How do I setup TeamCity for public access over https?

Question

How do I setup TeamCity 4.0 so that I can access it over port 443 on the internet? e.g. https://teamcity.mydomain.com

I am running IIS 7 on the same server that TeamCity is installed. I see two options:

1. Setup TeamCity to use port 8443 and create a reverse proxy in IIS that routes requests to the TeamCity public IP address to the Tomcat port on the internal IP address.

2. Setup Tomcat to run on a different IP address than IIS 7, and configure TeamCity to run on port 443.

I'm not sure on the details of either of these steps.

Answer 1

It requires configuring the bundled Tomcat server for https. See here:

http://confluence.jetbrains.net/display/TCD65/Using+HTTPS+to+access+TeamCity+server

and here:

http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

I also setup Tomcat to listen on just one IP Address. All of this turned out to be a real pain, and I still am not able to run TeamCity as a service. I can only run it at the command line. If I were going to do this over, I would install TeamCity to run on the default port, and reverse proxy to it using IIS7 Application Request Routing or Apache Virtual Directories.

[Edit] I have done this over, and I used IIS Application Request Routing to set up a reverse proxy. It works perfectly, and Team City upgrades are painless as well.

Answer 2

If you are not expecting high server load you can avoid using IIS or Apache and enable SSL right in the Tomcat. This is simpler to configure. The only drawback is high CPU usage when client connects to the server (during negotiation stage), after that CPU usage is negligible.