Last active
August 26, 2018 18:46
-
-
Save superbiche/428e7d23929284ba6ee5337517877e8f to your computer and use it in GitHub Desktop.
Setup Jetbrains Hub / YouTrack / TeamCity / UpSource as Sytemd services with Nginx SSL reverse-proxy on Docker & Ubuntu 18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=JetBrains Hub Service | |
| After=docker.service | |
| Requires=docker.service | |
| [Service] | |
| TimeoutStartSec=0 | |
| Restart=always | |
| User=jb-hub | |
| Group=jb-hub | |
| ExecStartPre=-/usr/bin/docker exec %n stop | |
| ExecStartPre=-/usr/bin/docker rm %n | |
| ExecStartPre=/usr/bin/docker pull jetbrains/hub:2018.2.10218 | |
| ExecStart=/usr/bin/docker run --rm --name %n \ | |
| -v /var/opt/jb-hub/data:/opt/hub/data \ | |
| -v /var/opt/jb-hub/conf:/opt/hub/conf \ | |
| -v /var/opt/jb-hub/logs:/opt/hub/logs \ | |
| -v /var/opt/jb-hub/backups:/opt/hub/backups \ | |
| -p 45082:8080 \ | |
| jetbrains/hub:2018.2.10218 | |
| [Install] | |
| WantedBy=default.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=YouTrack Service | |
| After=docker.service docker.jb-hub.service | |
| Requires=docker.service docker.jb-hub.service | |
| [Service] | |
| TimeoutStartSec=0 | |
| Restart=always | |
| User=youtrack | |
| Group=youtrack | |
| ExecStartPre=-/usr/bin/docker exec %n stop | |
| ExecStartPre=-/usr/bin/docker rm %n | |
| ExecStartPre=/usr/bin/docker pull jetbrains/youtrack:2018.2.44329 | |
| ExecStart=/usr/bin/docker run --rm --name %n \ | |
| -v /var/opt/youtrack/data:/opt/youtrack/data \ | |
| -v /var/opt/youtrack/conf:/opt/youtrack/conf \ | |
| -v /var/opt/youtrack/logs:/opt/youtrack/logs \ | |
| -v /var/opt/youtrack/backups:/opt/youtrack/backups \ | |
| -p 45083:8080 \ | |
| jetbrains/youtrack:2018.2.44329 | |
| [Install] | |
| WantedBy=default.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream hub-backend { | |
| server 127.0.0.1:45083; | |
| } | |
| server { | |
| listen *:80; | |
| listen *:443 ssl http2; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_certificate /etc/letsencrypt/live/hub.superbiche.co/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/hub.superbiche.co/privkey.pem; | |
| server_name hub.superbiche.co; | |
| if ($scheme != "https") { | |
| rewrite ^ https://$http_host$request_uri? permanent; | |
| } | |
| error_log /var/log/nginx/hub.superbiche.co/error.log; | |
| access_log /var/log/nginx/hub.superbiche.co/access.log combined; | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| expires max; | |
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
| } | |
| location / { | |
| proxy_http_version 1.1; | |
| #proxy_redirect off; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forward-Proto $scheme; | |
| proxy_set_header X-Nginx-Proxy true; | |
| proxy_pass http://hub-backend/; | |
| } | |
| location /api/eventSourceBus { | |
| proxy_cache off; | |
| proxy_buffering off; | |
| proxy_read_timeout 86400s; | |
| proxy_send_timeout 86400s; | |
| proxy_set_header Connection ''; | |
| chunked_transfer_encoding off; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_http_version 1.1; | |
| proxy_pass http://hub-backend/; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export JB_HUB_VERSION="2018.2.10218" | |
| export JB_HUB_PORT="45082" | |
| useradd -m -d /var/opt/jb-hub --system --shell /usr/bin/zsh jb-hub | |
| usermod -aG docker jb-hub | |
| su - jb-hub | |
| mkdir -p -m 750 ~/{data,conf,logs,backups} | |
| # If this one doesn't work, try again with sudo and a sudoer account | |
| chown -R 13001:13001 ~/{data,conf,logs,backups} | |
| # Try to run the container | |
| docker run -it --name hub-server-instance \ | |
| -v /var/opt/jb-hub/data:/opt/jb-hub/data \ | |
| -v /var/opt/jb-hub/conf:/opt/jb-hub/conf \ | |
| -v /var/opt/jb-hub/logs:/opt/jb-hub/logs \ | |
| -v /var/opt/jb-hub/backups:/opt/jb-hub/backups \ | |
| -p ${JB_HUB_PORT}:8080 \ | |
| jetbrains/hub:${JB_HUB_VERSION} | |
| # If working, you should see a list log line like this: | |
| # JetBrains Hub 2018.2 Configuration Wizard will listen inside container on {0.0.0.0:8080}/ after start and can be accessed by URL [http://<put-your-docker-HOST-name-here>:<put-host-port-mapped-to-container-port-8080-here>/?wizard_token=eCZTGzAHw4uKaIyc6BuY] | |
| # | |
| # You can now stop the container with Ctrl+C | |
| # To run jb-hub as a systemd service: | |
| #todo wget Gist URL | |
| cat docker.jb-hub.service.example > /etc/systemd/system/docker.jb-hub.service | |
| systemctl daemon-reload | |
| systemctl start docker.jb-hub | |
| # | |
| # Check if docker process is running | |
| # | |
| docker ps | |
| #CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |
| #044541ff1224 jetbrains/hub:2018.2.10218 "/bin/bash /run.sh" 20 minutes ago Up 15 minutes 0.0.0.0:45082->8080/tcp jb-hub-server-instance | |
