Running Atlassian Confluence/Bamboo/Bitbucket behind Nginx with SSL
It’s easy to set up a reverse proxy forwarding requests to Atlassian’s products. If you look up posts on Atlassian’s official confluence, you’ll get something correct but confusing. Here is my nginx configuration, for all products except Confluence:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
server { listen 127.0.0.1:80; listen 127.0.0.1:443 ssl http2 proxy_protocol; ssl_certificate /etc/letsencrypt/live/bitbucket.sskaje.me/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bitbucket.sskaje.me/privkey.pem; set_real_ip_from 127.0.0.1/32; real_ip_header proxy_protocol; if ($scheme = "http") { rewrite ^/(.*) https://$server_name/$1 redirect; } add_header Content-Security-Policy upgrade-insecure-requests; access_log /var/log/nginx/bitbucket.sskaje.me-access.log; error_log /var/log/nginx/bitbucket.sskaje.me-error.log; root /opt/atlassian-bitbucket/atlassian-bitbucket/; index index.html index.htm index.nginx-debian.html; server_name bitbucket.sskaje.me; if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } client_max_body_size 1G; location / { proxy_read_timeout 900s; proxy_pass http://127.0.0.1:7990; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } |
I have haproxy in front of Nginx, if you don’t, let nginx listens to 0.0.0.0:443 and … Continue reading “Running Atlassian Confluence/Bamboo/Bitbucket behind Nginx with SSL”