Tutorial on building conflict using docker compose

Time:2021-12-4

This article uses the “signature 4.0 International (CC by 4.0)” license agreement. You are welcome to reprint, modify or use it again, but you need to indicate the source. Signature 4.0 International (CC by 4.0)

Author: Su Yang

Creation time: March 30, 2019
Statistics: 5170 words
Reading time: 11 minutes
Link to this article: https://soulteary.com/2019/03/30/construct-confluence-with-docker.html


Using docker to set up confluence

Confluence is one of the better choices for small teams to work together or to spend money to buy a worry-free one. However, when confluence was recently installed, it was found that the official and online installation introductions were “backward” and inefficient, so this content is available.

This article describes how to useDocker ComposeFast buildConfluence, and howTraefikIf you read the previous content, following this article should solve the battle in ten minutes.

Basic preparation

  • Official container image on docker hub:https://hub.docker.com/r/atlassian/confluence-server/tags

Two representative versions will be explained here:6.4and6.15

  • MySQL JDBC Connector : https://dev.mysql.com/downloads/connector/j/5.1.html

If you also choose to use MySQL as the storage backend, you need to download this file. Generally, you will getmysql-connector-java-5.1.47.tar.gzThe compressed package is obtained after decompressionmysql-connector-java-5.1.47.jar, we’ll use it later.

For the use of old software

Let’s start with the old version. If you only need basic wiki functions, the following configuration file should meet your needs.


version: '3'

services:

  confluence:
    image: atlassian/confluence-server:6.4.3-alpine
    expose:
      - 8090
      - 8091
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.port=8090"
      - "traefik.frontend.rule=Host:${DOMAIN}"
      - "traefik.frontend.entryPoints=http,https"
    volumes:
      - ./data:/var/atlassian/application-data/confluence
      - ./mysql-connector-java-5.1.47.jar:/opt/atlassian/confluence/confluence/WEB-INF/lib/mysql-connector-java-5.1.47.jar

networks:
  traefik:
    external: true

Save the above file asdocker-compose.ymlAfter that, we create another basic configuration file * *. Env * *, which is as simple as the above configuration. The file content can be as follows.


DOMAIN=wiki.lab.com

takedocker-compose.yml.envmysql-connector-java-5.1.47.jarPut it in the same directory. If your traefik is ready at the moment, executedocker-compose upThen your service starts.

Directly access your configured domain name, such as in the examplewiki.lab.com, you can configure the web interface of confluence. If you don’t know how to use traifik, you can turn to historical articles, which are also tutorials in less than ten minutes.

If you choose to deploy confluence on the public network and face the annoying scanner every day, you might as well simply add itBasic AuthAuthentication to intercept these malicious requests outside.

Because traefik is used, it is very simple to add this function, which requires only two steps:

The first step, indocker-compose.ymloflabelsAdd the following content to the field.


- "traefik.frontend.auth.basic=${BASIC_AUTH}"

Step 2: Executehtpasswd -nb user user, get a text string containing user name and encrypted password, for example:user:$apr1$MzgRxukq$MhYl/2JidzUNlHfyfIQF41, then add the content to the.envMedium:


BASIC_AUTH=user:$apr1$MzgRxukq$MhYl/2JidzUNlHfyfIQF41

When another scanner wants to scan the application directly, it will be blocked by basic auth.

Application health check error

When you finish installing and start using, you will find a warning message in the upper right corner of the interface.

Can’t check base URL

In the official knowledge basementionThis problem, if you are using a lower version (6.6), can actually be configuredHostsTo solve the problem.

Like indocker-compose.ymlAdd a statement to let the application server find the application address on the machine, rather than the application that must access the public network address. The reference configuration is as follows:


version: '3'

services:

  confluence:
    image: atlassian/confluence-server:6.4.3-alpine
    expose:
      - 8090
      - 8091
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.port=8090"
      - "traefik.frontend.rule=Host:${DOMAIN}"
      - "traefik.frontend.entryPoints=http,https"
    volumes:
      - ./data:/var/atlassian/application-data/confluence
      - ./mysql-connector-java-5.1.47.jar:/opt/atlassian/confluence/confluence/WEB-INF/lib/mysql-connector-java-5.1.47.jar
    extra_hosts:
      - "${DOMAIN}:127.0.0.1"

networks:
  traefik:
    external: true

Is it very simple? If your needs are basic use, the above configuration should already meet your needs.

