更新时间:2023-02-19 10:09:47浏览次数:455+次
在本文中,我们将研究如何使用Nginx反向代理和Let's Encrypt ssl证书在Debian 11和Debian 10系统上安装Jira。Jira是用于管理软件开发的软件工具,它提供了一个直观的仪表板,有助于轻松跟踪问题和修复错误。下面是一些简单的步骤,这些步骤将使我们能够使用Nginx作为反向代理在Debian 11/10上安装Jira,同时,让我们配置加密ssl。
在Debian 11/Debian 10系统上安装和配置Jira的方法
1、更新包
在开始安装之前,让我们先升级系统包:
sudo apt-get update
sudo apt-get upgrade
系统升级后,执行重新启动:
sudo reboot
2、在Debian上安装OpenJDK
运行以下命令在Debian 11/Debian 10 Linux系统上安装OpenJDK:
sudo apt install -y openjdk-11-jdk
确认Java版本:
$ java -version
openjdk version "11.0.12"
3、安装和配置MySQL
Jira需要一个数据库来存储数据,我们将使用MySQL。通过以下链接查看我们的安装指南:
在Ubuntu 22.04系统上安装和配置MySQL 8.0的方法:https://www.hmxthome.com/linux/4889.html
安装MySQL后,启动并使其在服务器重新启动时自动启动:
sudo systemctl start mysql
sudo systemctl enable mysql
连接到mysql并为Jira创建一个用户和一个数据库:
$ sudo mysql -u root -p
继续创建Jira数据库和用户:
MariaDB [(none)]> CREATE DATABASE jiradb CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'jirauser'@'%' IDENTIFIED BY 'mystrongpasswd';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,REFERENCES,ALTER,INDEX ON jiradb.* TO 'jirauser'@'%' IDENTIFIED BY 'mystrongpassword';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> \q
打开MySQL默认配置并进行如下更改:
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
在[mysqld]中添加以下内容:
character-set-server = utf8mb4
collation-server = utf8mb4_general_ci
default-storage-engine = INNODB
innodb_default_row_format = DYNAMIC
innodb_large_prefix = ON
innodb_file_format = Barracuda
innodb_log_file_size = 2G
还将bind address设置为服务器IP地址:
bind-address = 192.168.100.222
重新启动MariaDB服务:
sudo systemctl restart mysql
4、在Debian 11/Debian 10上安装Jira
访问Jira官方下载页面以获取Jira二进制文件,地址在https://www.atlassian.com/software/jira/download-archives,或使用wget下载,如下所示,并更新权限以使其可执行:
wget https://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-core-8.21.1-x64.bin
chmod a+x atlassian-jira-core-8.21.1-x64.bin
继续在Debian 11/Debian 10 Linux机器上安装Jira软件:
$ sudo ./atlassian-jira-core-8.21.1-x64.bin
Unpacking JRE ...
Starting Installer ...
This will install Jira Core 8.21.1 on your computer.
OK [o, Enter], Cancel [c] Enter
Click Next to continue, or Cancel to exit Setup.
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (use default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing Jira installation [3] Enter
Select the folder where you would like Jira Core to be installed.
Where should Jira Core be installed?
[/opt/atlassian/jira] Enter
Default location for Jira Core data
[/var/atlassian/application-data/jira] Enter
Configure which ports Jira Core will use.
Jira requires two TCP ports that are not being used by any other
applications on this machine. The HTTP port is where you will access Jira
through your browser. The Control port is used to startup and shutdown Jira.
Use default ports (HTTP: 8080, Control: 8005) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2] Enter
Jira can be run in the background.
You may choose to run Jira as a service, which means it will start
automatically whenever the computer restarts.
Install Jira as Service?
Yes [y, Enter], No [n] Enter
Details on where Jira Core will be installed and the settings that will be used.
Installation Directory: /opt/atlassian/jira
Home Directory: /var/atlassian/application-data/jira
HTTP Port: 8080
RMI Port: 8005
Install as service: Yes
Install [i, Enter], Exit [e] Enter
Extracting files ...
Please wait a few moments while Jira Core is configured.
Installation of Jira Core 8.21.1 is complete
Start Jira Core 8.21.1 now?
Yes [y, Enter], No [n] Enter
Please wait a few moments while Jira Core starts up.
Launching Jira Core ...
Installation of Jira Core 8.21.1 is complete
Your installation of Jira Core 8.21.1 is now ready and can be accessed via
your browser.
Jira Core 8.21.1 can be accessed at http://localhost:8080
Finishing installation ...
