This article is published under a SIGNATURE 4.0 International (CC BY 4.0) license. Signature 4.0 International (CC BY 4.0)
Author: Su Yang
Creation time: on March 30, 2019 statistical word count: 5170 words reading time: 11 minutes to read this article links: soulteary.com/2019/03/30/…
Set up Confluence with Docker
Confluence is one of the better options for smaller teams, or for those who want to spend money to save their lives. However, the recent installation of Confluence found that the official and online installation introduction is “backward” and inefficient, so there is a content.
This article will show you how to quickly build Confluence using Docker Compose and how to use it with Traefik. If you’ve seen the previous content, you should be able to solve the battle in less than 10 minutes.
Basis of preparation
- Docker Hub:
https://hub.docker.com/r/atlassian/confluence-server/tags- Here are two typical versions:
6.4和6.15
- Here are two typical versions:
- MySQL JDBC Connector :
https://dev.mysql.com/downloads/connector/j/5.1.html- If you also choose to use MySQL as the storage backend, you will need to download this file. In general, you will get the mysql-connector-java-5.1.47.tar.gz package. Get mysql-connector-java-5.1.47.jar, which we’ll use later.
For the use of older software
Starting with the old version, if you just need basic Wiki functionality, the following configuration files should do the job.
version: '3'Services: Confluence: Image: Atlassian/Confluence - Server :6.4.3- Alpine Expose: -8090-8091 Networks: -Traefik Labels: -"traefik.enable=true"
- "traefik.port=8090"
- "traefik.frontend.rule=Host:${DOMAIN}"
- "traefik.frontend.entryPoints=http,https"volumes: - ./data:/var/atlassian/application-data/confluence - . / mysql connector - Java - 5.1.47. Jar: / opt/atlassian confluence was/confluence was/WEB - INF/lib/mysql connector - Java - 5.1.47. Jar networks: traefik: external:true
Copy the codeAfter saving the above file as docker-comemage.yml, we create another base configuration file **.env **, which is as simple as the above configuration and could look something like this.
DOMAIN=wiki.lab.com
Copy the codeYml, env, mysql-connector-java-5.1.47.jar in the same directory. If your Traefik is ready at this point, execute docker-compose up. Your service starts up.
To set up a new version of Confluence’s Web interface, you can set up a new version of Confluence’s Web interface, such as wiki.lab.com. If you’re not already using Traefik, check out the historical articles, which are also tutorials in 10 minutes or less.
If you choose to deploy Confluence on the public network, you may want to add Basic Auth authentication to Confluence to prevent malicious requests from being sent to the public network.
Because Traefik is used, adding this feature is easy in two steps:
First, add the following contents to the Labels field of docker-comemage. yml.
- "traefik.frontend.auth.basic=${BASIC_AUTH}"
Copy the codeIn the second step, execute htpasswd -nb user user to get a text string containing the user name and encrypted password, such as: user:$APr1 $MzgRxukq$MhYl/2JidzUNlHfyfIQF41, then add the contents to.env:
BASIC_AUTH=user:$apr1$MzgRxukq$MhYl/2JidzUNlHfyfIQF41
Copy the codeWhen a scanner tries to scan an application directly, it is blocked by Basic Auth.
Application health check error reported
When you install it and start using it, you will notice a warning message in the upper right corner of the screen.
Can’t check base URL
This problem is mentioned in the official repository. If you are using an earlier version (6.6), you can actually configure Hosts to solve the problem.
For example, add a declaration to docker-comemage. yml to let the application server find the application address on the local machine, instead of the application that must access the public IP address.
version: '3'Services: Confluence: Image: Atlassian/Confluence - Server :6.4.3- Alpine Expose: -8090-8091 Networks: -Traefik Labels: -"traefik.enable=true"
- "traefik.port=8090"
- "traefik.frontend.rule=Host:${DOMAIN}"
- "traefik.frontend.entryPoints=http,https"volumes: - ./data:/var/atlassian/application-data/confluence - . / mysql connector - Java - 5.1.47. Jar: / opt/atlassian confluence was/confluence was/WEB - INF/lib/mysql connector - Java - 5.1.47. Jar extra_hosts: -"${DOMAIN}: 127.0.0.1"
networks:
traefik:
external: true
Copy the codeIf your requirements are basic, the above configuration should be sufficient for your needs.
