Running Confluence on Azure VM – Completing Azure VM install [3/4]

This is a multi-post guide on how to prepare and run Confluence in an Azure VM. While there are prebuilt images for Ubuntu available in Azure this guide will show how to deploy your own image.


As part of the Azure VM creation it was also assigned DNS for <your-domainname-withdash>.<azure-location> You can use this in a CNAME record on your own DNS domain. This is a pre-requirement to be able to register a Let’s Encrypt SSL certificate in part of the guide.

SSH into the VM using the DNS name <your-domainname-withdash>.<azure-location> If this fails you can alternatively use the public IP assigned to your VM in Azure.

Completing Ubuntu setup

# Prepare BASH environment with configuration options VM_HOSTNAME=<vm-name>-vm SSH_USERNAME=<your-username> POSTGRES_SYS_USERNAME=<postgres-username> POSTGRES_SYS_PASSWORD=<postgres-password> CONFLUENCE_DB_USERNAME=<confluence-username> CONFLUENCE_DB_PASSWORD=<confluence-password> CONFLUENCE_FQDN_DOMAIN=<your-fqdn-domainname> CONFLUENCE_KEYSTORE_PASSWORD=<confluence-keystore-password>
Code language: Bash (bash)

# FIX: Manually create Azure provisioning # See sudo hostnamectl set-hostname $VM_HOSTNAME cat << EOL | sudo tee /var/lib/waagent/ovf-env.xml <ns0:Environment xmlns:ns0="" xmlns:ns1="" xmlns:xsi=""> <ns1:ProvisioningSection> <ns1:Version>1.0</ns1:Version> <ns1:LinuxProvisioningConfigurationSet> <ns1:ConfigurationSetType>LinuxProvisioningConfiguration</ns1:ConfigurationSetType> <ns1:UserName></ns1:UserName> <ns1:DisableSshPasswordAuthentication>false</ns1:DisableSshPasswordAuthentication> <ns1:HostName>$VM_HOSTNAME</ns1:HostName><ns1:UserPassword></ns1:UserPassword></ns1:LinuxProvisioningConfigurationSet> </ns1:ProvisioningSection> <ns1:PlatformSettingsSection> <ns1:Version>1.0</ns1:Version> <ns1:PlatformSettings> <ns1:KmsServerHostname></ns1:KmsServerHostname> <ns1:ProvisionGuestAgent>true</ns1:ProvisionGuestAgent> <ns1:GuestAgentPackageName xsi:nil="true" /> <ns1:RetainWindowsPEPassInUnattend>true</ns1:RetainWindowsPEPassInUnattend> <ns1:RetainOfflineServicingPassInUnattend>true</ns1:RetainOfflineServicingPassInUnattend> <ns1:PreprovisionedVm>false</ns1:PreprovisionedVm> <ns1:EnableTrustedImageIdentifier>false</ns1:EnableTrustedImageIdentifier> </ns1:PlatformSettings> </ns1:PlatformSettingsSection> </ns0:Environment> EOL sudo service walinuxagent restart
Code language: Bash (bash)
# Add data disk (and verify that assigned letter before proceeding) lsblk -o NAME,HCTL,SIZE,MOUNTPOINT | grep "sd" sudo fdisk /dev/sdc # n -> p -> 1 -> default -> default -> p -> w sudo mkfs -t ext4 /dev/sdc1 sudo mkdir /data sudo mount /dev/sdc1 /data sudo blkid | grep sdc sudo vi /etc/fstab # /dev/disk/by-uuid/<uuid-for-datadisk> /data ext4 defaults,nofail 1 2 sudo reboot
Code language: Bash (bash)

Installing PostgreSQL

# Setup data directory sudo mkdir /data/postgres sudo chown postgres:postgres /data/postgres sudo chmod -R ugo+rw /data/postgres # Init PostgreSQL sudo -u postgres bash << EOF PGDATA=/data/postgres/ export PGDATA=/data/postgres/ echo "export PGDATA=/data/postgres/" >> ~/.bashrc /usr/lib/postgresql/10/bin/initdb EOF sudo -u postgres psql << EOF ALTER USER $POSTGRES_SYS_USERNAME WITH PASSWORD '$POSTGRES_SYS_PASSWORD'; CREATE USER $CONFLUENCE_DB_USERNAME WITH PASSWORD '$CONFLUENCE_DB_PASSWORD'; CREATE DATABASE confluence WITH OWNER = $CONFLUENCE_DB_USERNAME ENCODING = 'UTF8' CONNECTION LIMIT = -1; GRANT ALL PRIVILEGES ON DATABASE confluence TO $CONFLUENCE_DB_USERNAME; EOF sudo service postgresql stop sudo sed -i "/listen_addresses/clisten_addresses = '*'" /data/postgres/postgresql.conf sudo sed -i "/host all all\/32 trust/chost all all\/32 md5" /data/postgres/pg_hba.conf sudo sed -i "/host replication all\/32 trust/chost replication all\/32 md5" /data/postgres/pg_hba.conf sudo service postgresql start
Code language: Bash (bash)

