Note, you'll need to manually set the TCP/IP address for the second adapter (which we'll be using as an ssh proxy): "Using DHCP with manual address".
I couldn't get this to automatically grab DHCP information from an Airport Extreme, even setting address reservations with DHCP client ids. I left the address reservation in the Airport Extreme (so no other adapter on the network would grab it), but it would've been nice to be automatic.
I also set the primary wifi adapter to "Using DHCP with manual address" because apparently without it, the bonjour service reports the secondary wifi adapter, which screws up your standard ssh, since the secondary is proxied to stash.
sudo mkdir -p /opt/atlassian
sudo chown adminuser:wheel /opt/atlassian
cd /opt/atlassian
tar -xvf /Users/Shared/atlassian-stash-2.5.0.tar
perl -pi -e 's/^#STASH_HOME.*/STASH_HOME=\/opt\/atlassian\/stash/g' /opt/atlassian/atlassian-stash-2.5.0/bin/setenv.sh
/opt/atlassian/atlassian-stash-2.5.0/bin/start-stash.sh
- Created DNS alias for stash-backend (192.168.1.100)
- Created DNS machine for ssh-proxy (192.168.1.200)
- Created DNS alias for stash to ssh-proxy
The webserver works at both stash-backend and stash. The ssh proxy gets setup only on stash.
http://stash.somedomain.com:7990
sudo port install haproxy
cd /opt/atlassian
vi /opt/atlassian/haproxy.cfg
global
daemon
maxconn 256
defaults
timeout connect 500s
timeout client 5000s
timeout server 1h
frontend sshd
bind 192.168.1.200:22
default_backend ssh
timeout client 1h
backend ssh
mode tcp
server localhost-stash-ssh 127.0.0.1:7999 check port 7999
sudo vi /Library/LaunchDaemons/com.atlassian.haproxy.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.atlassian.haproxy</string>
<key>Disabled</key><false/>
<key>RunAtLoad</key><true/>
<key>ProgramArguments</key>
<array>
<string>/opt/atlassian/haproxy_wrapper.sh</string>
</array>
<key>StandardErrorPath</key>
<string>/var/log/system.log</string>
</dict>
</plist>
sudo vi /opt/atlassian/haproxy_wrapper.sh
/usr/sbin/scutil -w State:/Network/Interface/en1/IPv4 -t 300
/opt/local/sbin/haproxy -f /opt/atlassian/haproxy.cfg
sudo chmod +x /opt/atlassian/haproxy_wrapper.sh
sudo launchctl load -w /Library/LaunchDaemons/com.atlassian.haproxy.plist
Set application firewall to allow haproxy (doesn't seem to work)
sudo /usr/libexec/ApplicationFirewall/socketfilterfw -s /opt/local/sbin/haproxy
sudo /usr/libexec/ApplicationFirewall/socketfilterfw -v /opt/local/sbin/haproxy
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --add /opt/local/sbin/haproxy
Turn off temporarily
sudo /usr/libexec/ApplicationFirewall/socketfilterfw --setglobalstate off
sudo launchctl unload -w /System/Library/LaunchDaemons/ssh.plist
sudo mv /System/Library/LaunchDaemons/ssh.plist /System/Library/LaunchDaemons/ssh.plist.disabled
sudo port install openssh
sudo perl -pi -e 's/^Port 2222/Port 22/g' /opt/local/etc/ssh/sshd_config
sudo perl -pi -e 's/^#ListenAddress 0.0.0.0/ListenAddress 192.168.1.100/g' /opt/local/etc/ssh/sshd_config
sudo perl -pi -e 's/^UsePrivilegeSeparation.*/UsePrivilegeSeparation yes/g' /opt/local/etc/ssh/sshd_config
sudo perl -pi -e 's/^AuthorizedKeysFile.*/#AuthorizedKeysFile\t.ssh\/authorized_keys/g' /opt/local/etc/ssh/sshd_config
sudo port load openssh
sudo cp /etc/ssh*key* /opt/local/etc/ssh/
sudo ssh-keygen -f /opt/local/etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
sudo perl -pi -e 's/\/opt\/local\/sbin\/sshd$/\/usr\/sbin\/scutil -w State:\/Network\/Interface\/en1\/IPv4 -t 300\n\t\/opt\/local\/sbin\/sshd/g' /opt/local/etc/LaunchDaemons/org.macports.OpenSSH/OpenSSH.wrapper
sudo /opt/local/etc/LaunchDaemons/org.macports.OpenSSH/OpenSSH.wrapper stop
sudo /opt/local/etc/LaunchDaemons/org.macports.OpenSSH/OpenSSH.wrapper start
sudo /opt/local/etc/LaunchDaemons/org.macports.OpenSSH/OpenSSH.wrapper restart
Cribbed and modified from http://blog.aevolu.com/2012/10/stash-als-os-x-dienst_16.html
vi /opt/atlassian/launchd_stash.sh
#!/bin/bash
function shutdown(){
date
echo "Shutting down Stash"
$STASH_ATLAS_HOME/bin/stop-stash.sh
}
function wait_for_death() {
while /bin/kill -0 $1 2> /dev/null ; do
sleep 2
done
}
date
echo "Starting Stash"
export CATALINA_PID=$STASH_ATLAS_HOME/work/catalina.pid
$STASH_ATLAS_HOME/bin/start-stash.sh
trap shutdown QUIT ABRT KILL ALRM TERM TSTP
sleep 120
wait_for_death `cat $CATALINA_PID`
echo "Stash - The End"
chmod +x /opt/atlassian/launchd_stash.sh
sudo vi /Library/LaunchDaemons/com.atlassian.stash.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" ">
<plist version="1.0">
<dict>
<key>Disabled</key><false/>
<key>EnvironmentVariables</key>
<dict>
<key>STASH_ATLAS_HOME</key>
<string>/opt/atlassian/atlassian-stash-2.5.0</string>
<key>JAVA_HOME</key>
<string>/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Home</string>
<key>PATH</key>
<string>/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/git/bin</string>
</dict>
<key>Label</key>
<string>com.atlassian.stash</string>
<key>OnDemand</key><false/>
<key>ProgramArguments</key>
<array>
<string>/opt/atlassian/launchd_stash.sh</string>
</array>
<key>RunAtLoad</key><true/>
<key>ServiceDescription</key>
<string>stash</string>
<key>StandardErrorPath</key>
<string>/opt/atlassian/atlassian-stash-2.5.0/logs/launchd.stderr</string>
<key>StandardOutPath</key>
<string>/opt/atlassian/atlassian-stash-2.5.0/logs/launchd.stdout</string>
<key>UserName</key>
<string>adminuser</string>
</dict>
</plist>
sudo launchctl load -w /Library/LaunchDaemons/com.atlassian.stash.plist