Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Link application f5 BigIP Jira & Confluence SSL https

Kris
Kris April 23, 2021

I want to link my jira (VM1) application to confluence (VM2). My SSL certs are stored in F5 (big-ip) which is used as a reverse proxy.

Clients conntect via https on port 443. The reverse proxy (192.168.178.1) F5 will then forward to request (jira-test.net or confluence-test.net) using SNI to the SAML AUTH -> tothe backendIP. If the client would like to connect to jira or confluence will be solved with SNI.

If I try to curl or link the application within webinterface from VM1 or VM2, I get HTTP 302 message from F5 telling me that the access policy is not okay "DENY". I can follow the curl with: curl -L and end up getting this: /my.logout.php3?errorcode=19' and then http 200 with some f5 errorpage. But the SSL cert handshake is ok.

Since the VM1&2 are in DMZ I would like to link the applications. I can access from external address both services.

Can anybody tell me what setting is required in the f5 BigIP to be able to link my application? I tried different access policys with "ip subnet match" pointing to the BackendIP's from VM1&2, but still no change. Are there any other settings I could try?

Any help is appreciated.

Answer
Watch
Like Be the first to like this
1161 views

1 answer

0 votes
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 23, 2021

Dear @Kris ,

this requiremnent was raised a couple of years ago. Have a look at the answer from Dan.

So long

Thomas

View More Comments
Kris
Kris April 26, 2021

Thank you for your answer @Thomas Deiler 

we already setup all the proposed jira/conf server.xml settings and client login is working via ssl cert.

The problem is the f5 bigip proxy config, I'm not sure how to configure this proxy to be able to link my applications (jira and confluence). 

For now, I'm getting redirected to /mypolicy site when trying to link confluence application to jira. We tried different settings within the APM - Access Policy Manager, but nothing seems to work. Any access from within DMZ to f5 is routed directly to 302 errorpage... .

Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
April 27, 2021

Dear @Kris ,

to be honest, f5 is the Bugatti under the commercial firewalls. To fully understand this piece of metal you need trainings and loads of time. Or an expensive expert.

Please understand that this community cannot jump inside this gap. There is a chance that an expert is reading over this article, but I doubt.

So I recommend https://serverfault.com/ . There are some experts, that probably know what to do.

Sorry for not being more helpful

Thomas

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, team '25, conference, certifications, bootcamps, training experience, anaheim ca,

Want to make the most of Team ‘25?

Spend the day sharpening your skills in Atlassian Cloud Organization Admin or Jira Administration, then take the exam onsite. Already ready? Take one - or more - of 12 different certification exams while you’re in Anaheim at Team' 25.

Learn more
AUG Leaders

Upcoming Jira Events