Youtrack behind Apache proxy over SSL

Youtrack behind Apache proxy over SSL

Author: Dennis Doubovski
This guide shows how to run a local copy of Youtrack behind Apache SSL proxy on a public accessible
domain.

Youtrack Installation
Download the Youtrack jar file and place it in your homedir on the target server. Then create
a youtrack user and group and move the jar to this user's homedir:
$ sudo adduser --disabled-password youtrack
# Answer the questions ...
$ sudo mv youtrack-<VERSION>.jar /home/youtrack/
$ sudo chown youtrack /home/youtrack/youtrack-4.2.1.jar
Next we need to alter Youtrack's internal configuration file to force the server to listen only on localhost:
$ sudo su - youtrack
$ mkdir youtrack
$ cd youtrack
$ jar xf ../youtrack-*.jar
$ vi jetbrains/mps/webr/standalone/runtime/standalone.xml
# Add the following line after "<Set name="port">8081</Set>"
<Set name="host">localhost</Set>
Next recreate the jar file, make sure that the original Youtrack jar is not in your working directory:
$ cp META-INF/MANIFEST.MF Manifest.txt
$ jar cfm ../youtrack-<VERSION>-repack.jar Manifest.txt *
$ cd ..
$ ls -hl
Check that you now have 2 jar files named youtrack-<VERSION>.jar and youtrack-<VERSION>repack.jar with roughly equal filesize. You can now start Youtrack to check that your modifications
worked:
$ screen

$ java -jar youtrack*-repack.jar 9090

$ curl -I http://localhost:9090
The curl command should output an empty page with a Location header, it can take a while to
execute because Youtrack is initialises itself upon the first request.

Apache configuration
Create and open /etc/apache2/sites-enabled/ssl-bugs:
$ vi /etc/apache2/sites-enabled/ssl-bugs
And paste the following configuration
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName bugs.mydomain.com
ServerAlias bugs

DocumentRoot /home/youtrack

<Location />
SSLRequireSSL

Header edit Location ^http: https:

</Location>

ProxyRequests Off
ProxyPass / http://localhost:9090/
ProxyPassReverse / http://localhost:9090/

ErrorLog /var/log/apache2/ssl_bugs-error.log
LogLevel warn
CustomLog /var/log/apache2/ssl_bugs-access.log combined

SSLEngine on

SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

SSLCertificateFile /etc/ssl/certs/STAR_mydomain.com.crt
SSLCertificateKeyFile /etc/ssl/private/STAR_mydomain.com.key.nopass
SSLCertificateChainFile /etc/ssl/certs/AddTrustExternalCARoot.crt
SSLCertificateChainFile /etc/ssl/certs/PositiveSSLCA2.crt
</VirtualHost>
</IfModule>
This will proxy requests to https://bugs.mydomain.com to Youtrack, and will also
rewriteLocation headers to use https. Restart apache to apply changes:
$ sudo service apache2 reload

Configure Youtrack (first time only)

Visit your Youtrack url https://bugs.mydomain.com, a welcome screen will appear where you can
configure Youtrack. For now the only important configuration flags are Base URLset it
to https://bugs.mydomain.com and the root password, set it to something secure!