Overview of series “How to run Jira and Confluence behind NGINX reverse proxy on Docker”
- Run Atlassian Jira and Confluence with PostgreSQL on Docker
- NGINX as reverse proxy for Jira and Confluence on Docker
- Disable external access to PostgreSQL
- Enable SSL for NGINX reverse proxy using Let’s Encrypt on Docker
The next step will be to disable external access to PostgreSQL. It should be only accessible inside of the Atlassian service network in our Docker host. And the containers should communicate directly with the PostgreSQL. Currently the communication is going through the IP of the Docker host.
Start PostgreSQL container with new settings
First we will stop Jira, Confluence and PostgreSQL and then recreate the PostgreSQL container with new settings (without exposing port 5432 and connected to the Atlassian network):
docker stop jira confluence postgres docker rm postgres docker run -d \ --name postgres \ -e POSTGRES_USER=postgres \ -e POSTGRES_PASSWORD=mysecretpassword \ -v postgresdata:/var/lib/postgresql/data \ --network atlassian \ postgres:10
Update database connection settings for Jira, Confluence and pgAdmin
In the first post of this series we used the IP address of the Docker host to connect to the database. Now we will change this to the containers internal name of the database container.
Configuration files for the database connection of Jira and Confluence are stored in the application data volume. By default Docker stores volumes in /var/lib/docker/volumes. If you have changed this path in your installation you will need to adjust it also here.
Updata database connection setting for Jira
In the XML file exchange the IP address in the parameter “url” with the container name “postgres“.
Update database connection setting for Confluence
In the XML file in the properties section look for the property “hibnerate.connection.url“. In it’s value also exchange the IP address with the container name as you did before.
Update connection settings in pgAdmin
Also update the connection settings in pgAdmin. Open pgAdmin in your browser by entering PGADMIN.YOURDOMAIN.COM.
Right click the existing server connection and go to “Properties“. In the “Connection” tab adjust the “Host name/address” to “postgres” and click onto “Save“.
Start Jira and Confluence containers
Start Jira and Confluence containers again and check if everything works.
docker start jira confluence
The PostgreSQL container with its databases are now restricted for internal use in the Docker network. To administrate it we have setup pgAdmin. However, the connections to our NGINX reverse proxy are still unsecure. In the next step we will setup SSL with Let’s Encypt.