通过IIS反向代理通过https设置YouTrack
[英]Setting up YouTrack via https over IIS Reverse Proxy
问题描述
I am trying up to set YouTrack, along with the JetBrains services TeamCity, Hub and UpSource to run over https by means of an IIS reverse proxy. 
我正在尝试将YouTrack以及JetBrains服务TeamCity,Hub和UpSource设置为通过IIS反向代理在https上运行。
I have operated as detailed in the documentation , but I am not having any success, despite having tried various variants, I have not been able to figure out a successful one. 我已经按照文档中的详细说明进行了操作,但是尽管尝试了各种变体,但是我没有任何成功,但是我还没有找到一个成功的例子。
Currently, we have YouTrack installed on a server under an url like: http://server.company.com:8080/issues 目前,我们已将YouTrack安装在服务器上的URL下,例如: http://server.company.com:8080/issues ://server.company.com:8080/issues
I am trying to get it to work from the following url: https://server.company.com/youtrack/ 我正在尝试通过以下URL使其工作: https://server.company.com/youtrack/ : https://server.company.com/youtrack/
I have already managed to set up an almost identical URL Rewrite for OctopusDeploy on the same server ( https://server.company.com/octopus/ -> http://server.company.com:8888/octopus ), so I know it is at least theoretically possible. 我已经设法在同一服务器( https://server.company.com/octopus/ > http://server.company.com:8888/octopus )上为OctopusDeploy设置了几乎相同的URL重写,所以我知道至少在理论上是可能的。 By extension, I know that the issue must lie with some sort of peculiarity with YouTrack, as opposed to IIS. 通过扩展,我知道问题一定与YouTrack(而不是IIS)有关。 Also, it works for TeamCity, and kinda works for Hub (some security issues due to Hub using http for some things). 此外,它适用于TeamCity,还适用于Hub(由于Hub使用http进行某些处理,因此存在一些安全问题)。
Anyway, my web.config currently looks as follows: 无论如何,我的web.config当前看起来如下:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Reverse Proxy to TeamCity" stopProcessing="true">
<match url="^teamcity/(.*)" />
<action type="Rewrite" url="http://server.company.com/{R:1}" />
</rule>
<rule name="Reverse Proxy to YouTrack" stopProcessing="true">
<match url="^youtrack/(.*)" />
<action type="Rewrite" url="http://server.company.com:8080/issues/{R:1}" />
<serverVariables>
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_FORWARDED_SCHEMA" value="https" />
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
</serverVariables>
</rule>
<!--rule name="Reverse Proxy to Oauth" stopProcessing="true">
<match url="^oauth(.*)" />
<action type="Rewrite" url="http://server.company.com:8080/oauth{R:1}" />
</rule-->
<rule name="Reverse Proxy to Hub" stopProcessing="true">
<match url="^hub/(.*)" />
<action type="Rewrite" url="http://server.company.com:8082/hub/{R:1}" />
</rule>
<rule name="Reverse Proxy to UpSource" stopProcessing="true">
<match url="^upsource/(.*)" />
<action type="Rewrite" url="http://server.company.com:8081/{R:1}" />
</rule>
<rule name="Reverse Proxy to Octopus" stopProcessing="true">
<match url="^octopus/(.*)" />
<action type="Rewrite" url="http://server.company.com:8888/octopus/{R:1}" />
</rule>
<rule name="Reverse Proxy to Collaboration General" stopProcessing="true">
<match url="(.*)" />
<action type="Rewrite" url="http://server.company.com/{R:1}" />
</rule>
</rules>
</rewrite>
<security>
<requestFiltering>
<requestLimits maxUrl="6144" maxQueryString="4096" />
</requestFiltering>
</security>
</system.webServer>
</configuration>
This currently results in a redirect to a TeamCity 404 page that happens when YouTrack somehow manages to make a redirect to https://server.company.com/oauth/?state=%2Fissues%2F that supersedes the URL rewrite, thus causing the default action "Reverse Proxy to Collaboration General" to kick in (I had to add this to get TeamCity to work) because the url no longer matches the pattern for the YouTrack rule. 当前,这导致重定向到TeamCity 404页面,当YouTrack以某种方式设法重定向到https://server.company.com/oauth/?state=%2Fissues%2F ,该页面将代替URL重写,从而导致默认操作“向Collaboration General反向代理”(我必须添加它才能使TeamCity正常工作),因为该URL不再与YouTrack规则的模式匹配。
I have added the following rule to counter this: 我添加了以下规则来解决此问题:
<rule name="Reverse Proxy to Oauth" stopProcessing="true">
<match url="^oauth(.*)" />
<action type="Rewrite" url="http://server.company.com:8080/oauth{R:1}" />
</rule>
However, when this rule is active, I am instead redirected to an empty page under https://server.company.com/oauth?state=%2Fissues%2F . 但是,当此规则处于活动状态时,我将重定向到https://server.company.com/oauth?state=%2Fissues%2F下的空白页。
I have also tried the following variant with trailing "/" after "oauth": 我还尝试了在“ oauth”之后加上“ /”结尾的以下变体:
<rule name="Reverse Proxy to Oauth" stopProcessing="true">
<match url="^oauth/(.*)" />
<action type="Rewrite" url="http://server.company.com:8080/oauth/{R:1}" />
</rule>
However, that only causes the following text-only page to show up: 但是,这只会导致显示以下纯文本页面:
Diese Seite wurde nicht gefunden
Sie sind nicht angemeldet.
