Now that we have a good understanding of the overall architecture of Confluence and the various installation options, we are ready to install our own Confluence instance.
In the following exercise, we will be installing and configuring a fresh Confluence instance that will be ready for production. We will be using the standalone bundle, and the installation will be based upon the Windows platform. If you are planning on using a different operating system, please refer to https://confluence.atlassian.com/display/DOC/Installing+Confluence for details on installing Confluence on that specific platform.
In this exercise we will:
We will continue to use this Confluence instance in other chapters and exercises as we prepare Confluence for usage within your own organization.
For our implementation, we will be using:
Confluence requires Java to be installed on the system, so this is our first step. Confluence 5.1 requires the latest update of JDK 7. If you are installing a different version of Confluence, make sure if JDK 7 is supported. Your choice between a 32-bit or 64-bit version depends on the amount of memory you want to allocate to Confluence; if it's more then 4 GB, pick the 64-bit version as 4 GB is the upper limit for the 32-bit version.
Currently, it is only possible to install Confluence as a Windows service if it is running on a 32-bit Java version.
Perform the following steps to install Java on your system:
JAVA_HOME
for the rest of the book.JAVA_HOME
with the path where you just installed Java, as shown in the following screenshot:java –version
This should display the version of Java installed:
C:>java –version java version "1.7.0_17" Java(TM) SE Runtime Environment (build 1.7.0_17-b02) Java HotSpot(TM) Client VM (build 23.7-b01, mixed mode, sharing)
The next step is to prepare a database for our Confluence installation.
To install PostgreSQL, simply perform the following steps:
p0stgre$
, to keep it simple and easy to remember during this exercise and confirm to the Windows 2008 password security rules.Now that PostgreSQL is installed on our machine, we need to create a dedicated user and database for Confluence to use. This will prevent other users of the application from accessing Confluence data.
Perform the following steps to create a new user and a database:
Now that we have the JDK and database prepared, we have met all the conditions required to install Confluence on our machine. In order to get Confluence installed we have to:
Optionally, we can configure Confluence to use HTTPS and run as a Windows service.
Perform the following steps to unpack Confluence:
c:/confluence/
. It is recommended to use a third-party unzip software, such as 7-Zip or WinZip, as there are known issues with the unzip application provided with Windows. You can choose a different installation path; just make sure that you don't use spaces in your directory path.C:confluenceatlassian-confluence-5.1
will now be known as CONF_INSTALL
. Next, we will define the Confluence Home directory.Next we have to define and configure CONF_HOME
. Remember that we want to keep our data separated from our installation data.
c:confluencedata
; this directory will now be known as CONF_HOME
.CONF_INSTALL
and open the file confluenceWEB-INFclassesconfluence-init.properties
in your favorite text editor.
# confluence.home=c:/confluence/data
#
and the space at the beginning of this line, so that Confluence no longer regards it as a comment.CONF_HOME
, then change the path accordingly. Please note the following:/
to define the path.By default, Confluence runs on port 8090 with no context path. This means that after starting Confluence it will be available at http://localhost:8090/
. If you have another application running on your machine that is using the same ports, you may need to change the port Confluence will use. Changing the context path is useful when you are running your applications behind a proxy and want to access them with the same domain, for example, http://example.com/jira
and http://example.com/confluence
. For this exercise we will be changing the context Confluence is running on to /confluence
.
To change the ports for Confluence, open the file conf/server.xml
under your CONF_INSTALL
directory. An extract from that file is shown here:
<Server port="8000" shutdown="SHUTDOWN" debug="0"> <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8090"…. /> <Context path="/confluence" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
Downloading the example code
You can download the example code files for all Packt books you have purchased from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
Line 1: This line specifies the port for the command to shut down Tomcat. By default this port is 8000. If you already have an application running on that port, you can change this to another port.
Line 2: This line specifies on which port Confluence/Tomcat will be running. By default this is port 8090. If that port is unavailable for some reason, you can change it to another available port.
Line 3: This line allows you to change the context path on which Confluence will be available. By default the path is empty, meaning Confluence will be available on http://hostname:portnumber/
.
For this exercise we will change the context path to /confluence
, as shown in the previous file.
