Community resources
Community resources
Community resources
Jira Nginx & Windows CA
Hello,
I'm hoping you can help with a question I have regarding using nginx as a reverse proxy for jira and ssl.
I have followed the below documentation for creating a java keystore using the command line installation:
My keystore has the private key along with certificate chain and I have also keytool imported the all certificates in the chain including server certificate to the default java cacerts location /opt/atlassian/jira/lib/bin/security/cacerts
My nginx config is below:
worker_processes auto;
events { worker_connections 1024; }
http {
server {
listen 443 ssl;
server_name server.example.com;
ssl_certificate /opt/certs/bundle.pem;
ssl_certificate_key /opt/certs/private.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/jira_access.log;
error_log /var/log/nginx/jira_error.log;
location / {
proxy_pass http://server.example.com:8080;
proxy_read_timeout 900;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 30M;
}
}
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name server.example.com;
return 301 https://$host$request_uri;
}
}
My organisation uses a PKI (windows ca) and when browsing to jira site, the server certificate along with complete chain is presented however the browser refuses to accept the certificate as secure, this is in chrome and safari. What am I missing? Any advise would be greatly appreciated.