NightyKnight/Enable HTTPS for Fisheye

## Enable HTTPS for Fisheye
# I add this here to assist future travelers secure their Fisheye/Crucible instance. Don't bother trying to get
# Tomcat working with this server as I wasted a lot of time trying to get it working. A reverse proxy is a
# million times easier than working with jetty.

#Instance Directory
/app/atlassian/fisheyecrucible-data/
#Install Directory
/app/atlassian/fecru-4.6.0

# Go to the Admin page
http://fecru.test:8060/admin/login-default.do

# From the left hand menu select Global -> Server
# Under Web Server click the Edit Settings button
# Feel free to choose whatever ports you want, as long as they are available.
# I would choose 443 to avoid having to remember port numbers

	Proxy scheme
	https
	Proxy host
	example.com
	Proxy port
	443
	Site URL
	https://example.com

#Reset Fisheye Admin Password
https://confluence.atlassian.com/fisheye046/how-to-reset-the-administration-page-password-in-fisheye-or-crucible-966665501.html

#NGINX Config

server {

    listen 443 ssl;
    server_name example.com;

    ssl_certificate           /etc/nginx/ssl/example.com.pem;
    ssl_certificate_key       /etc/nginx/ssl/example.com.key;

    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    access_log            /var/log/nginx/fisheye.access.log;

    location / {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      proxy_pass          http://localhost:8060;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:8060 https://example.com;
    }
  }

#Set selinux policy
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P nis_enabled 1
sudo semanage port -a -t http_port_t -p tcp 443
sudo semanage port -a -t http_port_t -p tcp 8060

#SELinux Troubleshooting
sudo grep denied /var/log/audit/audit.log
#Grab the ID similar to the one below and swap it before running the below command
sudo grep 1585600889.857:39428 /var/log/audit/audit.log | audit2why

Reference:
https://www.nginx.com/blog/using-nginx-plus-with-selinux/
	# I add this here to assist future travelers secure their Fisheye/Crucible instance. Don't bother trying to get
	# Tomcat working with this server as I wasted a lot of time trying to get it working. A reverse proxy is a
	# million times easier than working with jetty.

	#Instance Directory
	/app/atlassian/fisheyecrucible-data/
	#Install Directory
	/app/atlassian/fecru-4.6.0

	# Go to the Admin page
	http://fecru.test:8060/admin/login-default.do

	# From the left hand menu select Global -> Server
	# Under Web Server click the Edit Settings button
	# Feel free to choose whatever ports you want, as long as they are available.
	# I would choose 443 to avoid having to remember port numbers

	Proxy scheme
	https
	Proxy host
	example.com
	Proxy port
	443
	Site URL
	https://example.com

	#Reset Fisheye Admin Password
	https://confluence.atlassian.com/fisheye046/how-to-reset-the-administration-page-password-in-fisheye-or-crucible-966665501.html

	#NGINX Config

	server {

	listen 443 ssl;
	server_name example.com;

	ssl_certificate /etc/nginx/ssl/example.com.pem;
	ssl_certificate_key /etc/nginx/ssl/example.com.key;

	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_protocols TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
	ssl_prefer_server_ciphers on;

	access_log /var/log/nginx/fisheye.access.log;

	location / {

	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	proxy_pass http://localhost:8060;
	proxy_read_timeout 90;

	proxy_redirect http://localhost:8060 https://example.com;
	}
	}

	#Set selinux policy
	sudo setsebool -P httpd_can_network_connect 1
	sudo setsebool -P nis_enabled 1
	sudo semanage port -a -t http_port_t -p tcp 443
	sudo semanage port -a -t http_port_t -p tcp 8060

	#SELinux Troubleshooting
	sudo grep denied /var/log/audit/audit.log
	#Grab the ID similar to the one below and swap it before running the below command
	sudo grep 1585600889.857:39428 /var/log/audit/audit.log \| audit2why

	Reference:
	https://www.nginx.com/blog/using-nginx-plus-with-selinux/
No results found