In order to use the share and notification features from Confluence an e-mail account has to be set up. Normally, we could do this using the Confluence interface, but there is an exception if you want to use SMTPS, with your Gmail account for example. So for this exercise we will be configuring Confluence to use your Gmail account for sending e-mail notifications to the users.
activation-1.0.2.jar
and mail-1.4.1.jar
from CONF_INSTALL/confluence/WEB-INF/lib
to CONF_INSTALL/lib
.CONF_INSTALL/conf/server.xml
; make sure to add it just before the </Context>
tag.<Resource name="mail/GmailSMTPServer" auth="Container" type="javax.mail.Session" mail.smtp.host="smtp.gmail.com" mail.smtp.port="465" mail.smtp.auth="true" mail.smtp.user="[email protected]" password="yourPassword" mail.smtp.starttls.enable="true" mail.transport.protocol="smtps" mail.smtp.socketFactory.class="javax.net.ssl.SSLSocketFactory" />
[email protected]
and yourPassword
with the proper values for your account.
java:comp/env/mail/GmailSMTPServer
Note that the name is case-sensitive.
By default, Confluence runs with a standard, non-encrypted HTTP protocol. This is acceptable if you are running Confluence in a secured environment, such as an internal network. However, if you are planning to open up access to Confluence via the Internet, you need to tighten the security. We will be doing this by configuring Confluence to run over HTTPS (HTTP over SSL), so that login information and data are encrypted during transport over the Internet.
For a standalone installation, we need to perform the following tasks:
First, we need to get a digital certificate. This can be one from a Certification Authority such as VeriSign or StartSSL (CA certificate), or a self-signed certificate generated by you. A CA certificate will not only encrypt your data, but also identify your copy of Confluence to users. A self-signed certificate is useful when you do not have a valid CA certificate and you are only interested in setting up HTTPS for encryption.
Because a self-signed certificate is not signed by a Certificate Authority, users may receive a message that the site is not to be trusted and may have to perform several steps to accept the certificate before they can access the site. This usually will only occur the first time they access the site. A self-signed certificate is great for evaluation purposes, but I would recommend a CA certificate for your production environment.
For the purpose of this exercise we will create a self-signed certificate. If you already have a CA certificate you can, of course, use that certificate.
Follow these steps to generate a certificate using Java's keytool utility. This tool is included in the JDK and can be found in JAVA_HOME/bin
.
"%JAVA_HOME%/bin/keytool.exe" -genkeypair -alias tomcat -keyalg RSA
changeit
.For example, for our Confluence, running on localhost:
CN = localhost
, OU = Confluence Essentials
, O = Packt
, C = UK
y
to confirm the details.tomcat
(the alias you entered in the keytool command), press the Enter key. You must use the same password here as the one that was used for the keystore password. This is a restriction of the Tomcat implementation.Our self-signed certificate is now available in Java's keystore. If you are using a previously generated certificate or a CA certificate, you will need to import that certificate into Java's keystore. This can be done with the following command:
keytool -importcert -alias tomcat -file <MY_CERTIFICATE_FILENAME>
To enable HTTPS, open the CONF_INSTALL/conf/server.xml
file in a text editor. Locate and uncomment the following lines:
<Connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSLEnabled="true" URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
This connector will enable HTTPS for Confluence on port 8443. We will have to replace <MY_CERTIFICATE_PASSWORD>
with the password we specified when creating our certificate. In our case this would be changeit
.
By default, Tomcat expects the keystore file to be named .keystore
and be located in the user home directory under which Tomcat is running. This could be a different account than your own, and therefore, can be another directory. If your certificate is not in the default location, you will have to update the server configuration to include keystoreFile="<MY_CERTIFICATE_LOCATION>"
in the connector element.
Although HTTPS is now active and available, the old HTTP URLs are still available. We will have to set up Confluence so that it will redirect automatically from an HTTP to an HTTPS request. We will need to do this by adding a security constraint in web.xml
.
Open CONF_INSTALL/confluence/WEB-INF/web.xml
and add the following snippet to the end of the file, before the </web-app>
tag:
<security-constraint> <web-resource-collection> <web-resource-name>Restricted URLs</web-resource-name> <url-pattern>/</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
This will cause Tomcat to redirect all requests that come in on a non-SSL port. The first part will make sure all URLs are checked by this security constraint. The second part will guarantee that HTTPS is used for transportation.
Under Windows, Confluence can be configured to run as a Windows service, thus starting up automatically when the operating system reboots. This is recommended, as the alternative is having a console window open on the machine, which could be accidentally closed, thus shutting down Confluence.
To configure Confluence as a Windows service, simply perform the following steps:
CONF_INSTALL/bin
directory.service.bat install Confluence
You can now start, stop, and restart Confluence from the Windows service panel.
52.15.214.27