페이지 트리
메타 데이터의 끝으로 건너뛰기
메타 데이터의 시작으로 이동

개요

This page provides an overview of some common network topology options for running any of the Atlassian Server applications (i.e. JIRA server, Bitbucket server, Bamboo server, Confluence server) behind a reverse proxy on a self-hosted environment.

The following guides will cover an overview of how to integrate Atlassian's tool set with proxy technologies with further instructions on basic working set ups on both Windows and Linux platforms.

Note that Atlassian applications do not need to run behind a web server – they are capable of serving web requests directly using the bundled Tomcat application server but that's a fairly common set up amongst our customers.

 Connecting to your Atlassian application directly over HTTP

 

 

 

Connecting directly to any of the Atlassian applications via HTTP is the Atlassian out of the box configuration. When set up this way, the user accesses the applications directly over HTTP. That means without using SSL which means that all communication between the user's browser and your Atlassian application will be unsecured. Simply follow one of the guides below:

 

 

You may also wish to consider the following:

  • The Atlassian applications, by default, will listen for requests on the following ports:

 

 

ApplicationConnector PortServer Port
JIRA80808005
Confluence80908000
Bitbucket Server79908006
Bamboo80858007
FishEye/Crucible8060-

 

Bitbucket server note
  • Securing Git operations over SSH between the user's computer and Bitbucket Server is a separate consideration as this set up we describe here only handles HTTP. Please read through Enabling SSH access to Git for more information.

 Connecting to your Atlassian application through a reverse proxy over HTTP

You can run any of your Atlassian applications behind a reverse proxy, such as Apache HTTP Server. You may wish to do this if you want to:

  • Use your Apache reverse proxy to be a gateway through which users outside the firewall can access your Atlassian application
  • Use a different port number to access your hosted Atlassian application, particularly if you are integrating your Atlassian Server application with any of our Cloud applications. See Link to server apps from Cloud.
    • While ports can be changed, it is not recommended that you run your application using root which is a requirement if you want your Atlassian application to listen on port 80
  • Use a different context path to access your Atlassian application

When set up this way, any external access request to your Atlassian application is done via the reverse proxy using HTTP. Therefore, the communication between the client browser and the proxy is done without using SSL in this setup. All communication between the user's browser and Apache, and so your Atlassian application, will be unsecured, but users can only browse your Atlassian application via proxy and not directly. 

Using Apache httpd reverse proxy

For the purpose of documenting this set up, we used Apache httpd. Other third-party servers (for example nginx or IIS) are not yet documented here.

Which Apache proxy module should you choose?

Here is a quick summary of points you should consider before making a decision:

 

 

Apache Module

Considerations / Advantage

mod_proxy_http

  • mod_proxy_http has its configuration more consistent with other Apache modules  
  • mod_proxy_http works with any application server, and together with mod_proxy_html allows complex URL rewriting to deal with different application paths 

mod_proxy_ajp

  • Using mod_proxy_ajp requires minor changes to the server.xml on the application side. 
  • No additional configuration on the AJP connector (proxyNameproxyPort,scheme) is required which provides tighter coupling
  • Better (and more granular) logging

 

 

  • If you are already using one of these modules then changing is likely to cause more hassle than it saves. Stick to the one you are using. As this scenario doesn't require encryption between any of the channels, you're fine with either choice
  • Note that mod_jk and mod_jk2 are other commonly used AJP modules and not covered by this documentation.
  • 레이블 없음