Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Create application link between Jira and Confluence Behind Reverse Proxy

Farhad
Farhad June 2, 2024

Dear All

i installed Jira on one server and confluence on other server 

both server behind nginx as reverse proxy 

but when i create application link on jira or confluence with above address , both server not connect to each other !! 

Could you please help me about this issue?? 

Answer
Watch
Like Be the first to like this
1809 views

2 answers

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2024

Hi Farhad,

This is likely to be a problem with one of two things:

First, your reverse proxy is not doing everything you think it is.  Application links can fail when the browser seems to be working if the "reverse" part of it is incorrectly configured.  I can't speak for nginx, as I've never had to debug this with an Atlassian system behind a broken nginx config.  But if it were Apache, reverse proxies are usually done as two lines of config, such as:

ProxyPass /jira http://192.168.1.89/jira
ProxyPassReverse /jira http://192.168.1.89/jirra

The parameters for both directives usually need to be identical.  The slepping mistake of "jirra" in the reverse line I gave here will make Jira look like it is working for general browsing, if you don't look too closely, but it will break the application link.  Obviously, correcting it to "jira" to match the line above will fix it.  That even applies to trailing /'s on all four parameters; you need to be consistent and have all four parameters end with / or without it.

The second problem I see a lot more is that your SSL has not been set up correctly.

When you use a browser to reach a system behind a reverse proxy using https, then most sites will do a load of work on exchanging certificates to secure their connection.

But application links are not done by browsers, there's no code behind them to do that negotiation.  You have to give each server a certificate that tells the other server that it is a trusted access.

So, if you can check your reverse proxy is ok, the next question is "how have you installed the SSL certificates for access to the other server on each one?"

This doc is for Apache, but the bits of Apache can easily be translated to nginx.  https://confluence.atlassian.com/adminjiraserver/integrating-jira-with-apache-using-ssl-938847754.html

View More Comments
Farhad
Farhad June 2, 2024

@Nic Brough -Adaptavist- 

thanks for your respond 

my reverse proxy and ssl is working fine without any problem. 

now i want to know could i creat another http connector on both server for connect jira and confluence without reverse proxy ?? 

(one connector for https and access from reverse proxy on outsite company and another connector is http for application link between jira and confluence in inside company) 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2024

In theory, yes, you could do this, but it will not solve your problem, because application links need to be connected to the "base URL" of your applications, which is always going to be the first connector which is the one your proxy is serving up.

(Extra connectors do have uses - there are things you can do that don't need to be locked to the base URL, but application links are not one of them)

Like
Farhad
Farhad June 2, 2024 edited

@Nic Brough -Adaptavist- 

so how i can solved this issue?? 

both servers communicate each other as https://reverseproxy.local/jira (confluence) !! 

i test this connection with "curl" command on both server !! 

but when type url on  jira (confluence) application link , i faced with network error !! 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2024

You can not set up the two services to run on the same URL, so "both servers communicate each other as https://reverseproxy.local/jira" is not accurate.

When you create an application link, you do it from one side of the connection, telling the current service what the base URL is for the other application that you want to link to.  The other service will then set up its end of the application link with the base URL of the source service.

So, on https://reverseproxy.local/jira you should tell it that there is an application link to https://reverseproxy.local/confluence , and on https://reverseproxy.local/confluenceyou would tell it the other end is https://reverseproxy.local/jira 

We can't tell you what is wrong with your network without more detail - what is the network error you are seeing?

Also, there is one worrying thing in your URLs - are you really connecting to a local address like reverseproxy.local ?  If so, that might explain it - your servers are not trying to connect to each other, they're trying to connect to themselves.

Like
Farhad
Farhad June 2, 2024

@Nic Brough -Adaptavist- 

I think I did not explain my meaning correctly !!!

i set https://reverseproxy.local/confluence on jira server as application link and https://reverseproxy.local/jira on confluence server as application link

also all users connect to https://reverseproxy.local/confluence and https://reverseproxy.local/jira without any problem , so my reverse proxy work fine !! 

on jira server i ping https://reverseproxy.local/confluence and curl -k -L https://reverseproxy.local/confluence without any problem ( confluence server ping and curl https://reverseproxy.local/jira url without any problem) 

but on application link url both server has error (OAuth error) 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 2, 2024

I'd blame my reading more than your explanation!  Your re-write is very clear to me.

