Improve Linux installation documentation

XMLWordPrintable

      NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion.

      The Linux installation documentation could use some attention.

      From a customer request:
      What we need is a better step-by-step "production" Confluence-Standalone installation procedures for Linux. Existing procedures are documented in several places:

      Database Setup For MySQL - Confluence Docs 3.1 - Atlassian Documentation - Confluence.URL
      Start Confluence automatically on Linux & Unix - Confluence Docs 3.1 - Atlassian Documentation - Confluence.URL
      Installing Confluence Standalone on Unix or Linux - Confluence Docs 3.1 - Atlassian Documentation - Confluence.URL
      Running Confluence behind Apache - Confluence Docs 3.1 - Atlassian Documentation - Confluence.URL

      We found that the basic instructions were great at helping us get to a rudimentary install http://server:8080/. What is unclear is how best to secure the installation.

      For example, we did:

      chown -R confluence.confluence /usr/local/confluence
      chown -R confluence.confluence /usr/local/confluence-data

      It was unclear how to check the CHMOD settings in these folders to be sure they conform to known best-practices for securing a Confluence installation. Some discussion of best-practices would be reassuring.

      In the area of starting Confluence automatically, it should be stressed that creating the script /etc/init.d/confluence, the following issues can occur:

      This sequence of commands starts Confluence as user "confluence". When logged as root, do not use /usr/local/confluence/bin/startup.sh as this starts a second instance of Confluence as user "root". There are no obvious error messages when this is done, other than the "startup.sh" script will change the ownership of certain files so that Confluence will not subsequently start as user "confluence" until a series of "CHOWN -R" commands are performed on /usr/local/confluence and /usr/local/confluence-data.

      chkconfig --add confluence
      chkconfig confluence on
      /etc/init.d/confluence start

      Proxying using Tomcat does not work on RHEL 5.4. Apache was running under user/group "apache.apache" while confluence was running under user "confluence.confluence". It's not clear if this is the source of this problem or the ways things should be for good security practice. We're currently stuck with "http://server:8080/ after weeks of fiddling. There should be discussion about best practices for changing the ports.

            Assignee:
            Unassigned
            Reporter:
            Jeremy Largman
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: