Youtrack behind Apache proxy over SSL

This guide shows how to run a local copy of Youtrack behind Apache SSL proxy on a public accessible domain.

Youtrack Installation

Download the Youtrack jar file and place it in your homedir on the target server. Then create a youtrack user and group and move the jar to this user's homedir:

$ sudo adduser --disabled-password youtrack
# Answer the questions ...
$ sudo mv youtrack-<VERSION>.jar /home/youtrack/
$ sudo chown youtrack /home/youtrack/youtrack-4.2.1.jar

Next we need to alter Youtrack's internal configuration file to force the server to listen only on localhost:

$ sudo su - youtrack
$ mkdir youtrack
$ cd youtrack
$ jar xf ../youtrack-*.jar
$ vi jetbrains/mps/webr/standalone/runtime/standalone.xml
# Add the following line after "<Set name="port">8081</Set>"
<Set name="host">localhost</Set>

Next recreate the jar file, make sure that the original Youtrack jar is not in your working directory:

$ cp META-INF/MANIFEST.MF Manifest.txt
$ jar cfm ../youtrack-<VERSION>-repack.jar Manifest.txt *
$ cd ..
$ ls -hl

Check that you now have 2 jar files named youtrack-<VERSION>.jar and youtrack-<VERSION>-repack.jar with roughly equal filesize. You can now start Youtrack to check that your modifications worked:

$ screen
$ java -jar youtrack*-repack.jar 9090
$ curl -I http://localhost:9090

The curl command should output an empty page with a Location header, it can take a while to execute because Youtrack is initialises itself upon the first request.

Apache configuration

Create and open /etc/apache2/sites-enabled/ssl-bugs:

$ vi /etc/apache2/sites-enabled/ssl-bugs

And paste the following configuration

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName bugs.mydomain.com
    ServerAlias bugs

    DocumentRoot /home/youtrack

    <Location />
            SSLRequireSSL

            Header edit Location ^http: https:
    </Location>

     ProxyRequests Off
     ProxyPass / http://localhost:9090/
     ProxyPassReverse / http://localhost:9090/

   ErrorLog /var/log/apache2/ssl_bugs-error.log
    LogLevel warn
    CustomLog /var/log/apache2/ssl_bugs-access.log combined

    SSLEngine on
    SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    SSLCertificateFile /etc/ssl/certs/STAR_mydomain.com.crt
    SSLCertificateKeyFile /etc/ssl/private/STAR_mydomain.com.key.nopass
    SSLCertificateChainFile /etc/ssl/certs/AddTrustExternalCARoot.crt
    SSLCertificateChainFile /etc/ssl/certs/PositiveSSLCA2.crt
</VirtualHost>
</IfModule>

This will proxy requests to https://bugs.mydomain.com to Youtrack, and will also rewrite Location headers to use https. Restart apache to apply changes:

$ sudo service apache2 reload

Configure Youtrack (first time only)

Visit your Youtrack url https://bugs.mydomain.com, a welcome screen will appear where you can configure Youtrack. For now the only important configuration flags are Base URL set it to https://bugs.mydomain.com and the root password, set it to something secure!