| # | |
| # Check if instance is working | |
| # | |
| docker logs jb-hub-server-instance | |
| # * JetBrains Hub 2018.2 Configuration Wizard will listen inside container on {0.0.0.0:8080}/ after start and can be accessed by URL [http://<put-your-docker-HOST-name-here>:<put-host-port-mapped-to-container-port-8080-here>/?wizard_token=TOKEN] | |
| # Start on boot | |
| systemctl enable docker.jb-hub | |
| # For Nginx SSL reverse-proxy configuration see hub-ssl.vhost.conf | |
| # If you need a Let's Encrypt Free SSL certificate: | |
| certbot certonly --email myemail@mydomain.com -d hub.mydomain.conf --rsa-key-size 4096 -a webroot --webroot-path /usr/share/nginx/html | |
| # Don't forget to add a weekly crontab to renew your SSL certificates! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| export YOUTRACK_VERSION="2018.2.44329" | |
| export YOUTRACK_PORT="45083" | |
| useradd -m -d /var/opt/youtrack --system --shell /usr/bin/zsh youtrack | |
| usermod -aG docker youtrack | |
| su - youtrack | |
| mkdir -p -m 750 ~/{data,conf,logs,backups} | |
| # If this one doesn't work, try again with sudo and a sudoer account | |
| chown -R 13001:13001 ~/{data,conf,logs,backups} | |
| # Try to run the container | |
| docker run -it --name youtrack-server-instance \ | |
| -v /var/opt/youtrack/data:/opt/youtrack/data \ | |
| -v /var/opt/youtrack/conf:/opt/youtrack/conf \ | |
| -v /var/opt/youtrack/logs:/opt/youtrack/logs \ | |
| -v /var/opt/youtrack/backups:/opt/youtrack/backups \ | |
| -p ${YOUTRACK_PORT}:8080 \ | |
| jetbrains/youtrack:${YOUTRACK_VERSION} | |
| # If working, you should see a list log line like this: | |
| # JetBrains YouTrack 2018.2 Configuration Wizard will listen inside container on {0.0.0.0:8080}/ after start and can be accessed by URL [http://<put-your-docker-HOST-name-here>:<put-host-port-mapped-to-container-port-8080-here>/?wizard_token=TOKEN] | |
| # | |
| # You can now stop the container with Ctrl+C | |
| # To run Youtrack as a systemd service: | |
| #todo wget Gist URL | |
| cat docker.youtrack.service.example > /etc/systemd/system/docker.youtrack.service | |
| systemctl daemon-reload | |
| systemctl start docker.youtrack | |
| # | |
| # Check if docker process is running | |
| # | |
| docker ps | |
| #CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES | |
| #044541ff1224 jetbrains/youtrack:2018.2.44329 "/bin/bash /run.sh" 20 minutes ago Up 15 minutes 0.0.0.0:45083->8080/tcp youtrack-server-instance | |
| # | |
| # Check if instance is working | |
| # | |
| docker logs youtrack-server-instance | |
| # JetBrains YouTrack 2018.2 Configuration Wizard will listen inside container on {0.0.0.0:8080}/ after start and can be accessed by URL [http://<put-your-docker-HOST-name-here>:<put-host-port-mapped-to-container-port-8080-here>/?wizard_token=TOKEN] | |
| # Start on boot | |
| systemctl enable docker.youtrack | |
| # For Nginx SSL reverse-proxy configuration see youtrack-ssl.vhost.conf | |
| # If you need a Let's Encrypt Free SSL certificate: | |
| certbot certonly --email myemail@mydomain.com -d youtrack.mydomain.conf --rsa-key-size 4096 -a webroot --webroot-path /usr/share/nginx/html | |
| # Don't forget to add a weekly crontab to renew your SSL certificates! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream youtrack-backend { | |
| server 127.0.0.1:45083; | |
| } | |
| server { | |
| listen *:80; | |
| listen *:443 ssl http2; | |
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_certificate /etc/letsencrypt/live/youtrack.superbiche.co/fullchain.pem; | |
| ssl_certificate_key /etc/letsencrypt/live/youtrack.superbiche.co/privkey.pem; | |
| server_name youtrack.superbiche.co; | |
| if ($scheme != "https") { | |
| rewrite ^ https://$http_host$request_uri? permanent; | |
| } | |
| error_log /var/log/nginx/youtrack.superbiche.co/error.log; | |
| access_log /var/log/nginx/youtrack.superbiche.co/access.log combined; | |
| location = /favicon.ico { | |
| log_not_found off; | |
| access_log off; | |
| expires max; | |
| add_header Cache-Control "public, must-revalidate, proxy-revalidate"; | |
| } | |
| location / { | |
| proxy_http_version 1.1; | |
| #proxy_redirect off; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forward-Proto $scheme; | |
| proxy_set_header X-Nginx-Proxy true; | |
| proxy_pass http://youtrack-backend/; | |
| } | |
| location /api/eventSourceBus { | |
| proxy_cache off; | |
| proxy_buffering off; | |
| proxy_read_timeout 86400s; | |
| proxy_send_timeout 86400s; | |
| proxy_set_header Connection ''; | |
| chunked_transfer_encoding off; | |
| proxy_set_header X-Forwarded-Host $http_host; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_http_version 1.1; | |
| proxy_pass http://youtrack-backend/; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment