Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira reverse proxy problem

David Lewis
David Lewis January 14, 2020

I am in the process of trying to upgrade a 6.4 to current.

The steps I have taken:

1.) Built and patched a new CentOS 7.x box and installed prereqs.

2.) Installed Jira 7.0 onto new box and validated that it is running and accepting connections

3.) Backed up Jira from old box and then imported it into the new Jira. Import went right, and all data was present. Logged into new 7.0 instance with creds from original and saw that all was ok.

4.) Followed instructions from https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html to get apache acting as reverse proxy for the system. Below are config files:

System.xml

<Service name="Catalina">

<!-- Apache Proxy Connector with values for scheme, proxyName and proxyPort -->
<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443"
scheme="https"
proxyname="my.cool.server.name"
proxyport="443"
useBodyEncodingForURI="true"/>

<!-- Standard HTTP Connector -->
<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8081"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"/>
<!--

<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">

<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">


<!--
====================================================================================

Note, you no longer configure your database driver or connection parameters here.
These are configured through the UI during application setup.

====================================================================================
-->

<Resource auth="Container" factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60" name="UserTransaction" type="javax.transaction.UserTransaction"/>
<Manager pathname=""/>
</Context>

</Host>

<!--

Httpd.conf

ServerRoot "/etc/httpd"

Listen 80

Include conf.modules.d/*.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule substitute_module modules/mod_substitute.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule remoteip_module modules/mod_remoteip.so

IncludeOptional conf.d/*.conf

Jira.conf (located in conf.d/

<VirtualHost *:443>
ServerName support.annex.northgrum.com
ServerAlias support.annex.northgrum.com jira
ErrorLog /var/log/httpd/support-ssl-error.log
CustomLog /var/log/httpd/support-ssl-access.log combined
SSLCertificateFile /certs/server.cer
SSLCertificateKeyFile /certs/server.key
SSLCertificateChainFile /certs/server-ca.cer
SSLEngine on
ProxyRequests off
ProxyPreserveHost on
ProxyPass /jira http://127.0.0.1:8080/jira
ProxyPassReverse /jira http://127.0.0.1:8080/jira

RemoteIPHeader X-Forwarded-For
</VirtualHost>


When I hit the server, the log shows the following:

[Tue Jan 14 11:14:50.661950 2020] [authz_core:debug] [pid 16097] mod_authz_core.c(835): [client 10.161.108.42:2556] AH01628: authorization result: granted (no directives)
[Tue Jan 14 11:14:50.662170 2020] [proxy:debug] [pid 16097] mod_proxy.c(1123): [client 10.161.108.42:2556] AH01143: Running scheme http handler (attempt 0)
[Tue Jan 14 11:14:50.662215 2020] [proxy_ajp:debug] [pid 16097] mod_proxy_ajp.c(722): [client 10.161.108.42:2556] AH00894: declining URL http://127.0.0.1:8080/jira
[Tue Jan 14 11:14:50.662237 2020] [proxy_fcgi:debug] [pid 16097] mod_proxy_fcgi.c(972): [client 10.161.108.42:2556] AH01076: url: http://127.0.0.1:8080/jira proxyname: (null) proxyport: 0
[Tue Jan 14 11:14:50.662253 2020] [proxy_fcgi:debug] [pid 16097] mod_proxy_fcgi.c(975): [client 10.161.108.42:2556] AH01077: declining URL http://127.0.0.1:8080/jira
[Tue Jan 14 11:14:50.662276 2020] [proxy:debug] [pid 16097] proxy_util.c(2203): AH00942: HTTP: has acquired connection for (127.0.0.1)
[Tue Jan 14 11:14:50.662296 2020] [proxy:debug] [pid 16097] proxy_util.c(2256): [client 10.161.108.42:2556] AH00944: connecting http://127.0.0.1:8080/jira to 127.0.0.1:8080
[Tue Jan 14 11:14:50.662499 2020] [proxy:debug] [pid 16097] proxy_util.c(2426): [client 10.161.108.42:2556] AH00947: connected /jira to 127.0.0.1:8080
[Tue Jan 14 11:14:50.662677 2020] [proxy:debug] [pid 16097] proxy_util.c(2802): AH02824: HTTP: connection established with 127.0.0.1:8080 (127.0.0.1)
[Tue Jan 14 11:14:50.662717 2020] [proxy:debug] [pid 16097] proxy_util.c(2942): AH00962: HTTP: connection complete to 127.0.0.1:8080 (127.0.0.1)
[Tue Jan 14 11:14:50.666396 2020] [proxy:debug] [pid 16097] proxy_util.c(2218): AH00943: http: has released connection for (127.0.0.1)
[Tue Jan 14 11:14:55.671766 2020] [ssl:info] [pid 16097] (70007)The timeout specified has expired: [client 10.161.108.42:2556] AH01991: SSL input filter read failed.
[Tue Jan 14 11:14:55.671906 2020] [ssl:debug] [pid 16097] ssl_engine_io.c(993): [client 10.161.108.42:2556] AH02001: Connection closed to child 4 with standard shutdown (server my.cool.server.name:443)

