Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira via haproxy

Emmanuel
Emmanuel
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 2, 2019

Hello,

 

I am trying to configure traffic to jira via haproxy. I have an ssl termination on the haproxy but i dont have an ssl on the application server. 

 

jira server.xml

<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"

                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"

                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"

                   proxyName="<subdomain>.<domain>.com" proxyPort="443"/>

 

haproxy.cfg

 

Frontend

 acl devjirassl        path_beg       -i /devjira

 use_backend        devjirassl          if devjirassl

 

backend devjirassl

mode http

balance source # Load Balancing algorithm

#option ssl-hello-chk

option httpchk

option forwardfor

http-request add-header X-Forwarded-Proto https 

server host1 10.5.181.69:8443 check ssl verify none

 

Thanks

Emmanuel

Answer
Watch
Like # people like this
5759 views

1 answer

0 votes
Deleted user October 28, 2019

Hi,

I've just completed setting up haproxy to redirect to internal jira server, here is what I've configured and does work fine...

1. edit the server.xml file and comment out the default connector setting, scroll further down and uncomment the "HTTPS - Proxying Jira via Apache or Nginx over HTTPS" and configure proxyPort=443 and proxyName="jira.mydom.com". Save the file and restart jira.

2. Install (if you haven't already) mod_ssl (I run CentOS) "# sudo yum install mod_ssl"

3. On your haproxy server you should already have the SSL certificate terminating at your haproxy server. If not done already then you'll need to set this up as such...  Here is what I've configured in haproxy.cfg for Jira

frontend https-in
  bind 192.168.0.229:443 ssl crt /etc/ssl/certs/mycert/mycert.pem
  acl secure dst_port eq 443
  rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload
  rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure

  acl is_JIRA_HTTPS hdr_beg(host) -i jira

  use_backend JIRA_HTTPS if is_JIRA_HTTPS

backend JIRA_HTTPS
  mode http
  option httpchk HEAD / HTTP/1.1\r\nHost:\ jira.mydom.com
  option httpclose
  option http-server-close
  option forwardfor
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  server jiraGateway1 192.168.0.235:8080 cookie jiraGateway1

4. Restart haproxy "service haproxy restart"

5. Now test accessing your jira server via haproxy (https://jira.mydom.com).  You should see the apps reloading for jira.

6. Once you login change the base URL settings to: https://jira.mydom.com:443, save and you are done!!!

7. Enjoy :)

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security