Configure Linux firewall for Jira applications

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

Atlassian applications allow the use of Firewalls within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian cannot guarantee providing any support for it.

  • 設定について支援が必要な場合、Atlassian Answers に質問をご登録ください。

目的

This documentation describes how to allow JIRA to run behind a Firewall (Iptables) on Linux. 

Verifying the Firewall rules

1- To make sure your firewall is enabled, run the following command (will also show the active rules):

iptables -nL


2 - Allowing the JIRA's port to be reached behind the firewall:

iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8080 -j ACCEPT
iptables -P OUTPUT ACCEPT

3 - Add these lines if you are running JIRA on port 8443:

iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8443 -j ACCEPT

4 - Allowing connections to JIRA from itself (to ensure you don't run into problems with gadget titles showing as __MSG_gadget)

iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080


5 - Allowing the forward connections:

Add the following line on /etc/sysctl.conf
net.ipv4.ip_forward = 1

6 - To save the current rules, run the following command

service iptables save

7 - The last thing to do is restart the iptables service

service iptables reload

If you are running Centos 7, the management of firewall has changed. To disable the firewall follow the steps below:

ソリューション

Disable Firewalld

To disable firewalld, run the following command as root:

systemctl disable firewalld

Stop Firewalld

To stop firewalld, run the following command as root:

systemctl stop firewalld

Check the Status of Firewalld

To check the status of firewalld, run the following command as root:

systemctl status firewalld

If you prefer to keep Firewalld active, there are a few more steps to be taken:


Verifying the firewall rules on Firewalld

1- Allowing ports

Allow ports in permanent configuration (takes effect upon restart)

firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=8443/tcp

Allow ports temporarily (effective immediately, reverts to permanent configuration upon restart)

firewall-cmd --add-port=8080/tcp
firewall-cmd --add-port=8443/tcp


2- Add services

Allow ports in permanent configuration (takes effect upon restart):

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https

Allow ports temporarily (effective immediately, reverts to permanent configuration upon restart):

firewall-cmd --add-service=http
firewall-cmd --add-service=https


3- Configure forwarding

To finish, the following commands are required to configure the forwarding:

Change in permanent configuration (takes effect upon restart):

firewall-cmd --permanent --add-masquerade
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 1 -p tcp -d <jira-public-ip> --dport 443 -j REDIRECT --to-ports 8443

Change temporarily (effective immediately, reverts to permanent configuration upon restart):

firewall-cmd --add-masquerade
firewall-cmd --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --direct --add-rule ipv4 nat PREROUTING 1 -p tcp -d <jira-public-ip> --dport 443 -j REDIRECT --to-ports 8443

説明This documentation describes how to allow JIRA to run behind a Firewall (Iptables) on Linux. 
製品Jira
プラットフォームサーバー
最終更新日 2019 年 9 月 25 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.