For the use of new versions of software
Then we’ll talk about how to use the latest version of the software. Since we’re using containers, updating the version is easy. Just change the version number of the image in the configuration file. For example, if I wanted to upgrade from a lower version of 6.4.3 to another version, I could simply change the 6.4.3 configuration to 6.15.1, such as Atlassian/Confluence-Server: 6.15.1-Alpine.
Other basic and the old version of the software use the same. But there are a few minor issues that need to be addressed.
The database is not connected properly
WARN: Establishing SSL connection without server’s identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn’t set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to ‘false’. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.
To solve this problem, you can choose to configure an encrypted MySQL connection and update the certificate in the container, or you can choose to add parameters to turn off the forced use of encrypted connection requests, which is easier, if not more demanding.
Edit hibernate. Connection. url in data/confluence. Cfg. XML file and add? The useSSL=false parameter is used to restart the application.
Traefik Basic Auth interworks with Tomcat
In the new version of the software logic, there is additional processing for requests with Basic Auth: if Basic Auth is configured on the request, the application will tell you that authentication failed and you cannot log in to the system.
This is not what we intended to add to Basic Auth, and it is not recommended that we update the Confluence authentication interface directly.
Solution is very simple, the docker – compose. Yml add a row – “traefik. Frontend. Auth. Basic. RemoveHeader = true”, traefik verification of the information will be used only for traefik, In reverse proxy applications, authentication information in HTTP requests is removed.
Again, restart the application and the problem is solved.
A slightly more troublesome health check
Because we are using Traefik to mount the certificate, the application is actually running behind the proxy server, and we will see a warning message when using the administrator to access the console.
Your URL does not match
The base URL for Confluence is set to http://wiki.lab.com, but you are accessing Confluence from https://wiki.lab.com.
For proper application use, we usually modify the protocol, such as changing the site’s base URL to HTTPS. But after the correction, you’ll get another warning.
The Tomcat configuration is incorrect
Tomcat server.xml configuration incorrect: Scheme should be ‘HTTPS’ proxyName should be ‘YOUR_DOMAIN_URI’ proxyPort should be ‘443’
The reason is that with newer versions of applications, the health check logic comes with port and protocol judgment, and the happy days of mounting certificates directly using Traefik are gone forever.
There are three steps to solving a problem.
First step, copy the Tomcat operation configuration server. XML in the container to the local (da5582A01879 is the container PID obtained by Docker PS).
docker cp da5582a01879:/opt/atlassian/confluence/conf/server.xml .
Copy the codeSecond, update the configuration of Connector with port 8090 to the following (pay special attention to the last line) :
<Connector
port="8090"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false"
acceptCount="10"
debug="0"
URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="wiki.lab.com" proxyPort="443" scheme="https"/>
Copy the codeThird, update the docker-comemage. yml configuration file.
Add content to the volumes field:
- ./server.xml:/opt/atlassian/confluence/conf/server.xml
Copy the codeAlso remove the extra_hosts field content.
Restart the application and everything is fine.
Complete configuration file
For ease of use, a complete reference configuration is provided here.
version: '3'Services: Confluence: Image: Atlassian/Confluence - Server :6.15.1- Alpine Expose: -8090-8091 Networks: - traefik labels: -"traefik.enable=true"
- "traefik.port=8090"
- "traefik.frontend.rule=Host:${DOMAIN}"
- "traefik.frontend.entryPoints=http,https"
- "traefik.frontend.auth.basic.removeHeader=true"
- "traefik.frontend.auth.basic=${BASIC_AUTH}"volumes: - ./data:/var/atlassian/application-data/confluence - . / mysql connector - Java - 5.1.47. Jar: / opt/atlassian confluence was/confluence was/WEB - INF/lib/mysql connector - Java - 5.1.47. Jar - ./server.xml:/opt/atlassian/confluence/conf/server.xml networks: traefik: external:true
Copy the codeThe last
While Confluence is a good solution for teams, in practice it may be better for individuals/teams with customization capabilities to use fully open source and free WordPress. In the next article I will cover some of the customization processes that WordPress uses for knowledge management purposes.
I now have a small toss group, which gathered some like to toss small partners.
In the case of no advertisement, we will talk about software, HomeLab and some programming problems together, and also share some technical salon information in the group from time to time.
Like to toss small partners welcome to scan code to add friends. (Please specify source and purpose, otherwise it will not be approved)
All this stuff about getting into groups