How to configure Apache for caching and HTTP/2
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Atlassian products interface with a variety of technologies. Front-end solutions like Web Servers (eg Apache HTTP Server), load balancers, single sign-on solutions (SSO), SSL certificates, and LDAP repositories add functionality that is often critical to functioning of our products. Atlassian will endeavor to provide documentation for integration with these 3rd party applications (such as this) but does not provide support for 3rd party applications. We are unable to provide support when a failure in a 3rd party application occurs. From: Atlassian Support Offering.
Purpose
This knowledge base article describes a workaround for Data Center customers who want to use the CDN feature, but can't use a third-party CDN vendor, such as CloudFront, CloudFlare, Akamai, etc.
Note that for most installations the standard CDN feature is the most suitable option instead. You can learn about this feature on the pages Use a CDN with Atlassian Jira Data Center applications and Configure your CDN for Confluence Data Center.
Solution
If using a third-party CDN is not an option for your organisation, you can deploy your own caching proxies close to where your teams are located, for example in each of your satellite offices. Your proxies should all share the same DNS address. This is the URL you'll provide in the CDN setup screen in your Data Center application.
Here are the basic requirements:
You will need to enable HTTP/1.1 on backend, and disable the experimental HTTP/2 client component as follows:
a2enmod proxy_http headers; a2dismod proxy_http2Enable SSL, disk cache, and HTTP/2 protocol on the user-facing side as follows:
a2enmod ssl cache_disk http2Ensure that Prefork mpm is disabled, and either Event mpm or Worker mpm is enabled (Event mpm is recommended by Apache: See https://httpd.apache.org/docs/trunk/howto/http2.html#mpm-config)
a2dismod mpm_prefork; a2enmod mpm_eventCreate the disk location for your cache:
mkdir /var/cache/apache-web-cache
chown www-data.www-data /var/cache/apache-web-cache
chmod 755 /var/cache/apache-web-cacheConfigure your Apache site. Here's an example configuration. The important points are HTTP/2 protocol, SSL, and cache.
Protocols h2
<VirtualHost webcache:443>
ServerAdmin admin@localhost
LogLevel info
ServerName cdn
SSLEngine On
SSLProxyEngine On
SSLCertificateFile "/etc/ssl/webcache.crt"
SSLCertificateKeyFile "/etc/ssl/webcache.key"
SSLProxyCACertificateFile "/etc/ssl/myrootCA.pem"
RequestHeader unset Cookie
Header unset Set-Cookie
ProxyPass / https://172.19.0.20/
ProxyPassReverse / https://172.19.0.20/
CacheRoot "/var/cache/apache-web-cache/"
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1
</VirtualHost>If you need more assistance, consult the Apache documentation about caching: https://httpd.apache.org/docs/2.4/caching.html and about setting up high availability configurations for reverse proxies: https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html