Skip to content

Jira Confluence HTTPS Reverse Proxy

Michael Adams edited this page Oct 17, 2018 · 3 revisions

Assumes use of Certbot via cron task to stop & restart h2o as needed.

user: http
access-log: /var/log/h2o/access-log
error-log: /var/log/h2o/error-log
http2-reprioritize-blocking-assets: ON
http2-casper: ON
http2-idle-timeout: 300
http2-max-concurrent-requests-per-connection: 256
http2-latency-optimization-min-rtt: 120
compress: ON
http1-request-timeout: 300
proxy.timeout.io: 300000
proxy.preserve-host: ON

hosts:
  "WEBSERVER:80":
    listen:
      port: 80
    paths:
      "/":
        redirect: WEBSERVER:443
  "WEBSERVER:443":
    listen:
      port: 443
      ssl:
        certificate-file: /etc/letsencrypt/live/WEBSERVER/fullchain.pem
        key-file: /etc/letsencrypt/live/WEBSERVER/privkey.pem
        minimum-version: TLSv1.2
        dh-file: /etc/ssl/dhparam.pem
        cipher-suite: TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM
    paths:
      "/jira":
        proxy.reverse.url: http://192.0.2.5:8080/jira
      "/confluence":
        proxy.reverse.url: http://192.0.2.6:8090/confluence
      "/server-info.action":
        proxy.reverse.url: http://192.0.2.6:8090/confluence/server-info.action
      "/synchrony":
        proxy.reverse.url: http://192.0.2.6:8091/synchrony
      "/":
        file.dir: /var/www