YouTrack 在 Tomcat 7 上使用 SSL
我有一個使用 Tomcat 7 部署的正在執行的YouTrack實例,它在
http://example.com:8080/youtrack
Apache 已經配置為支持主域的 SSL(我有 .pem 文件)。兩者
https://example.com
和http://example.com
都可以毫無問題地訪問。埠 8443 已被其他服務使用(
https://example.com:8443
顯示 Plesk 管理面板)。現在我想設置 YouTrack 以使用
https://youtrack.example.com
我怎樣才能做到這一點?
我是否需要將 Tomcat 配置為支持 SSL(生成單獨的密鑰等),或者只是將請求從 Apache 代理到 Tomcat?
我想第一步是將 YouTrack 配置為可在 上訪問
https://example.com:8444/youtrack
,然後使用 Apache 的mod_proxy
.我怎樣才能做到這一點?
我
/var/lib/tomcat7/conf/server.conf
是預設的,沒有任何更改: http: //pastie.org/9385045My
/usr/share/tomcat7/bin/setenv.sh
包含更改 YouTrack 預設 URL 的條目:-Djetbrains.youtrack.baseUrl=http://youtrack.example.com
虛擬主機配置:
$ cat /etc/apache2/sites-enabled/default <VirtualHost *:80> ServerName example.com ServerAlias www.example.com DocumentRoot /var/www/default <Directory /> Options FollowSymLinks AllowOverride All </Directory> <Directory /var/www/default> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
SSL 主機:
$ cat /etc/apache2/sites-enabled/default-ssl <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin admin@example.com DocumentRoot /var/www/default <Directory /> Options FollowSymLinks AllowOverride All </Directory> <Directory /var/www/default> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/mailserver.pem SSLCertificateKeyFile /etc/ssl/private/mailserver.pem #SSLVerifyClient require #SSLVerifyDepth 10 #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
看起來
mod_proxy
會是一個更好的選擇mod_jk
。請參閱使用 mod_jk。
您不需要為 tomcat 配置 SSL,只需使用 Apache 將請求代理到
http://example.com:8080/youtrack
通過mod_proxy。首先為新域生成/購買證書
youtrack.example.com
。然後在您的配置中添加此條目。<VirtualHost *:443> ServerName youtrack.example.com <Proxy *> Order deny,allow Allow from all </Proxy> SSLEngine on SSLCertificateFile /your/ssl/public/path/mailserver.pem SSLCertificateKeyFile /your/ssl/private/path/mailserver.pem ProxyPass / http://example.com:8080/youtrack/ ProxyPassReverse / http://example.com:8080/youtrack/ </VirtualHost>