Howto configure JetBrains YouTrack v3.0 on CentOS v5.x
JetBrains YouTrack Issuer Tracker on CentOS
This describes installing YouTrack on CentOS/EL using OpenJDK 1.6. The supported environments doesn't explicitly list OpenJDK. This document closely follows the JetBrains Installing Standalone YouTrack JAR as a Service on Linux documentation.
The YouTrack instance is used in combination with an Nginx/Varnish reverse proxy. The Nginx server provides TLS/SSL offload. Access the to YouTack instance is via https only.
Machine
The virtual machine use for deploying this instance
- CentOS v5.6 x86_64
- 768MB Memory
- 2 CPU's
- 6GB '/' (root) partition
- 1GB swap
- 8 GB '/srv' partition for YouTrack
YouTrack partition
The YouTrack server application comes as a binary blob. For simplicity this document describes putting it as a blob on it's own filesystem. It should be sized based on the expected growth given the projects being tracked by the server. Format the /srv partition with an ext4 filesystem:
# yum install e4fsprogs # mkfs.ext4 -L /srv /dev/xvdc1
Add the following mount entry to '/etc/fstab' and mount:
LABEL=/srv /srv ext4 defaults 1 2
youtrack user
Create you track user with a home directory on the '/srv' partition. The identity is a system account, with the home directory created on the '/srv' partition filesystem.
# adduser -c "YouTrack Server" -m -d /srv/youtrack -r youtrack
OpenJDK
Use the OpenJDK from the CentOS repository:
# yum install java-1.6.0-openjdk
Simple /etc/rc.local runner
su - youtrack -c \
"java -Xmx768m -Djava.awt.headless=true -jar youtrack-3.0.jar 8080"
# su - youtrack -c "mkdir -p ~/.youtrack/{bin,conf,doc,jdoc,lib,logs,src}"
Install Tanuki Wrapper
Use the Tanuki wrapper to run the java process as a service. The current version of this wrapper available for download as a binary non-RPM blob is v3.5.9. However for simplicity the binary RPM from JPackage could be used (as a standalone RPM without installing the repository) but it requires a later version of jpackage-utils.
I have taken the JPackage source rpm and tweaked the jpackage-util requirement from v1.7.4 to v1.7.3. The unsigned packages are available here.
# rpm -Uvh http://files.lucidsolutions.co.nz/linux/centos/tanukiwrapper/tanukiwrapper-3.2.3-6.RHL5.x86_64.rpm
Nginx reverse proxy
server {
listen [::]:80;
server_name youtrack.lucidsolutions.co.nz;
location / {
# redirect to secure page [permanent | redirect]
rewrite ^ https://youtrack.lucidsolutions.co.nz$request_uri? permanent;
}
}
server {
listen [::]:443;
server_name youtrack.lucidsolutions.co.nz;
keepalive_timeout 70;
ssl on;
# ssl_certificate certs/youtrack.lucidsolutions.co.nz.startssl.crt;
ssl_certificate certs/youtrack.lucidsolutions.co.nz.self-signed.crt;
ssl_certificate_key certs/youtrack.lucidsolutions.co.nz.key;
access_log /var/log/nginx/youtrack.lucidsolutions.co.nz.access.log main;
location / {
# proxy via the local varnish cache
proxy_pass http://localhost:6081/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
}
}
Varnish configration
backend YouTrack {
.host = "10.20.21.2";
.port = "8080";
}
else if ( req.http.host ~ "^youtrack.lucidsolutions.co.nz$" ) {
set req.backend = YouTrack;
}
Links
Appendices
OpenJDK Packages
=========================================================================================== Package Arch Version Repository Size =========================================================================================== Installing: java-1.6.0-openjdk x86_64 1:1.6.0.0-1.22.1.9.8.el5_6 updates 37 M Installing for dependencies: alsa-lib x86_64 1.0.17-1.el5 base 414 k freetype x86_64 2.2.1-28.el5_5.1 base 311 k giflib x86_64 4.1.3-7.3.3.el5 updates 39 k jpackage-utils noarch 1.7.3-1jpp.2.el5 base 61 k libX11 x86_64 1.0.3-11.el5 base 798 k libXau x86_64 1.0.1-3.1 base 18 k libXdmcp x86_64 1.0.1-2.1 base 19 k libXext x86_64 1.0.1-2.1 base 37 k libXi x86_64 1.0.1-4.el5_4 base 26 k libXrender x86_64 0.9.1-3.1 base 28 k libXtst x86_64 1.0.1-3.1 base 16 k libjpeg x86_64 6b-37 base 139 k libpng x86_64 2:1.2.10-7.1.el5_5.3 base 234 k tzdata-java x86_64 2011g-1.el5 updates 180 k xorg-x11-filesystem noarch 7.1-2.fc6 base 5.4 k Transaction Summary =========================================================================================== Install 16 Package(s) Upgrade 0 Package(s)
java-1.4.2-gcj-compa
=========================================================================================== Package Arch Version Repository Size =========================================================================================== Installing: java-1.4.2-gcj-compat x86_64 1.4.2.0-40jpp.115 base 29 k Installing for dependencies: antlr x86_64 2.7.6-4jpp.2 base 1.1 M atk x86_64 1.12.2-1.fc6 base 224 k bitstream-vera-fonts noarch 1.10-7 base 343 k cairo x86_64 1.2.4-5.el5 base 386 k cups-libs x86_64 1:1.3.7-26.el5_6.1 updates 195 k fontconfig x86_64 2.4.1-7.el5 base 175 k gjdoc x86_64 0.7.7-12.el5 base 886 k gnutls x86_64 1.4.1-3.el5_4.8 base 364 k gtk2 x86_64 2.10.4-21.el5_5.6 base 6.6 M hicolor-icon-theme noarch 0.9-2.1 base 25 k libICE x86_64 1.0.1-2.1 base 54 k libSM x86_64 1.0.1-3.1 base 28 k libXcursor x86_64 1.1.7-1.1 base 32 k libXfixes x86_64 4.0.1-2.1 base 15 k libXft x86_64 2.1.10-1.1 base 44 k libXinerama x86_64 1.0.1-2.1 base 9.8 k libXrandr x86_64 1.1.1-3.3 base 15 k libart_lgpl x86_64 2.3.17-4 base 75 k libgcj x86_64 4.1.2-50.el5 base 18 M libtiff x86_64 3.8.2-7.el5_6.7 updates 314 k pango x86_64 1.14.9-8.el5.centos.2 updates 338 k zip x86_64 2.31-2.el5 base 136 k Transaction Summary =========================================================================================== Install 23 Package(s) Upgrade 0 Package(s)
Java TLS SNI Issue
OpenJDK and YouTrack don't support TLS Server Name Indication (SNI). When YouTrack was setup to go to a TeamCity server with TLS SNI the following error message was produced. The workaround was to have the TeamCity web server available on the same URL, with a hosts file resolving the name to a Nginx reverse proxy server with only the correct certificate.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching teamcity.lucidsolutions.co.nz found. javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching teamcity.lucidsolutions.co.nz found.
