7 октября 2019
Two heads are better than one.
— Folk wisdom
The larger the company grows, the more documentation of various types it requires. There are all sorts of documents, i.e. instructions for employees and descriptions of problem solutions, etc. If you have a small number of employees, you might not create any documentation at all. After all, it's easier to explain basic things verbally. But what if there are a lot of employees or there is a large turnover of personnel in some position? You can use regular office software to create documents. Or what if your company grows so large, that the amount of documents created becomes just as large? Or maybe your company runs too many various projects, and it is easy to get lost in all these documents? What if you want to keep records of meetings, lay out ideas for general discussion, make plans for projects, arrange surveys? What if you want to keep a history of changes and have separate permissions? And maybe also you require the ability to download from the system, for example, in PDF format? In this case we need some kind of a portal, a knowledge base, something in the wiki format. The Confluence project from the Australian company Atlassian will be suitable to solve such problems.
Checking the requirements
Before installation, check the minimum requirements:
- root access; Linux and Windows operating systems(OS) ;
- DBMS PostgreSQL version 9.6, MySQL version 5.6.16 and 5.7. NOTE: MariaDB, Oracle 12c, Microsoft SQL Server 2012 and above are not supported;
- 2GB of RAM is enough to run the system, but 6GB is a minimum requirement;
- at least 10GB of hard drive space;
- quad-core 2GHz processor;
- all browsers are supported except Internet Explorer 11 and below.
More information about the requirements can be found on the official project documentation page. Concerning the hardware, it all depends on the number of people using the system simultaneously, on document editing, as well as numerous other parameters. Approximate calculations for the hardware can be found here.
We will use CentOS 7, as it is a well-proven server solution. We will use PostgreSQL 9.6 as a DBMS. There are several ways to install Confluence, we will use the installer. You can familiarize yourself with other installation methods on the official page.
Preconfiguration
First, let's install some convenient packages:
# yum install epel-release mc net-toolsCreate supp user:
# adduser suppAnd set a password for it:
# passwd suppThen restrict access to the server only for our user via ssh. To do this, edit the /etc/ssh/sshd_config file
Uncomment the line
PermitRootLogin noAnd add
AllowUsers suppNow restart the SSH daemon:
# systemctl restart sshdYou can log in as our new user and proceed with the installation.
PostgreSQL Installation
We have already decided that we will use PostgreSQL 9.6. Unfortunately, the standard CentOS 7 repositories only have version 9.2.24
$ sudo yum install https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
$ sudo yum install postgresql96 postgresql96-server
$ sudo /usr/pgsql-9.6/bin/postgresql96-setup initdb
$ sudo systemctl enable postgresql-9.6
$ sudo systemctl start postgresql-9.6Then edit the /var/lib/pgsql/9.6/data/pg_hba.conf file and at the beginning of the “IPv4 local connections” section add the line:
host confluence confluenceuser 127.0.0.1/32 md5Create the confluenceuser user and the confluence database:
$ sudo su
# su postgres
$ psql
postgres=# CREATE ROLE confluenceuser WITH LOGIN PASSWORD 'your_password' VALID UNTIL 'infinity';
CREATE ROLE
postgres=# CREATE DATABASE confluence WITH ENCODING='UTF8' OWNER=confluenceuser
CONNECTION LIMIT=-1;
CREATE DATABASE
postgres-# \qOf course, you should use your own password instead, it should be long and contain various characters. Restart PostgreSQL to apply the settings in the pg_hbafile.conf file:
$ systemctl restart postgresql-9.6 Firewall configuration
In CentOS 7firewalld is usedby default, I advise not to refuse it and spend some of your time to figure it out. Confluence uses port 8090 to access the system. Let'sadd it:
$ sudo firewall-cmd --permanent --add-port=8090/tcp
$ sudo firewall-cmd --reloadIf you, however, use the old-fashioned iptables, then:
$ sudo yum -y install iptables-services
$ sudo systemctl stop firewalld
$ sudo systemctl disable firewalld
$ sudo iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$ sudo iptables -A INPUT -s 0.0.0.0/0 -p TCP --dport 8090 -j ACCEPT
$ sudo iptables -A INPUT -s 0.0.0.0/0 -p TCP --dport 22 -j ACCEPT
$ sudo iptables -P INPUT DROP
$ sudo iptables -P FORWARD DROPor if your last rule prohibits everything, then enter a command where num_line is a number of a line where the rule will be inserted:
$ sudo iptables -I INPUT num_line -s 0.0.0.0/0 -p TCP --dport 8090 -j ACCEPT
$ sudo iptables-save > /etc/sysconfig/iptablesCheck the rules:
$ sudo iptables -L -n -vConfluence installation
First, download the installer from the official website. Current version of Confluence is 7.0.1. Before installing, do not forget to allow the execution of the file:
$ chmod a+x atlassian-confluence-7.0.1-x64.binDuring installation, a lot of information is displayed, here are the main points:
$ sudo ./atlassian-confluence-7.0.1-x64.bin
Installing fontconfig...
