Jira映象容器化後nginx反向代理的配置
問題描述:
如果docker容器化jira,使用官方的映象cptactionhank/atlassian-jira-software:latest,通常會配置域名(ex:jira.test.com)進行訪問,如使用nginx進行反向代理。會出現以下錯誤:
com.atlassian.gadgets.dashboard.internal.diagnostics.UrlHostnameMismatchException: Detected URL hostname, '192.168.10.165', does not match expected hostname, 'jira.proxy.com'
We’ve detected a potential problem with JIRA’s Dashboard configuration that your administrator can correct. Hide Dashboard Diagnostics: Mismatched URL Scheme JIRA is reporting that it is using the URL scheme ‘http’, which does not match the scheme used to run these diagnostics, ‘https’. This is known to cause JIRA to construct URLs using an incorrect hostname, which will result in errors in the dashboard, among other issues. The most common cause of this is the use of a reverse-proxy HTTP(S) server (often Apache or IIS) in front of the application server running JIRA. While this configuration is supported, some additional setup might be necessary in order to ensure that JIRA detects the correct scheme. The following articles describe the issue and the steps you should take to ensure that your web server and app server are configured correctly: Gadgets do not display correctly after upgrade to JIRA 4.0 Integrating JIRA with Apache Integrating JIRA with Apache using SSL If you believe this diagnosis is in error, or you have any other questions, please contact Atlassian Support.
官方以及網上資料均是要求,修改配置檔案<JIRA-INSTALL>/conf/server.xml,那麼容器下是
/opt/atlassian/jira/conf/server.xml,按照說明操作時沒有問題,但jira的容器映象除外,處理起來比較特殊,下面就介紹配置的坑。
1、修改配置要謹慎
注意標紅的地方,jira的容器映象配置了3個8080埠,其中第一個是在用的,二三都被註釋掉了,如果在linux下,稍不注意就會修改第二三個的proxyName和proxyPort,這兩個被備註掉了,永遠不會生效,還是提示錯誤。
困擾了一下午的時間去排錯,最終通過修改埠號才發現原因,希望各位少走彎路,因此把第一個埠配置註釋掉,第二個埠配置生效即可,改完配置如下:
程式碼如下:
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="jira.test.com" proxyPort="80"/>一定要讓配置生效,jira的容器/opt/atlassian/jira/stop-jira.sh和/opt/atlassian/jira/start-jira.sh不會讓tomcat重啟,因此要重啟容器。
- 問題解決,非最優
因為server.xml所在目錄非掛載目錄,如果刪掉容器,配置也就消失了,修改的配置沒有儲存下來,顯然在k8s等平臺使用是有問題的,難不成要去修改映象檔案?
其實問題很簡單,關鍵在幾個引數,檢查容器根目錄下的docker-entrypoint.sh檔案
if [ "$(stat -c "%Y" "${JIRA_INSTALL}/conf/server.xml")" -eq "0" ]; then
if [ -n "${X_PROXY_NAME}" ]; then
xmlstarlet ed --inplace --pf --ps --insert '//Connector[@port="8080"]' --type "attr" --name "proxyName" --value "${X_PROXY_NAME}" "${JIRA_INSTALL}/conf/server.xml"
fi
if [ -n "${X_PROXY_PORT}" ]; then
xmlstarlet ed --inplace --pf --ps --insert '//Connector[@port="8080"]' --type "attr" --name "proxyPort" --value "${X_PROXY_PORT}" "${JIRA_INSTALL}/conf/server.xml"
fi
if [ -n "${X_PROXY_SCHEME}" ]; then
xmlstarlet ed --inplace --pf --ps --insert '//Connector[@port="8080"]' --type "attr" --name "scheme" --value "${X_PROXY_SCHEME}" "${JIRA_INSTALL}/conf/server.xml"
fi
if [ -n "${X_PATH}" ]; then
xmlstarlet ed --inplace --pf --ps --update '//Context/@path' --value "${X_PATH}" "${JIRA_INSTALL}/conf/server.xml"
fi
fi
exec "[email protected]"指令碼大致流程如下,檢查server.xml最後的修改時間是不是等於0,如果等於零說明沒有修改過,那麼判斷X_PROXY_NAME、X_PROXY_PORT、X_PROXY_SCHEME、X_PATH這4個引數,如果有值則去修改server.xml的配置,也就是說在容器啟動之前,配置好環境變數,就可達到我們的目的,其中X_PATH是更新,其他引數是增加。最終jira容器配置如下:
docker run -d \
--name jira-crack-new \
--hostname jira \
-p 20012:8080 \
-e X_PROXY_NAME=test.sd.cmcc \
-e X_PROXY_PORT=80 \
-e X_PROXY_SCHEME=http \
-e X_PATH=/ \
jira:7.12.3遺留問題,k8s中如果使用2個jira副本,jira會執行衝突,頁面出現大量500等錯誤,多pod的場景還是有問題的,如何實現多pod的高可用還沒有解決。
另外提醒mysql5.6以上,預設的連線3306都是https,但jira容器的dbconfig是使用http會出現錯誤,簡單解決就是用mysql5.6的映象。