We can rule out the proxy and the basic networking as the problem now, but it has added another thing to look at.

Browsers, pings and "curl -k" won't have a problem with SSL, so they are only telling us that the connection is valid, they are not testing the SSL or authentication.

The two things to test next are

  • the SSL connection
  • the OAuth handshake

You have only told us "OAuth error" here, but we can not do much with that without the detail of the error (which may not be given to you on-screen in the browser).  Was there more information beyond "OAuth error"?

The easiest way to get the full error messages without having to worry about working out all the URLs and handshakes in question to replicate manually, is to run two things side by side:

  • run something that can view the Jira application log in real-time on the server (on my dev box at home, I just run "tail -f /opt/atlassian/jira/jira-home/logs/atlassian-jira.log")
  • go to the "create application link" screen in your browser and try to create the link again

The log viewer should throw out quite a lot of log.  Much of it will be aimed at developers and not tell you much (this detail will usually be indented), but some of the headlines should give us information on what sort of errors are occurring, and even some of the success message which will rule out certain problems.

Like
Farhad
Farhad June 3, 2024

@Nic Brough -Adaptavist- 

many thanks for your taking time 🙏

i go to office on 5 Jun and create log file and take screen shot from error 

Like
Farhad
Farhad June 4, 2024 edited

@Nic Brough -Adaptavist- 

Hi Dear

my error is : (on jira and confluence)

Invalid OAuth signature

We couldn't connect to Confluence, possibly because that instance is behind a misconfigured proxy.

-----------------------------------------------------------------------------

my local authentication for incoming and outgoing in application link is :

OAuth (impersonation)

also test OAuth

-----------------------------------------------------------------------------

and my nginx reverse proxy config is :

server {
listen 80;
server_name _;
return 301 https://server.local;
}


server {
listen 443 ssl;
server_name _;
disable_symlinks off;
ssl_session_cache shared:SSL:50m;
ssl on;
ssl_certificate /home/pathtossl.pem;
ssl_certificate_key /home/pathtossl.pem;

location /jira/ {
proxy_pass http://serverip:port/jira/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
}

location /confluence/ {
proxy_pass http://serverip:port/confluence/;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

 

 

Like
Reply
0 votes
Fabio Racobaldo _Herzum_
Fabio Racobaldo _Herzum_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
June 2, 2024

Hi @Farhad ,

please check connectivity between servers using reverseproxy url. As workaround you can map the URL of the reverse proxy in the host file (windows :https://www.nublue.co.uk/guides/edit-hosts-file/#:~:text=In%20Windows%2010%20the%20hosts,%5CDrivers%5Cetc%5Chosts. linux : https://blog.purestorage.com/purely-educational/what-is-the-etc-hosts-file-in-linux/#:~:text=File%20in%20Linux%3F-,The%20%2Fetc%2Fhosts%20file%20is%20a%20plain%20text%20file%20used,to%20resolve%20the%20domain%20name.) and try again.

Let me know,

Fabio

View More Comments
Farhad
Farhad June 2, 2024 edited

 

@Fabio Racobaldo _Herzum_ 

Thanks for your respond.

i test connectivity with " curl -k -L https://reverseproxy.local/jira(confluence)" on both server (jira and confluence) and both server is ok.

i want to know could i creat another http connector on both server for connect jira and confluence without reverse proxy ?? 

(one connector for https and access from reverse proxy and another connector is http for application link between jira and confluence) 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
VERSION
8.6
PRODUCT PLAN
STANDARD
TAGS
atlassian, team '25, conference, certifications, bootcamps, training experience, anaheim ca,

Want to make the most of Team ‘25?

Spend the day sharpening your skills in Atlassian Cloud Organization Admin or Jira Administration, then take the exam onsite. Already ready? Take one - or more - of 12 different certification exams while you’re in Anaheim at Team' 25.

Learn more
AUG Leaders

Upcoming Jira Events