Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA is not able to access itself

Cosylab IT
Cosylab IT October 4, 2018

Greetings,
I get the following warning in the Troubleshooting and support tools part of the system backend:
JIRA is not able to access itself through the Gadget feed URL. This is necessary so that dashboard gadgets can be generated successfully. Please verify the current Base URL and if necessary, review your network configurations to resolve the problem.

I went trough the troubleshooting process but all the tests were good. Also the dashboard gadgets work.
Can the issue identified by this warning, produce any other problems, or can we safely ignore it?

 

Best regards
Lovrenc Avsenek

Answer
Watch
Like Be the first to like this
5644 views

2 answers

2 accepted

2 votes
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 9, 2018

It is possible that this is a false positive, but it's difficult to say that for sure.  What version of Jira are you using?

Is your Jira utilizing a reverse proxy and/or SSL?   I am curious if you can share what URL your Jira site is accessible at, say something like jira.example.com and then see if that is set as the current Base URL in the system settings, as well as what values you might have in the <connector> tags of your $JIRAINSTALL/conf/server.xml file.  This file contains the settings that Jira's tomcat webserver will use to host the site.  If you're redirecting traffic to this site via a reverse proxy then there are expected to be parameters here such as proxyName, proxyPort, and scheme that should be defined here as per Proxying Atlassian server applications with Apache HTTP Server (mod_proxy_http).

View More Comments
Cosylab IT
Cosylab IT October 9, 2018

Hi Andrew,

The details are as follows:

  • software version: v7.12.0#712001-sha1:ad166f5
  • Yes, the jira installation is behind a web proxy.
  • And yes, it is using SSL.

Connector:

        <Connector                                                                                                     
        port="8080"                                                                                                    
        maxThreads="150"                                                                                               
        minSpareThreads="25"                                                                                           
        connectionTimeout="20000"                                                                                      
        enableLookups="false"                                                                                          
        maxHttpHeaderSize="8192"                                                                                       
        protocol="HTTP/1.1"                                                                                            
        useBodyEncodingForURI="true"
        redirectPort="8443"         
        acceptCount="100"           
        disableUploadTimeout="true" 
        bindOnInit="false"          
        proxyName="support.cosylab.com"
        proxyPort="443"                
        scheme="https"                 
    />

The base url is https://support.cosylab.com, which is also the address on which the site is reachable.

Does Jira perhaps use web-sockets to keep it's widgets updated?

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 10, 2018

This part of your configuration looks ok to me.   Jira is expected to try to reach the base URL from the application itself.  In some environments, the network interface the Jira application is using isn't able always to make outbound network connections to addresses like the base url. In cases like that the site can still appear to work for the most part, but functions like dashboard gadgets can't render properly.

I would be interested to see if you can take a closer look at this KB that highlights this problem we started seeing in Jira versions 7.1.x and above.  How to fix gadget titles showing as __MSG_gadget

Maybe you are not seeing this exact __MSG_gadget for the titles of your gadgets, but it could still be helpful for you to try to follow the diagnosis steps on that page to better understand your environment.

For example these three tests could provide us more info at the very least:

  • From the JIRA server itself, JIRA is unable to communicate with itself via its Base URL (Run curl -v <base_url> to verify)
  • Run SSLPoke from the JIRA server itself and see if it returns successfully
  • Additionally run the httpclienttest from the JIRA server itself to confirm if the SSL configuration is okay, as this will verify if you're affected by  JRASERVER-47568

I'm not yet 100% certain if Jira is using websockets, but from my initial investigation it does seem as though this could be possible.

Like
dujas
dujas
Contributor
September 20, 2021

Hi Andy,

I am sufferring this warning as well.

SSLPoke test did fail on both jira servers and proxy server, do I have to add the pem/crt file to the jira server's cacerts?

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 20, 2021

If you're running Jira using an SSL cert, then yes you will need to add that cert (as well as any intermediate and/or root certs) to the truststore that Jira is using.  Steps to do this are also explained in https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

Like
dujas
dujas
Contributor
September 21, 2021

Hi Andy,

Thanks for the reply, you are the first one in this community replied me after I posted several questions :D

In my cluster config, I added the self-signed cert generated on the proxy server to keystore on jira servers. During my test, I tried CA.crt, intermediate-server.crt(proxy server) and .cer(downloaded from browser of the proxy server), each of them will be imported successfully but the "Gadget feed url" warning keeps still until I modified the setenv.sh(/opt/atlassian/jira/bin/, this is the path in my env):

add "-Djavax.net.ssl.trustStore=/path/to/cacerts" to "JVM_REQUIRED_ARGS".

The reason for this is the test below passed:

$JAVA_HOME/bin/java -Djavax.net.ssl.trustStore=/my/custom/truststore SSLPoke jira.example.com 443
Like
Reply
1 vote
Answer accepted
Cosylab IT
Cosylab IT October 10, 2018

I have done this tests before, but I haven't done the SSL poke from the Jira server directly - which turned out out be where the issue was.

I have added the CA cert to the java trust store and the SSLPoke worked, also the warning is gone now.

Thank you for the assistance.

View More Comments
Alexander Zorg
Alexander Zorg July 19, 2019

Hi, can u describe how did u add CA cert to ur existing keystore?

Like
Peter Boyle
Peter Boyle July 29, 2020

following.....

Like olc_kakin@konami.com likes this
Niek Neuij
Niek Neuij
Contributor
November 16, 2020

You add it on the Jira origin server (not the proxy) like this:

keytool -v -importcert -keystore /opt/atlassian/jira/jre/lib/security/cacerts -storepass changeit -file ~/WILDCARD_example_com.crt
Like Daniel likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events