This article is published under a SIGNATURE 4.0 International (CC BY 4.0) license. Signature 4.0 International (CC BY 4.0)
Author: Su Yang
Creation time: March 06, 2020 statistical word count: 7821 words reading time: 16 minutes to read this article links: soulteary.com/2020/03/06/…
Confluence fluence 7.3 using Docker and Traefik V2
Confluence 7.3, the latest version of Confluence, is the latest version of Confluence 7.3, the latest version of Confluence 7.3, the latest version of Confluence 7.3.
If you want to build a Wiki for your company, team or individual, you can refer to the previous hands-on article on how to build a Wiki, which documents how to do it efficiently and avoid pitfalls.
Users who have used the car in the past can also refer to this article to upgrade.
Writing in the front
After operating and maintaining several Confluence instances independently for more than a year, several upgrades have been made to confirm that using a container is a more efficient way of maintaining the Confluence instance than directly installing it on a host.
For one thing, your actions can be versioned as if you were managing code. Second, there are only a few variables that need to be maintained and managed, not the entire environment.
Officials have been positive about containers but not strict enough, judging from the past year:
- In 2019, Confluence officials reissued and overwrote all previous container images due to a serious bug, resulting in file permissions and volume mount issues.
- In 2019, the official image lacked the necessary parameters, forcing users to modify the file and mount it inside the container.
- In early 2020, the official updated the certificate of the plug-in market, but did not update the container root certificate, which caused the container startup service plug-in to fail to download.
- In early 2020, the Alpine mirror release was officially abandoned.
- .
There are a lot of problems, but overall, it’s worth looking forward to after the high frequency of weekly/monthly updates, the active community and market, support for the “MB4 character set”, and the building of a commercial Wiki product that can crush any of its kind.
For an individual, it will cost $10 per year for an initial team of 10, and Confluence will be running happily on 2GB servers by 2020.
Of course, I recommend 4G and above.
Basis of preparation
- Docker Hub:
https://hub.docker.com/r/atlassian/confluence-server/tags- This article will be based on the new version of series 7:
7.3
- This article will be based on the new version of series 7:
- MySQL JDBC Connector :
https://dev.mysql.com/downloads/connector/j/5.1.html- If you also choose to use MySQL as the storage backend, you will need to download this file. In general, you will get the mysql-connector-java-5.1.47.tar.gz package. Get mysql-connector-java-5.1.47.jar, which we’ll use later.
- Some Chinese fonts, such as
simsun.ttc,simkai.ttfIf you need to use the “export document to PDF, Word” function, and the document contains Chinese, you need to provide some Chinese fonts in order to render properly.
Basic containerization
The following is a guide to how to set up a new version for Traefik 2.x, where there is a new Version for Traefik 2.x.
version: '3'Services: Confluence: Image: Atlassian/Confluence - Server :7.3.2- Ubuntu Container_name: Confluence -app expose: - 8090 - 8091 networks: - traefik labels: -"traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.wiki-web.middlewares=https-redirect@file"
- "traefik.http.routers.wiki-web.entrypoints=http"
- "traefik.http.routers.wiki-web.rule=Host(`wiki.lab.com`)"
- "traefik.http.routers.wiki-ssl.middlewares=content-compress@file"
- "traefik.http.routers.wiki-ssl.entrypoints=https"
- "traefik.http.routers.wiki-ssl.tls=true"
- "traefik.http.routers.wiki-ssl.rule=Host(`wiki.lab.com`)"
- "traefik.http.services.wiki-backend.loadbalancer.server.scheme=http"
- "traefik.http.services.wiki-backend.loadbalancer.server.port=8090"
environment:
- 'CATALINA_OPTS=-Duser.timezone=GMT+08 -Dconfluence.document.conversion.fontpath=/usr/local/share/fonts/'
- 'JVM_MINIMUM_MEMORY=1024m'
- 'JVM_MAXIMUM_MEMORY=2048m'volumes: - ./data:/var/atlassian/application-data/confluence - . / deps/confluence was/mysql connector - Java - 5.1.47. Jar: / opt/atlassian confluence was/confluence was/WEB - INF/lib/mysql - Java connector - - 5.1.47. Jar -. / fonts: / usr /local/share/fonts
- /etc/localtime:/etc/localtime:ro
extra_hosts:
- 'wiki.lab.com: 127.0.0.1'
networks:
traefik:
external: true
Copy the codeThe above configuration is almost perfect, to save the content of the above for the docker – compose. Yml, use the docker – compose the up – d start the application, you will be able to get a new version of the Confluence was.
