Deploying Confluence on Compute Engine and Cloud SQL

This tutorial shows how to deploy Atlassian Confluence Server Edition on Google Cloud, using Compute Engine and using Cloud SQL as the MySQL database. This tutorial is intended for admins who are responsible for installing and configuring Confluence. This tutorial assumes that you have a basic familiarity with Cloud Shell, Cloud SQL, Compute Engine, and the Linux command line.

The following diagram shows the deployment architecture you use to install Confluence.

Diagram of confluence deployment on Google Cloud

The primary Confluence app server runs on a Compute Engine instance. That instance is securely connected to an instance of Cloud SQL for MySQL by using the Cloud SQL Proxy tool running on the same virtual machine (VM) as Confluence.

Objectives

  • Create a Linux CentOS 7 VM to install Confluence version 6.14.
  • Create a Cloud SQL for MySQL version 5.6 instance for Confluence to connect to.
  • Configure Confluence to run as a service. Enable access to the Confluence service using HTTPS.

Costs

This tutorial uses the following billable components of Google Cloud:

To generate a cost estimate based on your projected usage, use the pricing calculator. New Google Cloud users might be eligible for a free trial.

When you finish this tutorial, you can avoid continued billing by deleting the resources you created. For more information, see Cleaning up.

Before you begin

  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. In the Cloud Console, on the project selector page, select or create a Cloud project.

    Go to the project selector page

  3. Make sure that billing is enabled for your Google Cloud project. Learn how to confirm billing is enabled for your project.

  4. Enable the Cloud SQL, App Engine, and Compute Engine APIs.

    Enable the APIs

  5. Make sure you have a license key for Confluence Server Edition or sign-up for a trial.
  6. Make sure you have a domain name registered for your Confluence site. For example, you can use Google Domains.

Setting up your environment

In this section, you configure the infrastructure and identities that are required in order to complete the tutorial.

Start a Cloud Shell instance

In this tutorial, you run all the commands from Cloud Shell.

Configure a service account

The next step is to create a service account to delegate permissions to Confluence so that Confluence can access data in Cloud SQL.

  1. In Cloud Shell, create the service account:

    gcloud iam service-accounts create confluence-service-account \
        --display-name confluence-service-account
    
  2. Store the service account email address, current project ID, and default zone in environment variables for use in later commands. For [ZONE], choose the zone that's geographically closest to you.

    export SA_EMAIL=$(gcloud iam service-accounts list \
        --filter="displayName:confluence-service-account" \
        --format='value(email)')
    export PROJECT=$(gcloud info \
        --format='value(config.project)')
    export ZONE=[ZONE]
    

    To see a list of zones, run the following command:

    gcloud compute zones list
    
  3. Bind the roles/cloudsql.client role to your service account:

    gcloud projects add-iam-policy-binding $PROJECT \
        --role roles/cloudsql.client \
        --member serviceAccount:$SA_EMAIL
    

Creating an instance of Cloud SQL for MySQL

For this tutorial, you set up Confluence to use a MySQL database. Rather than installing MySQL yourself, you use Cloud SQL, which provides a managed version of MySQL.

  1. In Cloud Shell, create an instance of Cloud SQL with MySQL as the database. The following command uses the name mysql-confluence-instance as the name of the instance. You can use a different name; if you do, make a note of it, because you need this name in later steps.

    gcloud sql instances create mysql-confluence-instance \
        --database-version MYSQL_5_6 --zone $ZONE
    

    The properties of the new instance are displayed:

    NAME                       DATABASE_VERSION  LOCATION    TIER              STATUS
    mysql-confluence-instance  MYSQL_5_6         us-east1-d  db-n1-standard-1  RUNNABLE
    
  2. Set the password for the root@% MySQL user. If you didn't use the name mysql-confluence-instance for the Cloud SQL instance, be sure that you use the name you used earlier. For [PASSWORD], substitute a strong password.

    gcloud sql users set-password root \
        --host=% --instance=mysql-confluence-instance \
        --password=[PASSWORD]
    

Creating the Compute Engine instance and instance group

You create a Compute Engine instance to deploy Confluence. You add the new instance to an instance group so you can use an HTTPS load balancer in a later step.

Create the Compute Engine instance

For this tutorial, you use the default machine type of n1-standard-1 and Linux CentOS for your Compute Engine instance.