The browser gives me the following:

https://my.cool.server.name:80/jira/secure/Dashboard.jspa

If I remove the :80, the thing will iterate a couple times and then eventually display the login page with the error:

JIRA is reporting that it is running on the port '80', which does not match the hostname used to run these diagnostics, '443'.

I can then put my creds in and it will do the :80 thing for three more times and then give me my page.

I have looked at the following:

https://community.atlassian.com/t5/Jira-Core-questions/Using-a-reverse-proxy-with-Jira-mismatched-URL-Port/qaq-p/267416

    with this in mind, I added the following to my conf file:

<VirtualHost *:80>
ServerName my.cool.server.name.com
ServerAlias my.cool.server.name jira
<Directory />
AllowOverride None
Order allow,deny
allow from all
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://my.cool.server.name%{REQUEST_URI} [R,L]
</Directory>
</VirtualHost>

Still the same issue.

I would be grateful for some pointers.

Thanks,

    

 

Answer
Watch
Like # people like this
7560 views

2 answers

1 accepted

0 votes
Answer accepted
David Lewis
David Lewis January 29, 2020

This is solved. I wound up restarting the process and then following again this process:

https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html

And then ensured the the process worked for http.

I then followed:

https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html

which turned into the tricky part. Since I am an Apache noob, I didn't really understand where to put the directives for the SSL portion. I had been loading them into the same conf file as the http stuff, but that wasn't working when I originally did it. This time, I added the directives to the default ssl.conf file and the thing worked.

I *THINK* that I can just go straight SSL by putting the SSL stuff into the jira.conf file, but I am not sure how to exclude the default ssl file without breaking Apache. I'll play with that later.

Reply
0 votes
JP _AC Bielefeld Leader_
JP _AC Bielefeld Leader_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 21, 2020

Hi,

#1 localhost is not always 127.0.0.1. Check is localhost is always resolved to 127.0.0.1

#2 Use support.annex.northgrum.com as the proxy name when setting up the connector.

Please reread

https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html

as there are some more bugs in your configuration on the Apache side.

Make sure your SSL/TLS settings of the Apache work without proxying to Jira.

Best

JP

View More Comments
David Lewis
David Lewis January 22, 2020

JP -

Thank you for the reply. It was my intention to replace my actual hostname/FQDN infor with my.cool.server.name but I guess that I didn't sanitize well enough.
I verified that 127.0.0.1 is localhost in the hosts file
support.annex.northgrum.com is set as the proxy name in the connector.

Now, one thing is that I didn't change any of the other parameters to <default>. I left them as they were from the install. Should I change them to match the guide? e.g.:

<Connector port=<default>
    maxThreads=<default>
    minSpareThreads=<default>
    connectionTimeout=<default>
    enableLookups=<default>
    maxHttpHeaderSize=<default>
    protocol=<default>
    useBodyEncodingForURI=<default>
    redirectPort=<default>
    acceptCount=<default>
    disableUploadTimeout=<default>
    proxyName="support.annex.northgrum.com"
    proxyPort="443"
    scheme="https"/>

WRT the Apache config, I am not sure what those bugs are - I am not Apache savvy. As near as I can tell I have it set exactly as it should be according to the guide.


I think that the SSL portion does work because when the page does come up, the page is properly secured with the SSL cert. Other than that, I am not sure how to test it.

Thank you again

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security