We are currently looking to open our Jira to the internet by adding a 2nd reverse proxy in a DMZ. Since we need get a public domain name it will have a different cert with a different domain. We're using Sub_filters but, still none of the Services can connect. Has anyone tried this before? Below are the configs. Any help would be appreciated.
Internal Config:
server {
server_name jira-dev.corp.foo.com;
listen 80;
return 301 https://$host$request_uri;
}
server {
server_name jira-dev.corp.foo.com;
listen 443 ssl;
ssl on;
ssl_certificate /etc/ssl/jira-dev.foo.pem;
ssl_certificate_key /etc/ssl/jira-dev.key;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!CAMELLIA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
#limit_req zone=perip burst=5;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_pass https://jira-dev.corp.foo.com;
proxy_read_timeout 90;
}
}
External Config:
server {
server_name jira-dev.foo.com;
listen 80;
location / {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl;
server_name jira-dev.foo.com;
ssl_certificate /etc/ssl/jira.foo.com.crt;
ssl_certificate_key /etc/ssl/jira.foo.com.key;
# NGINX usually only allows 1M per request. Increase this to JIRA's maximum attachment size (10M by default)
client_max_body_size 93M;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding "";
client_max_body_size 93M;
sub_filter jira-dev.foo.com jira-dev.corp.foo.com;
sub_filter_types *;
sub_filter_once off;
proxy_pass http://jira-dev.corp.foo.com:8080;
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.