  • In Cloud Shell, create a Compute Engine instance on which you can install Confluence software. For this tutorial, you name the instance confluence-instance.

    gcloud config set compute/zone $ZONE
    
    gcloud compute instances create confluence-instance \
        --image-family centos-7 \
        --image-project centos-cloud \
        --tags=confluence-server \
        --service-account $SA_EMAIL \
        --scopes cloud-platform
    

    The properties of the new instance are displayed:

    NAME                 ZONE        MACHINE_TYPE   PREEMPTIBLE    STATUS
    confluence-instance  us-east1-d  n1-standard-1                 RUNNING
    

For more information about operating systems and machine types for Confluence, see the following Atlassian pages:

Create an instance group and add the Compute Engine instance

You can now create an instance group and add the confluence-instance VM.

  1. In Cloud Shell, create an instance group:

    gcloud compute instance-groups unmanaged create \
        confluence-resources \
        --zone $ZONE
    
  2. Add the Compute Engine instance to the instance group:

    gcloud compute instance-groups unmanaged add-instances \
        confluence-resources \
        --instances confluence-instance \
        --zone $ZONE
    

Installing Confluence software

In this section, you configure the Compute Engine instance and complete the Confluence installation.

Connect to the Compute Engine instance

In order to configure the instance settings, you establish an SSH connection to your instance. You maintain this connection until it's disconnected later in the tutorial. You run all commands from this Cloud Shell connection.

  • In Cloud Shell, connect to your instance:

    gcloud compute ssh confluence-instance
    

Compute Engine generates an SSH key and adds the generated key to the project or instance metadata.

Install required packages

In the Compute Engine instance, you need to install tools that let you work with Confluence and with MySQL in later steps.

  1. At the command line of your instance, install wget:

    sudo yum -y install wget
    
  2. Install the MySQL client on the instance:

    sudo yum -y install mysql
    

Download the software installer and install Confluence software

  1. At the command line of your instance, download the Confluence installer from Atlassian:

    wget https://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-6.14.1-x64.bin
    
  2. Make the installer file executable:

    chmod a+x atlassian-confluence-6.14.1-x64.bin
    
  3. Run the installer. You must perform this step using sudo, which gives you the option to install Confluence as a service during the installation process.

    sudo ./atlassian-confluence-6.14.1-x64.bin
    

    Enter the following values during the installation process:

    • Installation option: choose Custom Install (option 2)
    • Installation directory: /opt/atlassian/confluence
    • Confluence data directory: /var/atlassian/application-data/confluence
    • TCP ports: HTTP: 8090, Control: 8000
    • Install as service: y
    • Start Confluence: n. You don't want to start Confluence yet, because there are steps remaining.
  4. Clean up by removing the installer file:

    rm atlassian-confluence-6.14.1-x64.bin
    

Configuring a connection for Confluence to Cloud SQL for MySQL

This section describes how to use the MySQL client to connect to Cloud SQL for MySQL, the database used by Confluence.

Download MySQL Connector/J

Confluence connects to a database using a JDBC database connection. The MySQL Connector is the official JDBC driver for MySQL. This tutorial uses version 5.1.46 of the MySQL Connector.

  1. At the command line of your Confluence instance, download the MySQL Connector:

    wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.46.tar.gz
    
  2. Uncompress the tar file:

    tar -xzf mysql-connector-java-5.1.46.tar.gz
    
  3. Copy the file to /opt/atlassian/confluence/lib:

    sudo cp ./mysql-connector-java-5.1.46/mysql-connector-java-5.1.46-bin.jar /opt/atlassian/confluence/lib/.
    
  4. Clean up by removing the tar file:

    rm -rf mysql-connector-java-5.1.46d \
    mysql-connector-java-5.1.46.tar.gz
    

Install Cloud SQL Proxy on the Compute Engine instance

Cloud SQL Proxy helps to provide secure access to Cloud SQL for the MySQL instance.

  1. At the command line of your instance, download the proxy:

    wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
    
  2. Make the proxy executable:

    chmod +x cloud_sql_proxy
    
  3. Copy the proxy binary to a local directory:

    sudo cp cloud_sql_proxy /usr/local/bin/.
    

Running Confluence as a service

Running Confluence as a service lets Confluence start automatically whenever the computer restarts.

  1. At the command line of your instance, create a new file called cloud_sql_proxy.service:

    sudo vi /usr/lib/systemd/system/cloud_sql_proxy.service
    
  2. Add the following configuration to the file. Replace [PROJECT_ID] with your Google Cloud project ID, and replace [REGION] with the region you are using, for example, us-east1. If you didn't use the name mysql-confluence-instance for the Cloud SQL instance, substitute your name.

