Home Politick
Page tree
Skip to end of metadata
Go to start of metadata


Boot from ISO CentOS-7-x86_64-DVD-1810.iso

Software Selection

  • Base Environment: "Basic Web server"
  •  AddOn :  Java Platform

Network and hostname

  • Set hostname wiki.politick.ca
  • static IPV4 192.168.X.X

I let the Security policy as-is, then [Begin Installation]

  • Set root password
  • Create my user and set as administrator

The I disabled the Network Manager as described here:https://www.centos.org/forums/viewtopic.php?t=53972


Disable Network Manager

hostnamectl set-hostname wiki.politick.ca

ip a
 # Note MAC and interface name (ens192 for me)

systemctl disable NetworkManager.service 
systemctl stop NetworkManager.service

vi /etc/sysconfig/network

GATEWAY=192.168.X.X
DNS1=192.168.X.X
DNS2=8.8.8.8
SEARCH="politick.ca"


vi /etc/sysconfig/network-scripts/ifcfg-ens192

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
# BOOTPROTO=dhcp
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
# UUID=cfcf6ea0-c060-4a62-a77a-1b9bbff74041
DEVICE=ens192
ONBOOT=yes
NM_CONTROLLED=no
HWADDR=00:0c:29:2c:69:7f
IPADDR=192.168.X.X
NETMASK=255.255.255.0



service network restart
sync ; shutdown -r now


Now you can use PUTTY to server


yum install net-tools
 # yum returned that the net-tools was already installed with the options I picked in the install

Disable Firewall on CentOS:

systemctl disable firewalld
systemctl stop firewalld


Install font manager for Confluence, but my OS already had it installed:

[]# yum install -y dejavu-sans-fonts
Package dejavu-sans-fonts-2.33-6.el7.noarch already installed and latest version
Nothing to do
[]# yum install lynx

Setup PostGreSQL

[]# yum install postgresql-server postgresql-contrib
[]# postgresql-setup initdb
[]# vi /var/lib/pgsql/data/pg_hba.conf   # and change ident to md5 for IPV4 and IPV6 ->  host    all   all   127.0.0.1/32   ident
[]# systemctl start  postgresql
[]# systemctl enable postgresql

// Look into :https://www.agix.com.au/preparing-postgresql-for-confluence-on-centos-7/

#setup user accounts and roles
[]# sudo -i -u postgres
bash-4.2$ createuser --interactive

Enter name of role to add: confluence
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n

bash-4.2$ createdb confluencedb --encoding='utf-8' --locale=en_US.utf8 --template=template0

bash-4.2$ psql

postgres=# GRANT ALL PRIVILEGES ON DATABASE confluencedb to confluence;
GRANT
postgres=# \q
[root@] # sudo -i -u confluence
[confluence@ ~] $ psql confluencedb

psql (9.2.24)

Type "help" for help.

confluencedb=> \password

Enter new password:

Enter it again:

confluencedb=>\q




// DO NOT setup  "Configuring a datasource connection"

// Download the Confluence installer

// To obtain URL below, goto https://www.atlassian.com/software/confluence/download, select OS version, tick the I Agree and right click on the Download and opy link

wget https://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-6.15.2-x64.bin
chmod u+x atlassian-confluence-6.15.2-x64.bin
./atlassian-confluence-6.15.2-x64.bin


Install

Unpacking JRE ...
Starting Installer ...
This will install Confluence 6.15.2 on your computer.
OK [o, Enter], Cancel [c]
o
Click Next to continue, or Cancel to exit Setup.
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (uses default settings) [1],
Custom Install (recommended for advanced users) [2, Enter],
Upgrade an existing Confluence installation [3]
2
Select the folder where you would like Confluence 6.15.2 to be installed,
then click Next.
Where should Confluence 6.15.2 be installed?
[/opt/atlassian/confluence]

Default location for Confluence data
[/var/atlassian/application-data/confluence]

Configure which ports Confluence will use.
Confluence requires two TCP ports that are not being used by any other
applications on this machine. The HTTP port is where you will access
Confluence through your browser. The Control port is used to Startup and
Shutdown Confluence.
Use default ports (HTTP: 8090, Control: 8000) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2]
1
Confluence can be run in the background.
You may choose to run Confluence as a service, which means it will start
automatically whenever the computer restarts.
Install Confluence as Service?
Yes [y, Enter], No [n]
y
Extracting files ...

Please wait a few moments while we configure Confluence.
Installation of Confluence 6.15.2 is complete
Start Confluence now?
Yes [y, Enter], No [n]
y
Please wait a few moments while Confluence starts up.
Launching Confluence ...
Installation of Confluence 6.15.2 is complete
Your installation of Confluence 6.15.2 is now ready and can be accessed via
your browser.
Confluence 6.15.2 can be accessed at http://localhost:8090
Finishing installation ...