Installing Confluence

# Setup AdoptOpenJDK JRE_HOME="/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64/" echo 'export JRE_HOME="/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64/"' >> ~/.bashrc
Code language: Bash (bash)
# Setup data directory sudo mkdir /data/confluence sudo chmod -R ugo+rw /data/confluence # Install Confluence # - Choose the appropriate installation or upgrade option? Custom # - Where should Confluence 7.11.0 be installed? Default location # - Default location for Confluence data? /data/confluence # - Configure which ports Confluence will use? Default # - Confluence can be run in the background? No # - Start Confluence now? No cd ~ sudo ./atlassian-confluence-7.11.0-x64.bin
Code language: Bash (bash)
# Update confluence user sudo mkhomedir_helper confluence sudo su - confluence JRE_HOME="/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64/" export JRE_HOME="/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64/" echo 'export JRE_HOME="/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64/"' >> ~/.bashrc exit
Code language: Bash (bash)
# Setup Confluence service sudo touch /lib/systemd/system/confluence.service sudo chmod a+rwx,u-x,g-x,o-wx /lib/systemd/system/confluence.service cat << EOL | sudo tee /lib/systemd/system/confluence.service [Unit] Description=Confluence After=postgresql.service [Service] Type=forking User=confluence PIDFile=/opt/atlassian/confluence/work/ ExecStart=/opt/atlassian/confluence/bin/ ExecStop=/opt/atlassian/confluence/bin/ TimeoutSec=200 LimitNOFILE=4096 LimitNPROC=4096 [Install] EOL sudo systemctl daemon-reload sudo systemctl enable confluence.service
Code language: Bash (bash)
# Setup Lets Encrypt certificate sudo certbot certonly --standalone # Setup Confluence certificate directory sudo mkdir /data/confluence/certs sudo chown confluence:confluence /data/confluence/certs sudo cp /etc/letsencrypt/live/$CONFLUENCE_FQDN_DOMAIN/fullchain.pem /data/confluence/certs sudo cp /etc/letsencrypt/live/$CONFLUENCE_FQDN_DOMAIN/privkey.pem /data/confluence/certs # Import certificates to Confluence keystore sudo /opt/atlassian/confluence/jre/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /data/confluence/certs/keystore.jks -keysize 2048 sudo openssl pkcs12 -export \ -in /data/confluence/certs/fullchain.pem -inkey /data/confluence/certs/privkey.pem \ -out /data/confluence/certs/privkey.p12 -name tomcat -CAfile fullchain.pem -caname root sudo /opt/atlassian/confluence/jre/bin/keytool \ -importkeystore -deststorepass $CONFLUENCE_KEYSTORE_PASSWORD \ -destkeypass $CONFLUENCE_KEYSTORE_PASSWORD -destkeystore /data/confluence/certs/keystore.jks \ -srckeystore /data/confluence/certs/privkey.p12 \ -srcstoretype PKCS12 -srcstorepass $CONFLUENCE_KEYSTORE_PASSWORD -alias tomcat sudo chown confluence:confluence /data/confluence/certs/keystore.jks # Config Confluence to use SSL sudo vi /opt/atlassian/confluence/conf/server.xml : ' <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="48" minSpareThreads="10" protocol="org.apache.coyote.http11.Http11Nio2Protocol" enableLookups="false" disableUploadTimeout="true" acceptCount="10" scheme="https" secure="true" clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true" URIEncoding="UTF-8" keystorePass="$CONFLUENCE_KEYSTORE_PASSWORD" keystoreFile="/data/confluence/certs/keystore.jks"/>
Code language: Bash (bash)
# Add network NAT for 443 to 8443 sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443 sudo iptables -t nat -L sudo sh -c "iptables-save > /etc/iptables.rules" sudo apt-get install iptables-persistent
Code language: Bash (bash)
# Start Confluence sudo systemctl start confluence.service sudo systemctl status confluence.service
Code language: Bash (bash)
# Cleanup os disk sudo apt-get clean sudo apt-get autoclean sudo apt-get autoremove
Code language: Bash (bash)

Completing Confluence setup

You should now be able to visit your Confluence at https://<your-fqdn-domainname> (which is restricted to your public IP). Alternatively use https://<your-domainname-withdash>.<azure-location>

Proceed by specifying the database connection and license details:

  • Type = By connection string
  • URL = jdbc:postgresql://localhost:5432/confluence

After setup has completed your Confluence website should now be ready for use.

In next step we’ll look at maintaining the VM:

Leave a Reply

Your email address will not be published. Required fields are marked *