Problems that need to be solved
But there are some problems with running the Confluence:
- Background login prompts you to modify the agent configuration
- The plugin market cannot be used because of the official change of service domain name and the stale mirror certificate
Now, let’s solve these problems.
A message is displayed indicating that the domain name configuration needs to be modified
Update cwd_server.xml; update cwd_server.xml; update cwd_server.xml; update cwd_server.xml; update cwd_server.xml;
The official documentation is slightly older, but does document this issue: Can’t Check Base URL Warning in Confluence 6.6 or later.
But in the new version, we can fix this problem by setting the container runtime environment variable, but there is an Tricks thing, if you don’t create and mount the server.xml file, you won’t be able to fix this problem.
Start by creating the server.xml file:
<? xml version="1.0" encoding="utf-8"? > <Server port="8000"
shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Service name="Catalina">
<Connector port="8090"
maxThreads="100"
minSpareThreads="10"
connectionTimeout="20000"
enableLookups="false"
protocol="HTTP / 1.1"
redirectPort="8443"
acceptCount="10"
secure="false"
scheme="https"
proxyName="wiki.lab.com"
proxyPort="443"
relaxedPathChars="[the] |"
relaxedQueryChars="[]|{}^`" < >"
bindOnInit="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
disableUploadTimeout="true" />
<Engine name="Standalone"
defaultHost="localhost"
debug="0">
<Host name="localhost"
debug="0"
appBase="webapps"
unpackWARs="true"
autoDeploy="false"
startStopThreads="4">
<Context path=""
docBase=".. /confluence"
debug="0"
reloadable="false"
useHttpOnly="true"> <! -- Logging configurationfor Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
threshold="60"/>
</Context>
<Context path="${confluence.context.path}/synchrony-proxy"
docBase=".. /synchrony-proxy"
debug="0"
reloadable="false"
useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>
Copy the codeThen add the mount command to the container choreographer file:
volumes:
- ./deps/confluence/server.xml:/opt/atlassian/confluence/conf/server.xml
Copy the codeFinally, add environment variables to the choreographer file:
environment:
- 'CATALINA_CONNECTOR_PROXYNAME=wiki.lab.com'
- 'CATALINA_CONNECTOR_PROXYPORT=443'
- 'CATALINA_CONNECTOR_SCHEME=https'
Copy the codeFinally, just restart your app.
The plugin market message cannot be accessed
This problem is actually quite troublesome, when I actually run, the main process did not report any error, but according to the previous experience of encapsulation image, I judged that it is the JRE certificate trust problem, found some official information
- The Atlassian Marketplace Server is Not Reachable Due to Peer Not Authenticated
- SSL Handshake Error When Connecting to Atlassian Marketplace
This problem is actually an old one, recurring from 2012, 2014 and later. The above data, marked as being used in version 7.3, is only a clue and should not be used directly.
Want to know why? And look down.
How do I add and trust a new certificate
To trust a new certificate, obtain a new certificate file and use the OpenSSL tool to save the certificate as a file.
openssl s_client -connect marketplace.atlassian.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > marketplace.atlassian.com.crt
Copy the codeIn previous articles, for older JDK versions (less than 10), use keytool to import the certificate.
keytool -import -trustcacerts -alias proxy_root -file marketplace.atlassian.com.crt -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -noprompt
Copy the codeUpdate fluence 5.x / 6.x; update fluence 5.x; update fluence 5.x; The change to OpenJDK 10 Now Includes Root CA Certificates is documented on the Oracle blog. Therefore, the command needs to be changed to:
keytool -import -trustcacerts -alias proxy_root -file marketplace.atlassian.com.crt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt
Copy the codeMake “patch action” persistent
For host installation, perform the above steps and restart the process.
