プロキシされないアプリケーション リンクを作成する方法

該当有無の確認

When working with application links, it may be necessary to bypass any existing reverse proxy or SSL configuration, without disrupting normal usage for your instances.

For example, the following setting in an Apache proxy has been known to interfere with forwarding of authentication between Confluence and Jira when using the Jira Issues macro:

RequestHeader unset Authorization

The equivalent setting in NGiNX is:

proxy_set_header Authorization "";

シナリオ例

Let's take Confluence and JIRA:

• Confluence
  • Proxied address: https://confluence.mycompany.com/
  • Unproxied address: http://192.168.100.100:8095/
• Jira
  • Proxied address: https://jira.mycompany.com/
  • Unproxied address: http://192.168.100.100:8081/

Prerequisites

You must be able to browse the application via the unproxied URL. Some network configurations may allow communication between the two servers, but you must be able to browse to the two unproxied addresses for the purpose of creating the application link.

1. Set up an unproxied HTTP connector in Tomcat

<Connector port="8080" connectionTimeout="20000" maxThreads="200" minSpareThreads="10" 
	enableLookups="false" acceptCount="10" URIEncoding="UTF-8" />

relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"

<security-constraint>
  <web-resource-collection>
    <web-resource-name>all-except-attachments</web-resource-name>
    <url-pattern>*.jsp</url-pattern>
    <url-pattern>*.jspa</url-pattern>
    <url-pattern>/browse/*</url-pattern>
	<url-pattern>/issues/*</url-pattern> 
  </web-resource-collection>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

server.additional-connector.1.port=8080

1. See Data Center How to bypass a reverse proxy or SSL in Application Links for more information on setting up an unproxied HTTP connector.
2. Ensure that the HTTP connector is configured on both side of the application, using different ports

2. Create the unproxied application link

1. Access one of the application using the new unproxied port. <ip address:unproxied port> (eg: 127.0.0.1:8080)
2. Set each application's base URL to the unproxied address.
3. Create a new application link as usual, using the unproxied address as the application URL.
   •   Note: Application Links uses the Server ID as a unique identifier. If the creation fails with "The ServerID reported is already being used for an Application Link" follow the instructions at Setting up Application Link results in ServerID already being used.
4. Set the base URL for each instance back to the proxied address.
5. Edit the application link (at each application) by clicking "Edit" next to link for the other application.
6. In the Display URL text box, type the proxied address. It will be different from the application URL (which cannot be changed).
7. Click Update.

Note for Data Center applications

Only a single URL may be specified for the application link URL. This means that all application link traffic will be directed to a single node if the load balancer is bypassed.

This may be desirable in certain scenarios where a single node is dedicated to back end operations and excluded from client traffic.

Note for Bitbucket Server (formerly Stash) & Bamboo

There is a bug that all remote events fail if the base URL does not match the application link URL. The fix was released in the following versions:

• Bitbucket Server 4.0.4+:  BSERV-7802 - Getting issue details... STATUS
• Bamboo 5.13.1+:  BAM-17579 - Getting issue details... STATUS

Note for Confluence server if Application link is unproxied

If you create the unproxied application URL in Confluence, the Whitelist entry for Jira will display the Display URL while it is actually pointing to the Application URL that the request is coming from.

CONFSERVER-57968 - Getting issue details... STATUS