Hi Team,
We have deployed the docker confluence server in the host and we are able to access the application on http://ip:port
Now we want to enable TLS encryption using Nginx.
May we know the Nginx Config to implement same.
--
Thanks,
Anil Kumar
Hello Anil,
Here is how I set up Nginx in front of Confluence docker container:
docker pull nginx
docker network create confserver
docker run \
--name="confluence" -d \
-p 8090:8090 \
-p 8091:8091 \
-v ~/confluence-home/confluence-docker:/var/atlassian/application-data/confluence \
-e CATALINA_CONNECTOR_PROXYNAME=test.myapp.com \
-e CATALINA_CONNECTOR_PROXYPORT=443 \
-e CATALINA_CONNECTOR_SCHEME=https \
-e CATALINA_CONNECTOR_SECURE=false \
--network confserver \
atlassian/confluence-server
docker run \
--name="nginx" -d \
-p 443:443 \
--network confserver \
-v ~/dockerdata/nginx/conf:/etc/nginx/conf.d/ \
-v ~/dockerdata/nginx/ssl:/mnt \
nginx
docker stop nginx
cp confluence.key ~/dockerdata/nginx/ssl
cp confluence.crt ~/dockerdata/nginx/ssl
cp default.conf ~/dockerdata/nginx/conf
Now start Nginx and you should be able to access the Confluence container via port 443 https://test.myapp.com.
Lastly, here is my Nginx https configuration in default.conf:
server {
listen 443;
server_name
test
.myapp.com;
ssl on;
ssl_certificate
/mnt/confluence
.crt;
ssl_certificate_key
/mnt/confluence
.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 100m;
# We need FQDN name here <docker_container_name>.<docker_network_name>
proxy_pass http:
//confluence
.confserver:8090/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_redirect off;
}
location
/synchrony
{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http:
//confluence
.confserver:8091
/synchrony
;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection
"Upgrade"
;
}
}
Hope this information helps!
Best Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.