[Other doc versions]
[Doc downloads]
Stash is now known as Bitbucket Server
.
See the
Unknown macro: {spacejump}
of this page, or visit the Bitbucket Server documentation home page.
This page describes how to establish a network topology in which the nginx server acts as a reverse proxy for Stash. Typically, such a configuration would be used when Stash is installed in a protected zone 'behind the firewall', and nginx provides a gateway through which users outside the firewall can access Stash.
このページに記載されている構成は、次のシナリオの結果を示しています。
- External client connections with nginx are secured using SSL. Connections between nginx and Stash are unsecured.
- Stash and nginx run on the same machine.
- Stash is available at https://mycompany.com:7990/stash.
このページの内容
Please note that:
- We assume that you already have a running instance of nginx. If not, refer to the nginx documentation for instructions on downloading and installing nginx.
- サーバー マシンに SSL 証明書がインストールされている必要があります。
- Any existing links with other applications will need to be reconfigured using the new URL for Stash.
- Securing Git operations between the user's computer and Stash is a separate consideration - see Enabling SSH access to Git.
Be aware that Stash does not need to run behind a web server, since it is capable of serving web requests directly; to secure Stash when run in this way see Securing Stash with Tomcat using SSL. Otherwise, if you want to install Stash in an environment that incorporates nginx, this document is for you. (You can of course run Stash behind nginx without securing client connections to nginx using SSL – we don't describe this option on this page.)
Note that the Atlassian Support Offering does not cover nginx integration. Assistance with nginx may be obtained through the Atlassian community from answers.atlassian.com or from an Atlassian Expert.
ステップ 1: Tomcat コネクタを設定する
Find the normal (non-SSL) Connector directive in Tomcat's server.xml file, and add the scheme , proxyName , and proxyPort attributes as shown below. Instead of mycompany.com, set the proxyName attribute to your domain name that the nginx server will be configured to serve. This informs Stash of the domain name and port of the requests that reach it via nginx, and is important to the correct operation of the Stash functions that construct URLs.
<Connector port="7990"
protocol="HTTP/1.1"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
secure="true"
scheme="https"
proxyName="mycompany.com"
proxyPort="443" />
For more information about configuring the Tomcat Connector, refer to the Apache Tomcat 7.0 HTTP Connector Reference.
Step 2: Set a context path for Stash
By default, Stash is configured to run with an empty context path; in other words, from the 'root' of the server's name space. In that default configuration, Stash would be accessed at:
http://mycompany.com:7990/
For the example configuration on this page, we want Stash to be accessed at:
https://mycompany.com:7990/stash
In Tomcat's server.xml file, set the context path to /stash:
<Context path="/stash" docBase="${catalina.home}/atlassian-stash" reloadable="false" useHttpOnly="true">
....
</Context>
コンテキスト パスを使用する場合、同じパスが次のように使われていることが重要です。
- appended to the context path of Stash's base URL (Step 3).
- used when setting up the location for the p
roxy_passdirective (Step 4).
Step 3: Change Stash's base URL
After re-starting Stash, open a browser window and log into Stash using an administrator account. Go to the Stash administration area and click Server settings (under 'Settings'), and change Base URL to match the proxy URL (the URL that the nginx server will be serving).
For this example, use http://mycompany.com:7990/stash (Note the context path with this.)
ステップ 4: NGINX の構成
Edit /etc/nginx/nginx.conf, using the example server configuration below, to configure nginx as a proxy server.
Put the proxy_pass directive in the location block, and specify the protocol, name and port of the proxied server in the parameter (in our case, it is http://localhost:7990):
server {
listen 443;
server_name mycompany.com;
ssl on;
ssl_certificate <path/to/your/certificate>;
ssl_certificate_key <path/to/your/certificate/key>;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Optional optimisation - please refer to http://nginx.org/en/docs/http/configuring_https_servers.html
# ssl_session_cache shared:SSL:10m;
location /stash {
proxy_pass http://localhost:7990/stash;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
}
Refer to http://nginx.org/en/docs/http/ngx_http_proxy_module.html.
設定ファイルへの変更は、設定をリロードするコマンドが nginx に送信されるか、nginx が再起動されるまで適用されません。設定をリロードするには、以下を実行します。
nginx -s reload
このコマンドは、nginx を開始したユーザーと同じユーザーで実行する必要があります。
リソース
You may find the following resources helpful in setting up Stash behind nginx:
- http://nginx.org/en/docs/http/configuring_https_servers.html
- http://www.cyberciti.biz/tips/using-nginx-as-reverse-proxy.html
- https://mywushublog.com/2012/08/atlassian-tools-and-nginx/
概要
コンテンツ ツール
アプリ
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.