Zurück Anmelden Tickets
All these results are for configurations based on the following command: 所有这些结果都是针对基于以下命令的配置:
youtrack.bat configure --listen-port 8080 --base-url https://server.company.com:443
I have also tried the following variant of that command: 我还尝试了该命令的以下变体:
youtrack.bat configure --listen-port 8080 --base-url https://server.company.com/youtrack/
However, that only causes the following error: 但是,这只会导致以下错误:
HTTP ERROR: 404
Problem accessing /issues/. Reason:
Not Found
Powered by Jetty:// 9.3.20.v20170531
Also, changing the web.config not to point to issues, such as follows: 另外,更改web.config使其不指向问题,例如:
<action type="Rewrite" url="http://server.company.com:8080/{R:1}" />
...only causes the error message to change accordingly: ...仅导致错误消息相应地更改:
HTTP ERROR: 404
Problem accessing /. Reason:
Not Found
Powered by Jetty:// 9.3.20.v20170531
At this point, I'm pretty much at my wit's end. 在这一点上,我已经快要结束了。 I've tried everything I can think of and still have not gotten a single step closer to the solution. 我已经尝试了所有我能想到的一切,但距离解决方案仅一步之遥。 I know for a fact that it is possible to run YouTrack under https because the JetBrains issue tracker itself is doing so ( https://youtrack.jetbrains.com ), but I can't figure out how to get it to work for us. 我知道有可能在https下运行YouTrack,因为JetBrains问题跟踪程序本身就是这样做的( https://youtrack.jetbrains.com ),但我不知道如何让它为我们工作。
Does anyone have any ideas how I could resolve this? 有谁知道如何解决这个问题? Any pointers or suggestions would be greatly appreciated at this point. 在这一点上,任何指示或建议将不胜感激。
UPDATE 4-Apr-2018 更新2018年4月4日
I have made some progress with this, but it is still not quite working. 我已经在此方面取得了一些进展,但是仍然无法正常工作。
A customer support employee from YouTrack pointed out to me that the base url and the redirect url need to end on the same path, so I used this command on the youtrack.bat... YouTrack的一位客户支持员工向我指出,基本URL和重定向URL必须在同一路径上结束,因此我在youtrack.bat上使用了此命令...
youtrack.bat configure --listen-port 8080 --base-url http://server.company.com:8080/youtrack
...and set the web.config section up as follows: ...并按如下所示设置web.config部分:
<rule name="Reverse Proxy to YouTrack" stopProcessing="true">
<match url="^youtrack(.*)" />
<action type="Rewrite" url="http://server.company.com:8080/youtrack{R:1}" />
<serverVariables>
<set name="HTTP_X_FORWARDED_HOST" value="{HTTP_HOST}" />
<set name="HTTP_X_FORWARDED_SCHEMA" value="https" />
<set name="HTTP_X_FORWARDED_PROTO" value="https" />
</serverVariables>
Now I get as far as the login. 现在我可以登录。
From this point onwards, the problem appears to be related to Hub, because the login redirects me to the http version of hub and then traps me in an endless loop, where every login attempt just redirects to the login page. 从这一点开始,问题似乎与集线器有关,因为登录将我重定向到集线器的http版本,然后陷入无限循环,其中每次登录尝试都仅重定向到登录页面。
2 个解决方案
解决方案1
1 2018-04-03 17:07:46
Please change base URLs from http to https for both YouTrack( https://www.jetbrains.com/help/youtrack/standalone/Reverse-Proxy-Configuration.html#Change_Base_URL ) and Hub( https://www.jetbrains.com/help/hub/Proxy-Configuration.html#change-baseurl-zip-msi ) and restart both services. 请将YouTrack( https://www.jetbrains.com/help/youtrack/standalone/Reverse-Proxy-Configuration.html#Change_Base_URL )和Hub( https://www.jetbrains.com )的基本URL从http更改为https /help/hub/Proxy-Configuration.html#change-baseurl-zip-msi ),然后重新启动这两个服务。 Please should also solve the problem with the redirection. 请也应解决重定向问题。 If it doesn't, then please try cleaning the browser cache and check again. 如果不是,请尝试清理浏览器缓存并再次检查。 Please let me know if it helps. 请告诉我是否有帮助。
解决方案2
1 2018-04-09 06:05:58
Okay, so I figured out how to do this. 好的,所以我想出了办法。 Ana's answer was almost correct, but it lacked one final crucial step: Reconfiguring the hub-url parameter for YouTrack to match the new Hub URL. Ana的答案几乎是正确的,但是它缺少最后的关键步骤:为YouTrack重新配置hub-url参数以匹配新的Hub URL。
NOTE: All commands beginning with hub.bat need to be performed on the hub.bat file in [Hub Installation Directory]\\bin and all commands beginning with youtrack.bat need to be performed on the youtrack.bat file in [YouTrack Installation Directory]\\bin . 注:开头的所有命令hub.bat需要在执行hub.bat文件[Hub Installation Directory]\\bin ,所有的命令开始与youtrack.bat必须在执行youtrack.bat文件[YouTrack Installation Directory]\\bin 。
youtrack.bat stop
hub.bat stop
hub.bat configure --listen-port 8082 --base-url https://server.company.com/hub
youtrack.bat configure --listen-port 8080 --base-url=https://server.company.com/youtrack --hub-url=https://server.company.com/hub/hub
hub.bat start
youtrack.bat start
NOTE: I don't know why, but Hub appends an extra /hub after its base address, that's why the hub-url setting for YouTrack ends with /hub/hub . 注意:我不知道为什么,但是Hub会在其基址之后附加一个额外的/ hub,这就是为什么YouTrack的hub-url设置以/hub/hub结尾的原因。
After that, all I needed to do was add the redirection URL to the list of allowed redirection URLs for YouTrack in Hub > Settings > Services > YouTrack, and now it works perfectly. 之后,我需要做的就是将重定向URL添加到集线器>设置>服务> YouTrack中的YouTrack允许的重定向URL列表中,现在可以正常使用了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.