Installed:
fontconfig.x86_64 0:2.13.0-4.3.el7
Complete!
Unpacking JRE ...
Starting Installer ...
This will install Confluence 7.0.1 on your computer.
OK [o, Enter], Cancel [c]
o
Click Next to continue, or Cancel to exit Setup.
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (uses default settings) [1],
Custom Install (recommended for advanced users) [2, Enter],
Upgrade an existing Confluence installation [3]
2
Select the folder where you would like Confluence 7.0.1 to be installed,
then click Next.
Where should Confluence 7.0.1 be installed?
[/opt/atlassian/confluence]
/home/atlassian/confluence
Default location for Confluence data
[/var/atlassian/application-data/confluence]
/home/atlassian/application-data/confluence
Confluence can be run in the background.
You may choose to run Confluence as a service, which means it will start
automatically whenever the computer restarts.
Install Confluence as Service?
Yes [y, Enter], No [n]
y
Please wait a few moments while Confluence starts up.
Launching Confluence ...
Installation of Confluence 7.0.1 is complete
Your installation of Confluence 7.0.1 is now ready and can be accessed via
your browser.
Confluence 7.0.1 can be accessed at http://localhost:8090
Finishing installation …As you can see, we used the advanced installation option and reassigned the Confluence installation location. If you just hit Enter on all steps, then the default folder for Confluence itself is /opt/atlassian / confluence. The default folder for storing data and plugins is /var/atlassian/application-data/confluence.
As you can see in the end, we can go to the address http://localhost:8090 to continue the installation, instead of localhost, you can use, for example, the external ip address of our server.
Choose your language. As you can see, here we are offered to install a trial version or a working one. Choose the second option (Production Installation).
At this stage, it is proposed to install additional services, we did not purchase anything separately, so continue the installation.
At this stage it is necessary to obtain a license key. You can start with a 30 days trial version. After the end of the trial you can purchase the software. To do this, click “Create an account” on the official website to create an atlassian account. After the registration the window pops up, in which we can obtain a license:
The server ID must be copied to the “Server ID" field. After receiving the license key, enter it into the form and continue the installation.
Everything is clear here, select "My database".
Accordingly, you need to enter your data to connect to the PostgreSQL database.
Here, for the first example, I recommend you to set the website sample. You can always delete this test space.
First account creation. The user name and everything else can be changed in the future.
This could be the end of this article, but we still have something to tell you.
Security
On the official website there are many improvements on security for Confluence. We will consider one of the key improvements.
By default, Confluence works over HTTP, which means all your data will be transmitted unencrypted. If your server is only in the local network and does not have access to the Internet, you can leave this unchanged, but in other cases, we strongly recommend using HTTPS.
