JetBrains Upsource: installation, configuration on Linux with NGINX and SSL and PyCharm integration

Upsource is a self-hosted service from JetBrains for code reviews by teams of developers which can be integrated with any IDE from JetBrains.

Is a Java-based application with Apache Cassandra as a backend for storing data and indexes.

Minima requirements – 8 GiB memory on a host – not surprise at all.

Up to 10 users is free for usage.

In this post – an installation and configuration example on an AWS EC2 instance and connection from PyCharm.

In front of Upsource will have NGINX with SSL from Let’s Encrypt.

NGINX and Let’s Encrypt client is already installed – check the TestRail: QA Test Case Management installation on Linux post for details.

Documentation is here>>>.

Installing Upsource

Create a new user:

Create a working directory:

Download an archive from the downloads page, unpack it:

Move content to the working directory:

Launch scripts located at the bin/ catalog:

Install Java:

Launch Upsource.

Use run command for tests-debug and start to run the application in the background. Other commands can be found with help:

For now – run with the run:

Looks like works – go to SSL.

Let’s Encrypt

Obtain a new certificate via standalone authenticator as there is no NGINX config for a new virtual host yet:

NGINX

Create the virtual host config, documentation is here>>>:

server {

    listen 80;
    server_name  upsource.example.com;

    # Lets Encrypt Webroot
    location ~ /.well-known {

    root /var/www/html;
        allow all;
    }

    location / {

        # office1
        allow 194.***.***.24/29;
        # office2
        allow 91.***.***.78/32;
        # arseny home
        allow 188.***.***.48/32;
        # unknown
        #allow 93.***.***.125/32;
        deny  all;

        return 301 https://upsource.example.com;
    }
}

server {

    listen       443 ssl;
    server_name  upsource.example.com;

    root /var/www/upsource.example.com;

    access_log  /var/log/nginx/upsource.example.com-access.log;
    error_log /var/log/nginx/upsource.example.com-error.log warn;

    # office1
    allow 194.***.***.24/29;
    # office2
    allow 91.***.***.78/32;
    # arseny home
    allow 188.***.***.48/32;
    deny  all;

    ssl_certificate /etc/letsencrypt/live/upsource.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/upsource.example.com/privkey.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
    ssl_session_timeout 1d;
    ssl_stapling on;
    ssl_stapling_verify on;

    location / {
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass http://localhost:8080;
        proxy_pass_header Sec-Websocket-Extensions;
    }
}

Check and reload NGINX’s configs:

Starting Upsource

Update /etc/security/limits.conf.

The documentation says to set limits for all users – but IMHO, not the best idea, so set it only for our user:

upsource        -       memlock         unlimited
upsource        -       nofile          100000
upsource        -       nproc           32768
upsource        -       as              unlimited

Update the /etc/hosts file – it must have $HOSTNAME name added – otherwise, Apache Cassandra will not run.

Check the name:

Add it:

...
127.0.0.1 localhost bttrm-testrail
...

Change directory and files owner:

Switch to the upsource user:

Run using the start command:

On the first start, Upsource will generate an authorization token and will save it to the  /var/www/upsource.example.com/conf/internal/services/configurationWizard/wizard_token.txt file.

systemd unit

To magae Upsource as a system service – create a /etc/systemd/system/upsource.service file:

[Unit]
Description=JetBrains Upsource
Requires=network.target
After=network.target

[Service]
User=upsource
Group=upsource
TimeoutStartSec=10min
WorkingDirectory=/var/www/upsource.example.com/
PIDFile=/var/www/upsource.example.com/logs/upsource.pid
ExecStart=/var/www/upsource.example.com/bin/upsource.sh start
ExecStop=/var/www/upsource.example.com/bin/upsource.sh stop
ExecReload=/var/www/upsource.example.com/bin/upsource.sh restart

[Install]
WantedBy=multi-user.target

Stop Upsource started manually:

And run via systemd:

Add to auto-launch:

Upsource configuration

Go to the https://upsource.example.com and make initial configuration:

Insert token from the wizard_token.txt, press Log in, click on the Set up:

You can leave everything with default values here – Upsource will set its URL here itself.

Also, leave HTTP here as between NGINX and Upsource we have HTTP and SSL will be terminated on the NGINX:

Add admin user:

And leave others with defaults too:

Wait for Upsource to be fully started:

If any – check logs in the /var/www/upsource.example.com/logs/.

Wait 1-2 minute:

PyCharm integration

In your PyCharm go to the Settings > Plugins, find and install Upsource Integration:

Click on the Test Connection – you’ll be redirected to your default browser for authorization:

Done.