Boot from ISO CentOS-7-x86_64-DVD-1810.iso
Software Selection
- Base Environment: "Basic Web server"
- AddOn : Java Platform
Network and hostname
- Set hostname wiki.politick.ca
- static IPV4 192.168.X.X
I let the Security policy as-is, then [Begin Installation]
- Set root password
- Create my user and set as administrator
The I disabled the Network Manager as described here:https://www.centos.org/forums/viewtopic.php?t=53972
Disable Network Manager
hostnamectl set-hostname wiki.politick.ca
ip a
# Note MAC and interface name (ens192 for me)
systemctl disable NetworkManager.service
systemctl stop NetworkManager.service
vi /etc/sysconfig/network
GATEWAY=192.168.X.X
DNS1=192.168.X.X
DNS2=8.8.8.8
SEARCH="politick.ca"
vi /etc/sysconfig/network-scripts/ifcfg-ens192
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
# BOOTPROTO=dhcp
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
# UUID=cfcf6ea0-c060-4a62-a77a-1b9bbff74041
DEVICE=ens192
ONBOOT=yes
NM_CONTROLLED=no
HWADDR=00:0c:29:2c:69:7f
IPADDR=192.168.X.X
NETMASK=255.255.255.0
service network restart
sync ; shutdown -r now
Now you can use PUTTY to server
yum install net-tools
# yum returned that the net-tools was already installed with the options I picked in the install
Disable Firewall on CentOS:
systemctl disable firewalld
systemctl stop firewalld
Install font manager for Confluence, but my OS already had it installed:
[]# yum install -y dejavu-sans-fonts
Package dejavu-sans-fonts-2.33-6.el7.noarch already installed and latest version
Nothing to do
[]#
yum install lynx
Setup PostGreSQL
[]#
yum install postgresql-server postgresql-contrib
[]#
postgresql-setup initdb
[]#
vi /var/lib/pgsql/data/pg_hba.conf # and change ident to md5 for IPV4 and IPV6 -> host all all 127.0.0.1/32 ident
[]#
systemctl start postgresql
[]#
systemctl enable postgresql
// Look into :https://www.agix.com.au/preparing-postgresql-for-confluence-on-centos-7/
#setup user accounts and roles
[]#
sudo -i -u postgres
bash-4.2$ createuser --interactive
Enter name of role to add: confluence
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n
bash-4.2$
createdb confluencedb --encoding='utf-8' --locale=en_US.utf8 --template=template0
psqlbash-4.2$
postgres=# GRANT ALL PRIVILEGES ON DATABASE confluencedb to confluence;
GRANT
postgres=# \q
[root@] # sudo -i -u confluence
[confluence@ ~] $ psql confluencedb
psql (9.2.24)
Type "help" for help.
confluencedb=> \password
Enter new password:
Enter it again:
confluencedb=>\q
// DO NOT setup "Configuring a datasource connection"
// Download the Confluence installer
// To obtain URL below, goto https://www.atlassian.com/software/confluence/download, select OS version, tick the I Agree and right click on the Download and opy link
wget https://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-6.15.2-x64.bin
chmod u+x atlassian-confluence-6.15.2-x64.bin
./atlassian-confluence-6.15.2-x64.bin
Install
Unpacking JRE ...
Starting Installer ...
This will install Confluence 6.15.2 on your computer.
OK [o, Enter], Cancel [c]
o
Click Next to continue, or Cancel to exit Setup.
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (uses default settings) [1],
Custom Install (recommended for advanced users) [2, Enter],
Upgrade an existing Confluence installation [3]
2
Select the folder where you would like Confluence 6.15.2 to be installed,
then click Next.
Where should Confluence 6.15.2 be installed?
[/opt/atlassian/confluence]
Default location for Confluence data
[/var/atlassian/application-data/confluence]
Configure which ports Confluence will use.
Confluence requires two TCP ports that are not being used by any other
applications on this machine. The HTTP port is where you will access
Confluence through your browser. The Control port is used to Startup and
Shutdown Confluence.
Use default ports (HTTP: 8090, Control: 8000) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2]
1
Confluence can be run in the background.
You may choose to run Confluence as a service, which means it will start
automatically whenever the computer restarts.
Install Confluence as Service?
Yes [y, Enter], No [n]
y
Extracting files ...
Please wait a few moments while we configure Confluence.