We are offered various options for using HTTPS, we will consider the option of using NGINX over HTTPS and between NGINX and Confluence - HTTP. This option is acceptable for us, since NGINX is located on the same server. We will also not use the context path (example.com/confluence). Let's Encrypt will be our certification authority. For installation we will use Certbot.
Let's start with installing NGINX. By default, CentOS 7 uses the old version of NGINX, so let's connect the repositories and install the latest version. Go to the official website and follow the instructions:
Install the packages needed to connect the yum repository and create a file named /etc/yum.repos.d/nginx.repo:
$ sudo yum install yum-utils
$ sudo vi /etc/yum.repos.d/nginx.repoAdd the following content to the /etc/yum.repos.d/nginx.repo file:
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key$sudo yum install -y nginx
$sudo systemctl enable nginx
$sudo systemctl start nginxNow edit the NGINX configuration file:
$ sudo vi /etc/nginx/conf.d/default.confserver {
server_name your_domain;
listen 443 default ssl;
ssl_certificate /etc/letsencrypt/live/your_domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-
ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-
SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-
SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-
ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-
CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-
GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
server {
listen 80;
server_name your_domain;
return 301 https://$server_name$request_uri;
}You only need to replace your_domain with your domain name.
Now you need to perform Confluence-related configurations. First make edits in Tomcat. Find the installation-directory/conf/server.xml file. We installed our server in the /home/atlassian/confluence directory, the default directory is /opt/atlassian/confluence. In that directory look for a ./conf/server.xml file. First, let's comment out the default connector:
===========================================================
DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.
If using a http/https proxy, comment out this connector.
===========================================================
< Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"/ >Commenting is done by adding < !-- in the beginning and --> in the end of the text (without spaces). Then uncomment the connector for our connection type and make changes:
HTTP - Proxying Confluence via Apache or Nginx over HTTP
If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.
Make sure you provide the right information for proxyName and proxyPort.
For more information see:
Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/TgSvEg
===============================================================
-->
< Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" proxyName="your_domain" proxyPort="443"/>Now restart Confluence:
$ sudo /etc/init.d/confluence restartOr this way:
$ sudo /etc/init.d/confluence stop
$ sudo /etc/init.d/confluence startNext, let's configure firewall. Do you remember that we allowed port 8090 access?
$ sudo firewall-cmd --permanent --remove-port=8090/tcp
$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https
$ sudo firewall-cmd --reloadNow let's install Certbot. Click on the link to select on your own or use the instructions below. In the console, enter the following commands:
$ sudo yum -y install yum-utils
$ sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
$ sudo yum install certbot python2-certbot-nginx
$ sudo certbot certonly --nginx -d your_domainCertificates from Let's Encrypt are issued for 3 months, then it is necessary to renew them again. To automatically renew the certificate add to cron by running the following command:
$ sudo echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew" | sudo tee -a /etc/crontab > /dev/nullRestart nginx:
$ sudo systemctl restart nginxAll what's left to do is to correct the "Server Base URL" parameter. Let's now access our website via the domain name. Go to Administration (gear icon in the top right corner) - > General Settings - > Website Settings - > Server Base URL.
This completes the installation.
Conclusion
It wasn't hard, was it? The license costs only 10 USD for a team of 10 people, moreover, they provide discounts for budgetary organizations. It is written in wiki that they may provide it completely free of charge for non-profit organizations. Given the huge functionality, you can consider it free.
Confluence seems very complicated at first, but after a while you realize that it is very convenient and you start writing everything you have to work with in it. There is a huge number of features and pre-made templates. The system really facilitates the work, which can be confirmed by many companies, including ours. To start writing is the only major problem here. But we will help you with that. A small step is enough to start. First, let's create a space "Spaces - > Create space".
Now create a blank page and write about your Confluence installation experience. Create another page with the “Problem solving " template and list all the problems you encountered during the installation. It's a small step, but it's the first step of a long path.
