Differences

This shows you the differences between two versions of the page.

--- classes:install_confluence_671_bin [2018/02/14 13:16] – [Install Confluence 6.7.1 from Binary Installer] curry_searle
+++ classes:install_confluence_671_bin [2018/03/02 09:31] (current) – [Install Confluence 6.7.1 from Binary Installer] curry_searle
@@ Line 1: / Line 1: @@
 ==== Install Confluence 6.7.1 from Binary Installer ====
+===Assumptions===
 This tutorial assumes you downloaded the Linux binary installer for Confluence 6.7.1, you have sudo capabilities on an AWS EC2 "free tier" instance along with an AWS RDS "free tier" database of the mysql variety. We will use the following hostnames for this tutorial:
@@ Line 6: / Line 7: @@
   * RDS: yourRDSinstance.c8abc12tntuk.us-east-1.rds.amazonaws.com
+===Install Confluence===
 Run the installer as root:
 <code>
@@ Line 82: / Line 84: @@
 </code>
+===Install Nginx Reverse Proxy with SSL===
 At this point we will configure Nginx as a reverse proxy before finalizing the Confluence installation via the web page.
@@ Line 130: / Line 133: @@
 ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
 ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
+</code>
+Edit ''/etc/nginx/snippets/ssl-params.conf'':
+<code>
+sudo vi /etc/nginx/snippets/ssl-params.conf
+</code>
+to include the following:
+<code>
+# from https://cipherli.st/
+# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ssl_ecdh_curve secp384r1;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
+resolver 8.8.8.8 8.8.4.4 valid=300s;
+resolver_timeout 5s;
+# Disable preloading HSTS for now.  You can use the commented out header line that includes
+# the "preload" directive if you understand the implications.
+#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+ssl_dhparam /etc/ssl/certs/dhparam.pem;
 </code>
@@ Line 137: / Line 168: @@
 </code>
-Edit ''/etc/nginx/sites-available/default'' to include the following text:
+Edit ''/etc/nginx/sites-available/default'':
+<code>
+sudo vi /etc/nginx/sites-available/default
+</code>
+ to include the following text, adjusted to match your DNS hostname:
 <code>
 server {
@@ Line 165: / Line 200: @@
 </code>
-Edit the ''Connector'' section of ''/opt/atlassian/confluence/conf/server.xml'':
+===Configure Confluence to Recognize the Proxy===
+Backup and edit the ''Connector'' section of ''/opt/atlassian/confluence/conf/server.xml'':
 <code>
+sudo cp /opt/atlassian/confluence/conf/server.xml /opt/atlassian/confluence/conf/server.xml-DIST
 sudo vi  /opt/atlassian/confluence/conf/server.xml
 </code>
@@ Line 179: / Line 216: @@
         />
 </code>
+===Restart Services===
+Restart Nginx & Confluence:
+<code>
+sudo service nginx restart
+sudo service confluence restart
+</code>
 =====Resources=====
   * [[https://www.atlassian.com/software/confluence/download|Download Confluence]]