Page tree
Skip to end of metadata
Go to start of metadata

Boot from ISO CentOS-7-x86_64-DVD-1810.iso

Software Selection

  • Base Environment: "Basic Web server"
  •  AddOn :  Java Platform

Network and hostname

  • Set hostname
  • static IPV4 192.168.X.X

I let the Security policy as-is, then [Begin Installation]

  • Set root password
  • Create my user and set as administrator

The I disabled the Network Manager as described here:

Disable Network Manager

hostnamectl set-hostname

ip a
 # Note MAC and interface name (ens192 for me)

systemctl disable NetworkManager.service 
systemctl stop NetworkManager.service

vi /etc/sysconfig/network


vi /etc/sysconfig/network-scripts/ifcfg-ens192

# UUID=cfcf6ea0-c060-4a62-a77a-1b9bbff74041

service network restart
sync ; shutdown -r now

Now you can use PUTTY to server

yum install net-tools
 # yum returned that the net-tools was already installed with the options I picked in the install

Disable Firewall on CentOS:

systemctl disable firewalld
systemctl stop firewalld

Install font manager for Confluence, but my OS already had it installed:

[]# yum install -y dejavu-sans-fonts
Package dejavu-sans-fonts-2.33-6.el7.noarch already installed and latest version
Nothing to do
[]# yum install lynx

Setup PostGreSQL

[]# yum install postgresql-server postgresql-contrib
[]# postgresql-setup initdb
[]# vi /var/lib/pgsql/data/pg_hba.conf   # and change ident to md5 for IPV4 and IPV6 ->  host    all   all   ident
[]# systemctl start  postgresql
[]# systemctl enable postgresql

// Look into :

#setup user accounts and roles
[]# sudo -i -u postgres
bash-4.2$ createuser --interactive

Enter name of role to add: confluence
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n

bash-4.2$ createdb confluencedb --encoding='utf-8' --locale=en_US.utf8 --template=template0

bash-4.2$ psql

postgres=# GRANT ALL PRIVILEGES ON DATABASE confluencedb to confluence;
postgres=# \q
[root@] # sudo -i -u confluence
[confluence@ ~] $ psql confluencedb

psql (9.2.24)

Type "help" for help.

confluencedb=> \password

Enter new password:

Enter it again:


// DO NOT setup  "Configuring a datasource connection"

// Download the Confluence installer

// To obtain URL below, goto, select OS version, tick the I Agree and right click on the Download and opy link

chmod u+x atlassian-confluence-6.15.2-x64.bin


Unpacking JRE ...
Starting Installer ...
This will install Confluence 6.15.2 on your computer.
OK [o, Enter], Cancel [c]
Click Next to continue, or Cancel to exit Setup.
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (uses default settings) [1],
Custom Install (recommended for advanced users) [2, Enter],
Upgrade an existing Confluence installation [3]
Select the folder where you would like Confluence 6.15.2 to be installed,
then click Next.
Where should Confluence 6.15.2 be installed?

Default location for Confluence data

Configure which ports Confluence will use.
Confluence requires two TCP ports that are not being used by any other
applications on this machine. The HTTP port is where you will access
Confluence through your browser. The Control port is used to Startup and
Shutdown Confluence.
Use default ports (HTTP: 8090, Control: 8000) - Recommended [1, Enter], Set custom value for HTTP and Control ports [2]
Confluence can be run in the background.
You may choose to run Confluence as a service, which means it will start
automatically whenever the computer restarts.
Install Confluence as Service?
Yes [y, Enter], No [n]
Extracting files ...

Please wait a few moments while we configure Confluence.
Installation of Confluence 6.15.2 is complete
Start Confluence now?
Yes [y, Enter], No [n]
Please wait a few moments while Confluence starts up.
Launching Confluence ...
Installation of Confluence 6.15.2 is complete
Your installation of Confluence 6.15.2 is now ready and can be accessed via
your browser.
Confluence 6.15.2 can be accessed at http://localhost:8090
Finishing installation ...

Setup SSL

mkdir /opt/ssl
vi /opt/atlassian/confluence/conf/server.xml

uncomment SSL section and set keystore password and location, but more importantly: Comment the default section above

Uncomment 8443 section

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
keystoreFile="/opt/ssl/.keystore" keystorePass="xxxxxxxxxxxxxxxxxxxxxxxxxx"
 proxyName="" proxyPort="443"/>

from Oracle here.


  1. /etc/init.d/jira   stop
  2. /etc/init.d/confluence  stop
  3. cd /opt/ssl/
  4. vi PrivPubCa.pem and cut & Paste the Private key, then the full chain certificates.  Save the file.
  5. openssl pkcs12 -export -out PrivPubCa.pkcs12 -in PrivPubCa.pem    (For the password, look into KeePass database under or look into /opt/atlassian/confluence/conf/server.xml)

  6. FIRST TIME ONLY to setup keystore, I don't thik I need to do the whole truststore because it complained that this certificate was already in the trusted list...

    keytool -genkey -keyalg RSA -alias endeca -keystore truststore.ks
    keytool -delete -alias endeca -keystore truststore.ks
    keytool -import -v -trustcacerts -alias endeca-ca -file isrgrootx1.pem.txt -keystore truststore.ks
    keytool -genkey -keyalg RSA -alias endeca -keystore keystore.ks
    keytool -delete -alias endeca -keystore keystore.ks
    mv keystore.ks .keystore
    keytool -v -importkeystore -srckeystore PrivPubCa.pkcs12 -srcstoretype PKCS12 -destkeystore keystore.ks -deststoretype JKS

  7. keytool -v -importkeystore -srckeystore PrivPubCa.pkcs12 -srcstoretype PKCS12 -destkeystore .keystore -deststoretype JKS
  8. shutdown -r now

Look into KeePass database to retrieve destination .keystore password.  (Yes it's one of them random cut&paste long passwords)

Or it's also in plain text in the file: /opt/atlassian/jira/conf/server.xml

Start / Stop / Restart

su confluence
/etc/init.d/confluence start
/etc/init.d/confluence stop
/etc/init.d/confluence restart

goto: wiki.politick.cs:8090

Setup Reverse Proxy on a different server (Not local)

OK, I had to fiddle figureout that I needed to get the internal and external to use the same base name... F^%^#@!

I decided to point my internal DNS to the NginX server so from inside or outside, you're alsways going through the reverse NginX proxy.  Otherwise Confluence was complaining that the base URL was wrong one way or the other... F#$^@ Atlassian software, that is the .  The base URL must be the same to work properly.

Changed in nginx Reverse proxy on other NginX server:

NginX Reverse proxy config

server {
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
# SSL configuration
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/;
include snippets/ssl-params.conf;
		index index.html index.htm index.nginx-debian.html;
		root /var/www/jira/html;
		location / {
client_max_body_size 100m;
					# hummm... may have to look at X-Forwarded-Host not that wiki is the unifi IP
 					proxy_set_header X-Forwarded-Host;
proxy_set_header X-Forwarded-Server;
					proxy_pass https://192.168.X.X:8443/;
		location /synchrony {
proxy_set_header X-Forwarded-Host;
proxy_set_header X-Forwarded-Server;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.X.X:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
					proxy_set_header Connection "Upgrade";
		location /server-info.action {
# proxy_pass;
proxy_pass https://192.168.X.X:8443/confluence/server-info.action;

service nginx reload

Useful commands:

systemctl start postgresql

systemctl disable confluence1.service

To delete confluence install:

systemctl stop confluence.service     or kill -9 pid_of_confluence

 rm -fR /opt/atlassian /var/atlassian


DROP DATABASE confluencedb;


  • No labels
Write a comment…