How to Configure Outbound HTTP and HTTPS Proxy for your Atlassian application

この記事はアトラシアンのサーバー製品にのみ適用されます。クラウドとサーバー製品の違いについてはこちらをご確認ください。

このページの内容は、Jira アプリケーションでサポートされていないプラットフォームに関連しています。したがって、アトラシアンは、そのためのサポートの提供を保証できません 。この資料は情報提供のみを目的としているため、お客様自身の責任でご使用ください。

目的

This page defines how to configure Atlassian applications such that they can communicate externally through an outbound proxy. This configuration is required to access servers outside the network it's hosted in, such as the Atlassian Marketplace.

ソリューション

Basic Configuration

HTTP(S) Outbound Proxy support is configured in Atlassian applications by passing certain system properties to the Java Virtual Machine (JVM) on startup. These parameters are then used by the Atlassian application in order to send outbound requests via the proxy.

These basic properties follow the conventions defined by Oracle:

  • http.proxyHost
  • http.proxyPort (既定: 80)
  • http.nonProxyHosts (既定: <none>)
  • https.proxyHost
  • https.proxyPort

The http.proxyHost property must be defined to configure an HTTP proxy, and https.proxyHost for a HTTPS proxy. 

http.proxyHost および http.proxyPort プロパティは、HTTP プロトコル ハンドラが使用するプロキシ サーバーとポートを示します。例:

-Dhttp.proxyHost=proxy.example.org -Dhttp.proxyPort=8080 -Dhttps.proxyHost=proxy.example.org -Dhttps.proxyPort=8080 -Dhttp.nonProxyHosts=localhost

The property http.nonProxyHosts indicates the hosts which should be connected to directly and not through the proxy server.

The value can be a list of hosts, each separated by a |, and in addition a wildcard character (*) can be used for matching. For example:

-Dhttp.nonProxyHosts=*.foo.com|localhost|confluence|crowd

The pipe character (|) may need to be escaped in Linux, as per our JAVA Option '-Dhttp.nonProxyHosts' Does Not Work KB article.



System property configuration is described in further detail within our Setting Properties and Options on Startup documentation.

認証の設定

If your proxy requires authentication, you should configure it by passing the below properties to your JVM, as in our Setting Properties and Options on Startup documentation.

  • http.proxyUser
  • http.proxyPassword
  • https.proxyUser
  • https.proxyPassword

例:

-Dhttp.proxyUser=atlaspirate -Dhttp.proxyPassword=yarrrrr -Dhttps.proxyUser=atlaspirate -Dhttps.proxyPassword=yarrrrr

Special consideration for Crowd:

For example, if you are using Bamboo with outbound proxy and you want to use Crowd as user repository then you have to take care of the below changes so that Bamboo can communicate with Crowd.

Edit the file: <bamboo-home-directory>/xml-data/configuration/crowd.properties and add the below configurations.

http.proxy.port=<http-proxy-port>
https.proxy.port=<https-proxy-port>
http.proxy.host=<http-proxy-host>
https.proxy.host=<https-proxy-host>
tip/resting Created with Sketch.

The above example is given in a context of Bamboo with Crowd as user repository when using an Outbound proxy. But, these configurations can be referred to the other Atlassian application where we want to establish a connection to Crowd with the Outbound proxy.



Note: You need to restart your Bamboo application after making these changes.

Application Links Implications

If the http.nonProxyHosts property is not configured, all web requests will be routed through the proxy. This could break Application Links. For example, if connecting Confluence and JIRA applications together with Application Links, we would recommend bypassing the proxy and communicating on the internal network with this property. Routing through the proxy can have ramifications when taking into account IP validation on those links - the source IP of the server can be different depending on how the traffic is routed.

tip/resting Created with Sketch.

In a connection between JIRA and Confluence, for example, the http.nonProxyHosts configured on the Confluence end must at least exclude localhost and JIRA baseurl, otherwise certain functionality may not properly work (JIRA tries to connect to itself and HTTP request can timeout or be blocked by proxy).


例:

-Dhttp.nonProxyHosts=localhost|jira.mycompany.com

または

-Dhttp.nonProxyHosts=localhost|*.mycompany.com

Similarly, you want to configure JIRA the other way around: 

例:

-Dhttp.nonProxyHosts=localhost|confluence.mycompany.com

または

-Dhttp.nonProxyHosts=localhost|*.mycompany.com

Microsoft ISA NTLM 認証

NTLM is not supported by Atlassian applications. Please refer to public issues below, for example:

回避策

In past issues, customers reported success by using a software called Ctnlm. You can refer to the comments on our pages JRA-2398 - Support NTLM authentication and Problems Connecting to the Atlassian Marketplace.

The steps are summarised below:

  • Install Cntlm Authentication Proxy locally your server where the Atlassian application is running
  • Configure and test it to make sure "Cntlm" works with your corporate NTLM and then use the parameters below

    Update your user, domain, and proxy information in cntlm.ini, then test your proxy with this command (run in your Cntlm installation folder):

          cntlm -c cntlm.ini -I -M http://google.ro
    
        

    It will ask for your password, and hopefully print your required authentication information, which must be saved in your cntlm.ini

    Sample cntlm.ini:

          Username            user
    Domain              domain
    
    # provide actual value if autodetection fails
    # Workstation         pc-name
    
    Proxy               my_proxy_server.com:80
    NoProxy             127.0.0.*, 192.168.*
    
    Listen              127.0.0.1:54321
    Listen              192.168.1.42:8080
    Gateway             no
    
    SOCKS5Proxy         5000
    # provide socks auth info if you want it
    # SOCKS5User          socks-user:socks-password
    
    # printed authentication info from the previous step
    Auth            NTLMv2
    PassNTLMv2      98D6986BCFA9886E41698C1686B58A09
    
        

    Note: on linux the config file is cntlm.conf



  • Have the configuration described on the HTTP proxy parameters point to the "Cntlm" proxy instead of the NTLM so "Cntlm" will do the job to talk to NTLM.


説明

This page defines how to configure Atlassian applications such that they can communicate externally through an outbound proxy. This configuration is required to access servers outside the network it's hosted in, such as the Atlassian Marketplace.


製品 Jira, Confluence, Bamboo, Bitbucket
最終更新日 2018 年 11 月 2 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.