Setup SSL

mkdir /opt/ssl
vi /opt/atlassian/confluence/conf/server.xml

uncomment SSL section and set keystore password and location, but more importantly: Comment the default section above

Uncomment 8443 section


 <Connector port="8443" maxHttpHeaderSize="8192"
 maxThreads="150" minSpareThreads="25"
 protocol="org.apache.coyote.http11.Http11Nio2Protocol"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
 URIEncoding="UTF-8"
 keystoreFile="/opt/ssl/.keystore" keystorePass="xxxxxxxxxxxxxxxxxxxxxxxxxx"
 proxyName="wiki.politick.ca" proxyPort="443"/>


from Oracle here.

then:


  1. /etc/init.d/jira   stop
  2. /etc/init.d/confluence  stop
  3. cd /opt/ssl/
  4. vi PrivPubCa.pem and cut & Paste the Private key, then the full chain certificates.  Save the file.
  5. openssl pkcs12 -export -out PrivPubCa.pkcs12 -in PrivPubCa.pem    (For the password, look into KeePass database under wiki.politick.ca or look into /opt/atlassian/confluence/conf/server.xml)


  6. FIRST TIME ONLY to setup keystore, I don't thik I need to do the whole truststore because it complained that this certificate was already in the trusted list...

    keytool -genkey -keyalg RSA -alias endeca -keystore truststore.ks
    keytool -delete -alias endeca -keystore truststore.ks
    wget https://letsencrypt.org/certs/isrgrootx1.pem.txt
    keytool -import -v -trustcacerts -alias endeca-ca -file isrgrootx1.pem.txt -keystore truststore.ks
    keytool -genkey -keyalg RSA -alias endeca -keystore keystore.ks
    keytool -delete -alias endeca -keystore keystore.ks
    mv keystore.ks .keystore
    keytool -v -importkeystore -srckeystore PrivPubCa.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.ks -deststoretype JKS



  7. keytool -v -importkeystore -srckeystore PrivPubCa.pkcs12 -srcstoretype PKCS12 -destkeystore .keystore -deststoretype JKS
  8. shutdown -r now

Look into KeePass database to retrieve destination .keystore password.  (Yes it's one of them random cut&paste long passwords)

Or it's also in plain text in the file: /opt/atlassian/jira/conf/server.xml


Start / Stop / Restart

su confluence
/etc/init.d/confluence start
/etc/init.d/confluence stop
/etc/init.d/confluence restart



goto: wiki.politick.cs:8090


Setup Reverse Proxy on a different server (Not local)

OK, I had to fiddle figureout that I needed to get the internal and external to use the same base name... F^%^#@!

I decided to point my internal DNS wiki.politick.ca to the NginX server so from inside or outside, you're alsways going through the reverse NginX proxy.  Otherwise Confluence was complaining that the base URL was wrong one way or the other... F#$^@ Atlassian software, that is the .  The base URL must be the same to work properly.

Changed in nginx Reverse proxy on other NginX server:

NginX Reverse proxy config

server {
		listen 80;
 		listen [::]:80;
 		server_name wiki.politick.ca;
 		return 301 https://$server_name$request_uri;
 		}
# SSL configuration
#
server {
 		listen 443 ssl http2;
 		listen [::]:443 ssl http2;
		include snippets/ssl-politick.ca.conf;
 		include snippets/ssl-params.conf;
		index index.html index.htm index.nginx-debian.html;
		root /var/www/jira/html;
 		server_name wiki.politick.ca;
		location / {
 					client_max_body_size 100m;
					# hummm... may have to look at X-Forwarded-Host not that wiki is the unifi IP
 					proxy_set_header X-Forwarded-Host wiki.politick.ca;
 					proxy_set_header X-Forwarded-Server unifi.politick.ca;
					proxy_pass https://192.168.X.X:8443/;
 					}
		location /synchrony {
					proxy_set_header X-Forwarded-Host wiki.politick.ca;
					proxy_set_header X-Forwarded-Server unifi.politick.ca;
					proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
					proxy_pass http://192.168.X.X:8091/synchrony;
					proxy_http_version 1.1;
					proxy_set_header Upgrade $http_upgrade;
					proxy_set_header Connection "Upgrade";
					}
		location /server-info.action {
 					# proxy_pass http://wiki.politick.ca:8090/confluence/server-info.action;
					proxy_pass https://192.168.X.X:8443/confluence/server-info.action;
 					}
		}

service nginx reload

Useful commands:

systemctl start postgresql

systemctl disable confluence1.service



To delete confluence install:

systemctl stop confluence.service     or kill -9 pid_of_confluence

 rm -fR /opt/atlassian /var/atlassian

psql

DROP DATABASE confluencedb;

\q





  • No labels
Write a comment…