Jetbrains team tools availability on 1 public port
Hello,
I want to use jetbrains team tools. I have got a server where I run all tools and each tool listens on a different public port. However I am concert about security when it comes to this. I'd like to ask you, if it is possible to instead run a Hub that itself listens on a public port. Such Hub would manage access to other tools that would themselves run on private ports. In such way I would use all products with Hub.
Thank you,
Jan Hanus
Please sign in to leave a comment.
Hello, Jan Hanus!
The most straighforward way to use one port for all services is installing and configuring reverse (SSL-terminating) proxy in front of the services (Hub itself could not be used a single entry point to all services, it does provides all services with single-sign-on functionality, but it is not a proxy for them).
This way every service (Hub, YouTrack, Upsource, TeamCity) might be assigned with its own context in proxy configuration.
For instance, for nginx it would look like
location /youtrack {
...
proxy_pass http://<server.domain.local>:<youtrack.port>;
}
location /hub {
...
proxy_pass http://<server.domain.local>:<hub.port>;
}
...
All products should be reconfigured after proxy configuration was setup in order to apply new base-urls and context paths.
For instance, for YouTrack, Hub and Upsource configure command should be called before those are started:
<youtrack.installation.folder>/bin/<service>.sh configure --base-url=https://<proxy.host>:<proxy.port>/<service.context>
See details on how to setup SSL terminating proxy in front of the JetBrains team tools:
- YouTrack: https://www.jetbrains.com/help/youtrack/standalone/Reverse-Proxy-Configuration.html
- Hub: https://www.jetbrains.com/help/hub/Proxy-Configuration.html
- Upsource: https://www.jetbrains.com/help/upsource/proxy-configuration.html
- TeamCity: https://confluence.jetbrains.com/pages/viewpage.action?pageId=74845225#HowTo...-SetUpTeamCitybehindaProxyServer
Sincerely,
Alexey Barsov
JetBrains Developer