I have a running YouTrack instance deployed using Tomcat 7 and it works fine on http://example.com:8080/youtrack
Apache is already configured to support SSL for the main domain (I have .pem file). Both https://example.com and http://example.com are accessible without any problems.
The port 8443 is already used by some other service (https://example.com:8443 shows me Plesk admin panel).
Now I'd like to set up YouTrack to use https://youtrack.example.com
How can I achieve this?
Do I need to configure Tomcat to support SSL (generate separate key etc.), or just proxy the requests from Apache to Tomcat?
I guess the first step would be to configure YouTrack to be accessible on https://example.com:8444/youtrack,
then proxy the requests using Apache's mod_proxy.
How can I do this?
My /var/lib/tomcat7/conf/server.conf is default, without any changes: http://pastie.org/9385045
My /usr/share/tomcat7/bin/setenv.sh contains the entry to change the YouTrack default URL:
-Djetbrains.youtrack.baseUrl=http://youtrack.example.com
Virtual hosts configuration:
$ cat /etc/apache2/sites-enabled/default
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/default
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/default>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
SSL host:
$ cat /etc/apache2/sites-enabled/default-ssl
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin [email protected]
DocumentRoot /var/www/default
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/default>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/mailserver.pem
SSLCertificateKeyFile /etc/ssl/private/mailserver.pem
#SSLVerifyClient require
#SSLVerifyDepth 10
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
Looks like a better choice over
mod_proxywould bemod_jk.See Working with mod_jk.
You don't need configure SSL for tomcat, just use the Apache to proxy the request to
http://example.com:8080/youtrackvia mod_proxy.First generate/purchase the certificate for new domain
youtrack.example.com. Then add this entry in your config.More info: here and here