No war file for youtrack v6?

There doesn't appear to be a war file available for download in the newest youtrack version. Is that intentional or am I just missing something?
12 comments
The same question. I can't find .war file
0
Hi,

Thank you for your interest in YouTrack!
Correct, .war file was removed intentionally.Since YouTrack 6.0 we presented .jar, .msi and .zip. Please refer to the guide.

Thank you.
0
Any particular reason why?

Also you should put a note in the guide that the war has been discontinued so it's obvious :)
0
I used the war in order to run youtrack with an existing tomcat. Is there any possibility to run youtrack 6 with tomcat?
0
Hi All,

.WAR is no longer available as YouTrack 6.0 becomes much more complex and includes Hub (new Admin management scheme) as a part of YouTrack. With this we prevent all possible issues related to deployment and database corruptions issues.

Unfortunately, installing .jar on Tomcat is not possible. Alternatively, you may install it on Apache and use proxy for Tomcat.

Thank you.
0
In addition, is there any way to run YouTrack on a specific context path, like i.e. <host>:<port>/youtrack. Using the war this was no problem at all. But with the current zip distribution, I found no documented way how to do it.
1
I am already running an application on tomcat and another application on apache webserver. Now I have to integrate a third application server. That increases complexity on my side!
Is there any chance to use ajpi with the jetty implementation used for youtrack? jetty does support ajpi but the way it is used in youtrack is not the standard way to use jetty.
0
I've got to add my disappointment that the war file is no longer being distributed. While I understand that there may some technical reasons for this, I am now going to have to muck with an already working Apache instance in hopes of hacking together a viable proxying solution.

Just so it is clear, is there any possibility that this version will distributed as a war file?
0
Hi!

I installed Youtrack 5 via war-file for nginx like this: https://gist.github.com/falker/8710055

How can I upgrade to 6.x now? Can I just run the jar file?
0
This is extremely worrying. Running from a jar file like this means that the code (war and jar files) are writeable by the server process. Our security requirements mean that we cannot run code in this setup as a breach of any sort would allow the executable code to be modified. It has been standard practice for decades not to allow server processes write access to code. I guess it's down to me to repackage from the unpacked jar file.
0
Ah, I see the ZIP version is more amenable to hardening. It would be nice though to have a way of running the jar version with the unpacking step being manual. That way we can lock the code files down.
0
Yep, ZIP file can be hardened. Create a youtrack user and unzip youtrack in that home directory with all files owned by root. Fire up once as root and set the log, tmp and data paths. Check it all works as root.

Youtrack needs to own it's log, teamsysdata and teamsysdata-backup directories and all files in them.

It needs write access to its tmp directory and the two sub-directories bundleProcess and youtrack.

It also needs to own conf/hub/hub.launch.config, conf/internal/hub.properties, conf/youtrack/youtrack.launch.config, apps/hub/service-config.properties, pps/youtrack/service-config.properties as it appears to write these from contents of the database.

Then write a short init wrapper to sudo -u youtrack /path/to/bin/youtrack.sh

This way all code files are owned by root and can't be modified by the service user. In my case I front this with Nginx to provide the SSL layer. Hope this helps others.
0

Please sign in to leave a comment.