    [Unit]
    Description=Google Cloud SQL Proxy
    After=network.service
    
    [Service]
    User=root
    Type=forking
    WorkingDirectory=/usr/local/bin
    ExecStart=/bin/sh -c '/usr/bin/nohup /usr/local/bin/cloud_sql_proxy -instances=[PROJECT_ID]:[REGION]:mysql-confluence-instance=tcp:3306 &'
    RemainAfterExit=yes
    StandardOutput=journal
    KillMode=process
    
    [Install]
    WantedBy=multi-user.target
    
  3. Save and exit the file.

  4. Create a new file called confluence.service:

    sudo vi /usr/lib/systemd/system/confluence.service
    
  5. Add the following configuration to the file:

    [Unit]
    Description=Confluence Service
    Requires=cloud_sql_proxy.service
    After=network.target iptables.service firewalld.service httpd.service
    
    [Service]
    Type=forking
    User=root
    ExecStart=/opt/atlassian/confluence/bin/start-confluence.sh
    ExecStop=/opt/atlassian/confluence/bin/stop-confluence.sh
    ExecReload=/opt/atlassian/confluence/bin/stop-confluence.sh | sleep 60 | /opt/atlassian/confluence/bin/stop-confluence.sh
    
    [Install]
    WantedBy=multi-user.target
    
  6. Save and exit the file.

  7. Enable the Confluence and Cloud SQL Proxy services:

    sudo systemctl daemon-reload
    sudo systemctl enable confluence
    sudo systemctl enable cloud_sql_proxy
    
  8. Start the services:

    sudo systemctl start confluence
    

    You only need to start the Confluence service. The proxy service is dependent on the Confluence service, and it automatically starts after the Confluence service has started.

  9. Check the status of the services:

    sudo systemctl status confluence
    sudo systemctl status cloud_sql_proxy
    

    If the status is green and says active (running), the service is active and running. If the status is inactive, try reloading the services again in a few minutes:

    sudo systemctl daemon-reload
    

Starting the MySQL session

This section shows how to create a MySQL user and password and how to create a MySQL database to connect Confluence to during the setup process.

  1. At the command line of your instance, start a MySQL session:

    mysql -u root -p --host 127.0.0.1 -P 3306
    

    When the session is ready, you see the mysql prompt.

  2. Create the database. Substitute [DATABASE_NAME] for your database name. For information on naming, see MySQL's database creation guide.

    CREATE Database [DATABASE_NAME] CHARACTER SET utf8 COLLATE utf8_bin;
    
  3. Create a non-root user and set the user's password. Replace [USERNAME] for your username and [PASSWORD] with your password.

    CREATE USER '[USERNAME]'@'%' IDENTIFIED BY '[PASSWORD]';
    
  4. Grant the user all privileges:

    GRANT ALL PRIVILEGES ON [DATABASE_NAME] . * TO '[USERNAME]'@'%';FLUSH PRIVILEGES;
    
  5. Exit the MySQL session:

    EXIT;
    
  6. Close the SSH connection to the instance:

    exit
    

Creating and configuring the HTTPS load balancer

The next step is to create an HTTPS load balancer in order to secure traffic to the Confluence instance. At the time of writing, running Confluence over HTTPS is outside of the scope of Atlassian support. Therefore, you use an HTTPS load balancer with the Confluence instance. For more information on configuring HTTPS, see Running Confluence over SSL or HTTPS.

Create a global static IP address

Global static external IP addresses are the external IP addresses that your customers use to reach the load balancer.

  • In Cloud Shell, create a global static external IP address for your load balancer:

    gcloud compute addresses create lb-ip \
        --global
    

Configure the load balancing service

The next step is to configure the load balancer.

  1. In Cloud Shell, create a named port:

    gcloud compute instance-groups unmanaged set-named-ports \
        confluence-resources \
        --named-ports http:8090 \
        --zone $ZONE
    

    When the port is configured, the load balancing service forwards traffic to the named port.

