreserveHost   On
    RewriteEngine On
    ProxyVia Off

    <Proxy *>
         Order deny,allow
         Allow from all
    </Proxy>

    Redirect            "/" "https://jira.curvc.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName jira.curvc.com

    ProxyPreserveHost   On
    RewriteEngine On
    ProxyVia Off

    <Proxy *>
         Order deny,allow
         Allow from all
    </Proxy>

    ProxyPass           "/" "http://10.0.100.10:8080/"
    ProxyPassReverse    "/" "http://10.0.100.20:8080/"

    SSLEngine on
    SSLCertificateKeyFile /etc/ssl/certs/curvc.key
    SSLCertificateFile /etc/ssl/certs/STAR_curvc_com.crt
    SSLCertificateChainFile /etc/ssl/certs/curvc_com.ca-bundle

</VirtualHost>


Confluence Apache VirtualHost 예)

  • Synchrony 고려
코드 블럭
collapsetrue
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

# Put this in the main section of your configuration (or virtual host, if using Apache virtual hosts)
 
  ProxyRequests Off
  ProxyPreserveHost On
    
  RewriteEngine On
  RewriteCond %{REQUEST_URI} !^/synchrony
  RewriteRule ^/(.*) http://<domain>:8090/$1 [P]

  <Proxy *>
      Require all granted
  </Proxy>

  ProxyPass /synchrony http://<domain>:8091/synchrony

  <Location /synchrony>
      Require all granted
      RewriteEngine on
      RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
      RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
      RewriteRule .* ws://<domain>:8091%{REQUEST_URI} [P]
  </Location>

  ProxyPass / http://<domain>:8090
  ProxyPassReverse / http://<domain>:8090
   
  <Location />
      Require all granted
  </Location>