However, we are using a container that runs “stateless”, and any changes made to the official container and restarted will be automatically destroyed as the container sandbox is destroyed. (If no special daemon scheme is used)
Therefore, we need to customize a patch image based on the official image. The content is very simple.
The FROM atlassian/confluence was - server: 7.3.2 - ubuntu LABEL maintainer ="[email protected]"
USER root
RUN openssl s_client -connect marketplace.atlassian.com:443 < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/marketplace.atlassian.com.crt
RUN keytool -import -trustcacerts -alias proxy_root -file /tmp/marketplace.atlassian.com.crt -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit -noprompt
USER confluence
Copy the codeUse docker build-t confluence server:7.3.2-ubuntu-fix. Name the new container image ** confluence-server:7.3.2- Ubuntu-fix **
Then in the choreographer file, replace the image name, start the container again, and the plug-in market is accessible.
Image: confluence was - server: 7.3.2 - ubuntu - fixCopy the codeRevised orchestration configuration
A complete configuration file is provided for ease of use.
version: '3'Services: confluence: image: confluence-server:7.3.2- Ubuntu -fix container_name: confluence-app expose: - 8090 - 8091 networks: - traefik labels: -"traefik.enable=true"
- "traefik.docker.network=traefik"
- "traefik.http.routers.wiki-web.middlewares=https-redirect@file"
- "traefik.http.routers.wiki-web.entrypoints=http"
- "traefik.http.routers.wiki-web.rule=Host(`wiki.lab.com`)"
- "traefik.http.routers.wiki-ssl.middlewares=content-compress@file"
- "traefik.http.routers.wiki-ssl.entrypoints=https"
- "traefik.http.routers.wiki-ssl.tls=true"
- "traefik.http.routers.wiki-ssl.rule=Host(`wiki.lab.com`)"
- "traefik.http.services.wiki-backend.loadbalancer.server.scheme=http"
- "traefik.http.services.wiki-backend.loadbalancer.server.port=8090"
environment:
- 'CATALINA_OPTS=-Duser.timezone=GMT+08 -Dconfluence.document.conversion.fontpath=/usr/local/share/fonts/'
- 'JVM_MINIMUM_MEMORY=1024m'
- 'JVM_MAXIMUM_MEMORY=2048m'
- 'CATALINA_CONNECTOR_PROXYNAME=wiki.lab.com'
- 'CATALINA_CONNECTOR_PROXYPORT=443'
- 'CATALINA_CONNECTOR_SCHEME=https'volumes: - ./data:/var/atlassian/application-data/confluence - . / deps/confluence was/mysql connector - Java - 5.1.47. Jar: / opt/atlassian confluence was/confluence was/WEB - INF/lib/mysql - Java connector - - 5.1.47. Jar -. / fonts: / usr /local/share/fonts - ./deps/confluence/server.xml:/opt/atlassian/confluence/conf/server.xml - /etc/localtime:/etc/localtime:ro extra_hosts: -'wiki.lab.com: 127.0.0.1'
networks:
traefik:
external: true
Copy the codeother
Personally, I suggest that you use it as a production environment and ensure that cloud data of cloud service providers is used for better security and reliability. However, if you use it for personal use, it is not impossible to start a database container instance locally. Please refer to the official recommendation document and adjust the database startup parameters as follows:
command: --character-set-server=utf8mb4 --collation-server=utf8mb4_bin --default-storage-engine=INNODB --max_allowed_packet=256M --innodb_log_file_size=2GB --transaction-isolation=READ-COMMITTED --binlog_format=row
Copy the codeIn addition, if you encounter the problem of Chinese files can not render properly, you can refer to the following article for cache cleaning:
- “Confluence for Container Use”
The last
Every time the process of upgrading the Confluence adjustment, is a kind of fancy step pit process, although the process is very troublesome, but after stepping, still can not help but lamentation, personal use of $10 a year to spend the true value.
–EOF
I now have a small toss group, which gathered some like to toss small partners.
In the case of no advertisement, we will talk about software, HomeLab and some programming problems together, and also share some technical salon information in the group from time to time.
Like to toss small partners welcome to scan code to add friends. (Please specify source and purpose, otherwise it will not be approved)
All this stuff about getting into groups