  2. Create a health check:

    gcloud compute health-checks create tcp confluence-health \
        --port 8090
    
  3. Create a backend service using the confluence-health health check. The timeout is configured to 300 seconds to allow time for the installation process to complete. This value is changed to 30 seconds after the installation is complete.

    gcloud compute backend-services create confluence-app \
        --protocol http \
        --health-checks confluence-health \
        --timeout 300 \
        --global
    
  4. Add your instance group as a backend to the backend service:

    gcloud compute backend-services add-backend confluence-app \
        --instance-group confluence-resources \
        --instance-group-zone $ZONE \
        --global
    
  5. Create a default URL map that directs all incoming requests to your instances:

    gcloud compute url-maps create confluence-app \
        --default-service confluence-app
    

Create a firewall rule

To allow traffic for working with the Confluence service, you configure the firewall.

  • Create a firewall rule to allow traffic from the load balancer to the confluence-instance instance:

    gcloud compute firewall-rules create confluence-lb-allow \
        --action=ALLOW \
        --rules=tcp:8090 \
        --source-ranges=130.211.0.0/22,35.191.0.0/16 \
        --target-tags=confluence-server
    

Create a Google-managed SSL certificate resource

To support HTTPS traffic, you need an SSL certificate. In this section, you add a Google-managed SSL certificate. (This feature is currently in beta.) If you want to use a different SSL certificate, see create SSL certificate resource.

Google-managed SSL certificates are automatically renewed in advance of their expiration date. For more information on the renewal process, see Google-managed SSL certificate resource status.

  • In Cloud Shell, create a Google-managed SSL certificate resource. Replace [DOMAIN] with your domain.

    gcloud beta compute ssl-certificates create confluence-cert \
        --domains [DOMAIN]
    

Configure HTTPS routing

You can now configure routing to send Confluence traffic to the proxy.

  1. Create a target HTTPS proxy to route requests to your URL map:

    gcloud compute target-https-proxies create https-lb-proxy \
        --url-map confluence-app --ssl-certificates confluence-cert
    
  2. Get the static external IP address of the load balancer:

    gcloud compute addresses list
    

    Make a note of the address because you need it in later steps.

  3. Create a global forwarding rule to route incoming requests to the proxy. Replace [LB_IP_ADDRESS] with the static external address you created and that you listed in the previous step.

    gcloud compute forwarding-rules create https-fwd-rule \
        --address [LB_IP_ADDRESS] \
        --global \
        --target-https-proxy https-lb-proxy \
        --ports 443
    

Add or update the DNS record

The next step is to add or update the DNS record for your domain so that traffic is directed from your domain to the load balancer.

  • At your registrar's site, add or update the DNS record for your domain so that it points to the static external IP address you created and that you made a note of earlier.

Confirm that the SSL certificate resource is active

The certificate resource provisioning takes several minutes.

  • Check the status of the process:

    gcloud beta compute ssl-certificates list
    

    Wait for the SSL resource to have ACTIVE status.

Connecting to Confluence in the browser

Now that you have installed Confluence, configured it to run as a service, and created a database for it, you can begin the setup process in a web browser window.

  1. In your web browser, go to https://[DOMAIN]. Replace [DOMAIN] with your domain.
  2. In the Confluence setup window, click Production Installation, and then click Next.
  3. Select any apps that are included in your license, and then click Next.
  4. Enter your license key and click Next.
  5. Click My own database and fill out the following:

    • Database type: MySQL
    • Setup type: By connection string
    • Database URL: jdbc:mysql://127.0.0.1:3306/[database name]?sessionVariables=tx_isolation='READ-COMMITTED'
    • User: the MySQL user you created
    • Password: the password for the MySQL user
  6. Click Test Connection to test your database connection with Confluence.

    The following image shows a successful connection.

    The database connection page that shows
example input values for the connection and a message at the bottom of the
page saying "Success! Database connected successfully.

You are now able to use Confluence on your database connection using Cloud SQL for MySQL. You can now complete the setup, including populating the site, choosing where to manage users, and creating your administrator account. For more details on setting up Confluence, see Atlassian's installation guide.

Update the load balancer timeout

Now that the installation is complete, you set the load balancer timeout back to the default value of 30 seconds.

  • Update the timeout for the confluence-app backend service:

    gcloud compute backend-services update confluence-app --timeout 30
    

Cleaning up

To avoid incurring charges to your Google Cloud Platform account for the resources used in this tutorial:

Delete the project

  1. In the Cloud Console, go to the Manage resources page.

    Go to the Manage resources page

  2. In the project list, select the project that you want to delete and then click Delete .
  3. In the dialog, type the project ID and then click Shut down to delete the project.

What's next