Use of new version software

Then let’s talk about how to use the latest version of the software. Because we use the container, it’s very easy to update the version. Just modify the version number of the image in the configuration file. For example, I want to6.4.3To upgrade this lower version to another version, you only need to6.4.3Change to6.15.1Just, for exampleatlassian/confluence-server:6.15.1-alpine

Other basic software is consistent with the old version. However, there will be a few small problems that need to be solved additionally.

The database cannot be connected correctly

WARN: Establishing SSL connection without server’s identity verification is not recommended. According to MySQL 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be established by default if explicit option isn’t set. For compliance with existing applications not using SSL the verifyServerCertificate property is set to ‘false’. You need either to explicitly disable SSL by setting useSSL=false, or set useSSL=true and provide truststore for server certificate verification.

To solve this problem, you can choose to configure the encrypted MySQL connection and update the certificate in the container. You can also choose to add parameters and turn off the forced use of encrypted connection request. The latter is simpler. If the requirements are not high, you can do so.

editdata/confluence.cfg.xmlIn filehibernate.connection.url, add after connection address?useSSL=falseParameter, restart the application.

Traefik basic auth and Tomcat are linked

In the new version of software logic, there areBasic AuthAdditional processing: if basic auth is configured above, the application will prompt that the verification fails and cannot log in to the system.

Obviously, this is not our intention to add basic auth, and it is not recommended to directly export the authentication interface of confluence in actual use.

The solution is simple, indocker-compose.ymlAdd a row to- "traefik.frontend.auth.basic.removeHeader=true", the authentication information of traefik will only be used for traefik. During the reverse proxy application, the authentication information in the HTTP request will be deleted.

Similarly, restart the application and the problem is solved.

A slightly more troublesome health examination

Because we use traifik to mount the certificate, the application actually runs behind the proxy server. When using the administrator to access the console, you will see a warning message.

Your URL does not match

The basic URL for confluence is set to http://wiki.lab.com , but you are from https://wiki.lab.com Access confluence.

Considering the normal use of the application, we usually modify the protocol, such as modifying the basic URL of the site tohttps。 But after the correction, you will receive another warning.

Tomcat is not configured correctly

Incorrect configuration of Tomcat server.xml:
Scheme should be ‘HTTPS’
Proxyname should be ‘your’_ DOMAIN_ URI’
Proxyport should be ‘443’

The reason is that for the newer version of the application, the health check logic comes with port and protocol judgment. The happy days when the lower version can directly use traifik to reverse mount the certificate are gone forever.

There are three steps to solve the problem.

The first step is to configure the Tomcat running in the containerserver.xmlCopy to local (da5582a01879 container PID obtained for docker PS).


docker cp da5582a01879:/opt/atlassian/confluence/conf/server.xml .

Step 2: update the configuration of the connector with port 8090 in the configuration to the following content (pay special attention to the last line):


<Connector
    port="8090"
    connectionTimeout="20000"
    redirectPort="8443"
    maxThreads="48" minSpareThreads="10"
    enableLookups="false"
    acceptCount="10"
    debug="0"
    URIEncoding="UTF-8"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    proxyName="wiki.lab.com" proxyPort="443" scheme="https"/>

Step 3: updatedocker-compose.ymlConfiguration file.

stayvolumesAdd content to field:


- ./server.xml:/opt/atlassian/confluence/conf/server.xml

Delete at the same timeextra_hostsField content.

Restart the application and everything is normal.

Complete configuration file

For ease of use, a complete reference configuration is given here.


version: '3'

services:

  confluence:
    image: atlassian/confluence-server:6.15.1-alpine
    expose:
      - 8090
      - 8091
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.port=8090"
      - "traefik.frontend.rule=Host:${DOMAIN}"
      - "traefik.frontend.entryPoints=http,https"
      - "traefik.frontend.auth.basic.removeHeader=true"
      - "traefik.frontend.auth.basic=${BASIC_AUTH}"
    volumes:
      - ./data:/var/atlassian/application-data/confluence
      - ./mysql-connector-java-5.1.47.jar:/opt/atlassian/confluence/confluence/WEB-INF/lib/mysql-connector-java-5.1.47.jar
      - ./server.xml:/opt/atlassian/confluence/conf/server.xml


networks:
  traefik:
    external: true

last

Although confluence is a good solution for the team, it may be better for individuals / teams with customization ability to use fully open source and free WordPress. In the next article, I will introduce some customization processing of WordPress for knowledge management.

The above is the details of building conflict with docker. For more information about building conflict with docker, please pay attention to other relevant articles of developeppaer!