Installation of Confluence 6.15.2 is complete
Start Confluence now?
Yes [y, Enter], No [n]
y
Please wait a few moments while Confluence starts up.
Launching Confluence ...
Installation of Confluence 6.15.2 is complete
Your installation of Confluence 6.15.2 is now ready and can be accessed via
your browser.
Confluence 6.15.2 can be accessed at http://localhost:8090
Finishing installation ...
Setup SSL
mkdir /opt/ssl
vi /opt/atlassian/confluence/conf/server.xml
uncomment SSL section and set keystore password and location, but more importantly: Comment the default section above
Uncomment 8443 section
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8"
keystoreFile="/opt/ssl/.keystore" keystorePass="xxxxxxxxxxxxxxxxxxxxxxxxxx"
proxyName="wiki.politick.ca" proxyPort="443"/>
then:
/etc/init.d/jira stop
/etc/init.d/confluence stop
- cd /opt/ssl/
- vi PrivPubCa.pem and cut & Paste the Private key, then the full chain certificates. Save the file.
openssl pkcs12 -export -out PrivPubCa.pkcs12 -in PrivPubCa.pem (For the password, look into KeePass database under wiki.politick.ca or look into /opt/atlassian/confluence/conf/server.xml)
FIRST TIME ONLY to setup keystore, I don't thik I need to do the whole truststore because it complained that this certificate was already in the trusted list...
keytool -genkey -keyalg RSA -alias endeca -keystore truststore.ks
keytool -delete -alias endeca -keystore truststore.ks
wget https://letsencrypt.org/certs/isrgrootx1.pem.txt
keytool -import -v -trustcacerts -alias endeca-ca -file isrgrootx1.pem.txt -keystore truststore.ks
keytool -genkey -keyalg RSA -alias endeca -keystore keystore.ks
keytool -delete -alias endeca -keystore keystore.ks
mv keystore.ks .keystore
keytool -v -importkeystore -srckeystore PrivPubCa.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.ks -deststoretype JKS
keytool -v -importkeystore -srckeystore PrivPubCa.pkcs12 -srcstoretype PKCS12 -destkeystore .keystore -deststoretype JKS
shutdown -r now
Look into KeePass database to retrieve destination .keystore password. (Yes it's one of them random cut&paste long passwords)
Or it's also in plain text in the file: /opt/atlassian/jira/conf/server.xml
Start / Stop / Restart
su confluence
/etc/init.d/confluence start
/etc/init.d/confluence stop
/etc/init.d/confluence restart
goto: wiki.politick.cs:8090
Setup Reverse Proxy on a different server (Not local)
OK, I had to fiddle figureout that I needed to get the internal and external to use the same base name... F^%^#@!
I decided to point my internal DNS wiki.politick.ca to the NginX server so from inside or outside, you're alsways going through the reverse NginX proxy. Otherwise Confluence was complaining that the base URL was wrong one way or the other... F#$^@ Atlassian software, that is the . The base URL must be the same to work properly.
Changed in nginx Reverse proxy on other NginX server:
NginX Reverse proxy config
server {
listen 80;
listen [::]:80;
server_name wiki.politick.ca;
return 301 https://$server_name$request_uri;
}
# SSL configuration
#
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-politick.ca.conf;
include snippets/ssl-params.conf;
index index.html index.htm index.nginx-debian.html;
root /var/www/jira/html;
server_name wiki.politick.ca;
location / {
client_max_body_size 100m;
# hummm... may have to look at X-Forwarded-Host not that wiki is the unifi IP
proxy_set_header X-Forwarded-Host wiki.politick.ca;
proxy_set_header X-Forwarded-Server unifi.politick.ca;
proxy_pass https://192.168.X.X:8443/;
}
location /synchrony {
proxy_set_header X-Forwarded-Host wiki.politick.ca;
proxy_set_header X-Forwarded-Server unifi.politick.ca;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.X.X:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /server-info.action {
# proxy_pass http://wiki.politick.ca:8090/confluence/server-info.action;
proxy_pass https://192.168.X.X:8443/confluence/server-info.action;
}
}
service nginx reload
Useful commands:
systemctl start postgresql
systemctl disable confluence1.service
To delete confluence install:
systemctl stop confluence.service or kill -9 pid_of_confluence
rm -fR /opt/atlassian /var/atlassian
psql
DROP DATABASE confluencedb;
\q
Add Comment