Youtrack behind Apache proxy over SSL
This guide shows how to run a local copy of Youtrack behind Apache SSL proxy on a public accessible domain.
Youtrack Installation
Download the Youtrack jar file and place it in your homedir on the target server. Then create a youtrack
user and group and move the jar to this user's homedir:
$ sudo adduser --disabled-password youtrack
# Answer the questions ...
$ sudo mv youtrack-<VERSION>.jar /home/youtrack/
$ sudo chown youtrack /home/youtrack/youtrack-4.2.1.jar
Next we need to alter Youtrack's internal configuration file to force the server to listen only on localhost:
$ sudo su - youtrack
$ mkdir youtrack
$ cd youtrack
$ jar xf ../youtrack-*.jar
$ vi jetbrains/mps/webr/standalone/runtime/standalone.xml
# Add the following line after "<Set name="port">8081</Set>"
<Set name="host">localhost</Set>
Next recreate the jar file, make sure that the original Youtrack jar is not in your working directory:
$ cp META-INF/MANIFEST.MF Manifest.txt
$ jar cfm ../youtrack-<VERSION>-repack.jar Manifest.txt *
$ cd ..
$ ls -hl
Check that you now have 2 jar files named youtrack-<VERSION>.jar
and youtrack-<VERSION>-repack.jar
with roughly equal filesize. You can now start Youtrack to check that your modifications worked:
$ screen
$ java -jar youtrack*-repack.jar 9090
$ curl -I http://localhost:9090
The curl
command should output an empty page with a Location
header, it can take a while to execute because Youtrack is initialises itself upon the first request.
Apache configuration
Create and open /etc/apache2/sites-enabled/ssl-bugs
:
$ vi /etc/apache2/sites-enabled/ssl-bugs
And paste the following configuration
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName bugs.mydomain.com
ServerAlias bugs
DocumentRoot /home/youtrack
<Location />
SSLRequireSSL
Header edit Location ^http: https:
</Location>
ProxyRequests Off
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/
ErrorLog /var/log/apache2/ssl_bugs-error.log
LogLevel warn
CustomLog /var/log/apache2/ssl_bugs-access.log combined
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/STAR_mydomain.com.crt
SSLCertificateKeyFile /etc/ssl/private/STAR_mydomain.com.key.nopass
SSLCertificateChainFile /etc/ssl/certs/AddTrustExternalCARoot.crt
SSLCertificateChainFile /etc/ssl/certs/PositiveSSLCA2.crt
</VirtualHost>
</IfModule>
This will proxy requests to https://bugs.mydomain.com
to Youtrack, and will also rewrite Location
headers to use https. Restart apache to apply changes:
$ sudo service apache2 reload
Configure Youtrack (first time only)
Visit your Youtrack url https://bugs.mydomain.com
, a welcome screen will appear where you can configure Youtrack. For now the only important configuration flags are Base URL
set it to https://bugs.mydomain.com
and the root password, set it to something secure!