5、在UFW防火墙中打开Jira端口
如果您有活动防火墙,则需要打开Jira使用的以下端口:
sudo ufw allow 8080
sudo ufw allow 8181
sudo ufw allow 8005
如果尚未安装UFW,可以运行以下命令安装:
sudo apt -y install ufw
sudo ufw enable
我们还需要下载MySQL Java连接器。下载连接器,解压缩并将jar文件移动到atlassian安装目录的lib文件夹中。之后还需要重新启动Jira:
wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.49.zip
sudo unzip mysql-connector-java-5.1.49.zip
cd mysql-connector-java-5.1.49
sudo mv mysql-connector-java-5.1.49.jar /home/lorna/atlassian/jira/lib
sudo mv mysql-connector-java-5.1.49-bin.jar /home/lorna/atlassian/jira/lib
sudo atlassian/jira/bin/stop-jira.sh
sudo atlassian/jira/bin/start-jira.sh
6、从浏览器访问Jira
此时,我们已经成功安装了Jira,我们可以使用服务器IP地址和端口8080,地址格式为http:<your-ip-address>:8080,下面将从浏览器访问Jira。应打开下面的Jira设置页面:
7、为Jira服务器配置Nginx代理
您可以配置Nginx web服务器来服务Jira网页。此时,您应该为要安装ssl的jira安装提供一个完全限定的域名。对于本指南,可以使用jira.example.com。
在安装Nginx之前,我们将首先为Nginx反向代理配置Tomcat。停止Jira,然后编辑server.xml文件:
sudo atlassian/jira/bin/stop-jira.sh
现在编辑server.xml文件:
sudo vim atlassian/jira/conf/server.xml
查找以<Context path = “” docBase….>开头的行并添加一个“/”,使其看起来如下所示:
<Context path = "/" docBase....>
在“Connector”部分,添加代理端口、代理名称、方案和安全,使其显示如下所示:
<Connector port="8080" relaxedPatchesChars="[]|" relaxedQueryChars="Special characters" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" proxyName="jira.example.com" proxyPort="80" scheme="http"/>
保存更改并启动jira:
sudo atlassian/jira/bin/start-jira.sh
到这里,下面将为Jira安装和配置Nginx。
要在Debian 11/10上安装Nginx,请运行以下命令:
sudo apt -y install nginx
删除默认Nginx配置:
sudo rm -f /etc/nginx/sites-available/default
sudo rm -f /etc/nginx/sites-enabled/default
然后为Jira配置Nginx:
sudo vim /etc/nginx/sites-available/jira.conf
添加以下内容,更新服务器的主机名:
server {
listen [::]:80;
listen 80;
server_name jira.example.com;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080;
client_max_body_size 10M;
}
}
保存文件并在启用站点的目录中创建文件的simlink:
sudo ln -s /etc/nginx/sites-available/jira.conf /etc/nginx/sites-enabled/jira.conf
测试Nginx配置:
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
重新启动Nginx:
sudo systemctl restart nginx
此时,Nginx服务器应该能够按照上面的配置加载Jira。您可以使用提供的域名进行测试。对于我的情况,使用http://jira.example.com格式:
8、为Nginx配置Let's Encrypt SSL
现在,让我们继续确保安装安全。我们将安装Certbot,但需要安装许多依赖项:
sudo apt install -y cat python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface
sudo apt-get install python3-certbot-nginx
继续获取让我们加密ssl:
sudo certbot --nginx -d jira.example.com
当提示输入电子邮件时,请提供并同意条款和条件,之后将为您的域生成证书。接下来是将Jira http流量重定向到https,如下所示:
server {
listen [::]:80;
listen 80;
server_name jira.example.com;
return 301 https://jira.example.com$request_uri;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name jira.example.com;
ssl_certificate /etc/letsencrypt/live/jira.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jira.example.com/privkey.pem;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080;
client_max_body_size 10M;
}
}
再次测试Nginx,如果没有错误则重新启动:
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ sudo systemctl restart nginx
我们还需要更新连接器配置。打开atlassian/jira/conf/server.xml,并用以下内容替换<connector>中的内容:
<Connector port="8080" relaxedPatchesChars="[]|" relaxedQueryChars="Special characters" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="jira.example.com" proxyPort="443" scheme="https" secure="true"/>
保存文件并重新启动jira:
sudo atlassian/jira/bin/stop-jira.sh
sudo atlassian/jira/bin/start-jira.sh
使用https://<your-host-name>格式地址测试ssl安装,您仍然得到像上面所做的那样加载Jira网页。
9、Jira基本配置
第一页为您提供了配置选项,一个选项是进行适合于生产环境的自定义配置,另一个选项则是让系统出于评估目的进行首选配置。单击“我将为自己设置”,然后单击“下一步”:
接下来,配置数据库。选择“我自己的数据库”并填写所需的详细信息,然后单击“测试连接性”以确保可以访问您的数据库:
您应该看到成功连接到数据库:
确认连接后,单击“下一步”进行设置,可选择您的首选模式,既可以是公共模式,也可以是私人模式。然后单击“下一步”输入许可证密钥。如果您有许可证,请将其粘贴到提供的区域或生成jira许可证试用版。单击“下一步”设置管理员帐户:
提供许可证后,将提示您设置管理员帐户。并可以选择设置电子邮件通知或稍后设置。然后完成安装。系统将提示您选择语言,可选择中文或其他的语言显示:
选择语言后继续,您将看到一个欢迎页面,至此,可以开始创建项目了:
到这里,您已经使用MySQL和Nginx web服务器在Debian 11和Debian 10系统上成功安装了Jira。同时,还配置了SSL保护Jira的有效安装。