How to configure a basic Apache reverse proxy for Hipchat Data Center
Reference configuration only
This article provides an example configuration to help you set up your Hipchat Data Center deployment, however third-party software might require extra configuration work to function in your environment. Atlassian provides best-effort to assist you with your deployment, but does not directly support these components.
Purpose
This article provides guidance on how to configure a basic Apache reverse proxy for use in a Small-Scale Hipchat Data Center environment.
Prepare
- Make sure the system on which Apache will be installed meets the Hardware Requirements for the Load Balancer Node
- Install Apache2 via the commands compatible with your operating system
- Setup your firewall on your reverse proxy server to accept traffic on port 443. Optionally, you can accept traffic on port 80, the reverse proxy will redirect it to 443 anyways.
Make sure a DNS record exists for the load balancer node and obtain an SSL certificate per the Reverse Proxy Configuration Requirements.
The process of obtaining an SSL certificate falls outside of the scope of this guide. There are plenty of resources on the Internet that can guide you through the process. For example: "How to Install an SSL Certificate from a Commercial CA"
Configure
As the root user, create
/etc/apache2/sites-available/hipchat.conf
and add the sample configuration below:<VirtualHost *:443> ServerName hipchat.example.com KeepAlive On KeepAliveTimeout 120 MaxKeepAliveRequests 100 SSLEngine On CustomLog /var/log/apache2/hipchat.log combined ProxyPreserveHost On SSLCertificateFile /etc/apache2/ssl/ca.crt SSLCertificateKeyFile /etc/apache2/ssl/ca.key ProxyPass / http://hipchat01.example.com:80/ ProxyPassReverse / http://hipchat01.example.com:80/ </VirtualHost> <VirtualHost *:80> RewriteEngine on RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost>
hipchat01.example.com
is the DNS name of your node.SSLCertificateFile
andSSLCertificateKeyFile
indicate the location of your SSL certificate and key respectively.The
<VirtualHost *:80>
section handles the redirection from HTTP to HTTPSSave the changes to the file.
Create a symbolic link to the config file under
/etc/apache2/sites-available/
to enable the new config:ln -s /etc/apache2/sites-available/hipchat.conf /etc/apache2/sites-enabled/hipchat.conf
Restart the Apache service, the command to run depends on your environment.