Youtrack behind apache proxy over ssl

Page 1

Youtrack behind Apache proxy over SSL

Youtrack behind Apache proxy over SSL Author: Dennis Doubovski This guide shows how to run a local copy of Youtrack behind Apache SSL proxy on a public accessible domain.

Youtrack Installation Download the Youtrack jar file and place it in your homedir on the target server. Then create a youtrack user and group and move the jar to this user's homedir: $ sudo adduser --disabled-password youtrack # Answer the questions ... $ sudo mv youtrack-<VERSION>.jar /home/youtrack/ $ sudo chown youtrack /home/youtrack/youtrack-4.2.1.jar Next we need to alter Youtrack's internal configuration file to force the server to listen only on localhost: $ sudo su - youtrack $ mkdir youtrack $ cd youtrack $ jar xf ../youtrack-*.jar $ vi jetbrains/mps/webr/standalone/runtime/standalone.xml # Add the following line after "<Set name="port">8081</Set>" <Set name="host">localhost</Set> Next recreate the jar file, make sure that the original Youtrack jar is not in your working directory: $ cp META-INF/MANIFEST.MF Manifest.txt $ jar cfm ../youtrack-<VERSION>-repack.jar Manifest.txt * $ cd .. $ ls -hl Check that you now have 2 jar files named youtrack-<VERSION>.jar and youtrack-<VERSION>repack.jar with roughly equal filesize. You can now start Youtrack to check that your modifications worked: $ screen

$ java -jar youtrack*-repack.jar 9090 $ curl -I http://localhost:9090 The curl command should output an empty page with a Location header, it can take a while to execute because Youtrack is initialises itself upon the first request.

Apache configuration Create and open /etc/apache2/sites-enabled/ssl-bugs: $ vi /etc/apache2/sites-enabled/ssl-bugs And paste the following configuration <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin webmaster@localhost ServerName bugs.mydomain.com ServerAlias bugs

DocumentRoot /home/youtrack

<Location /> SSLRequireSSL

Header edit Location ^http: https: </Location>

ProxyRequests Off ProxyPass / http://localhost:9090/ ProxyPassReverse / http://localhost:9090/

ErrorLog /var/log/apache2/ssl_bugs-error.log LogLevel warn CustomLog /var/log/apache2/ssl_bugs-access.log combined

SSLEngine on

SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/STAR_mydomain.com.crt SSLCertificateKeyFile /etc/ssl/private/STAR_mydomain.com.key.nopass SSLCertificateChainFile /etc/ssl/certs/AddTrustExternalCARoot.crt SSLCertificateChainFile /etc/ssl/certs/PositiveSSLCA2.crt </VirtualHost> </IfModule> This will proxy requests to https://bugs.mydomain.com to Youtrack, and will also rewriteLocation headers to use https. Restart apache to apply changes: $ sudo service apache2 reload

Configure Youtrack (first time only) Visit your Youtrack url https://bugs.mydomain.com, a welcome screen will appear where you can configure Youtrack. For now the only important configuration flags are Base URLset it to https://bugs.mydomain.com and the root password, set it to something secure!

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.