search

teamatldocker / confluence

Dockerized Atlassian Confluence
https://hub.docker.com/r/teamatldocker/confluence/
MIT License
301 stars 147 forks source link

Broken user directory link between Confluence and JIRA containers #51

Closed rwarren closed 6 years ago

rwarren commented 6 years ago

The question is: How do you configure the container(s) so that JIRA can be used for User management?

More detail...

I am using both the blacklabelops/jira and blacklabelops/confluence containers. Jira has been linked to Confluence, with the intent that Jira be used as the User server/directory.

fwiw, I am also running behind an nginx proxy using letsencrypt (using steveltn/https-portal).

Initial installation and usage work great for the initial admin user, but users created beyond the initial user cannot log into Jira.

More specifically, synchronizing the user directory from the Jira container (in Confluence Administration -> User Directories, for the Remote Jira directory) fails with a cryptic error:

Synchronisation failed. See server logs for details.

... but the logs aren't super helpful (I think the request is Forbidden for some reason).

I'm pretty sure this must be due to the docker container configurations, but am not sure.

I've found a few pages online where @blacklabelops was having similar issues, but they are pretty old (early 2016) and have not been helpful for me yet:

Those both indicate that the cacert needs to be updated, but 1) I'd be surprised if letsencrypt isn't in there by now, and 2) I can't seem to even view the /opt/jira/jre/lib/security/cacerts file inside the container without the container hanging!

How do you configure the container(s) so that JIRA can be used for User management?

rwarren commented 6 years ago

Aha!! The issue appears to be the IP address that the Confluence instance is trying to connect from. It is some random 172.16.xx.xx address due to the way Docker networking works. It probably reassigns a random address in this range every boot, or something.

I seem to have it working now.

To fix it you need to configure JIRA to allow the Confluence instance to connect from any IP in that range. This is done in JIRA admin settings through "Administration -> User Management -> JIRA User Server". Then set the Confluence application (or whatever other dockerized thing you have) to have an IP address of 172.16.0.0/12 (JIRA accepts CIDR notation here).

blacklabelops commented 6 years ago

I am using a solution without ip adress .

My solution with a reverse proxy:

version: '2'

services:
  # HTTPS-ReverseProxy
  nginx:
    image: blacklabelops/nginx
    container_name: nginx
    networks:
      default:
        aliases:
          - 'confluence.yourdomain.net'
          - 'jira.yourdomain.net'
    ports
      - '443:443'
      - '80:80'

Confluence is now accessible over reverse proxy inside and outside the docker network under confluence.yourdomain.net.