Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Nginx reverse proxy back-circle to localhost in configuration?

Sascha Mühl
Sascha Mühl
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 15, 2021

Dear Community, 

I try to set up Jira in my LEMP-Stack but fail on my reverse NGINX proxy. After trying to set up the proxy i.a.w. Configure Jira server to run behind a NGINX reverse proxy | Jira | Atlassian Documentation I just get back the localhost thingy in my browser:

https://127.0.0.1/jira

Could you help me please to find the mistake in my settings? 

My target is to reach: mypage.de/jiraX

 

I configured my NGinx-config (excerpt; SSL Snippets works with other apps): 

upstream php-handler {
server unix:/run/php/php7.4-fpm.sock;
}

server {
listen 80 default_server;
server_name mypage.de 164.251.248.168;

root /var/www;

location ^~ /.well-known/acme-challenge {
proxy_pass http://127.0.0.1:81;
proxy_redirect off;
}


location / {
# Enforce HTTPS
# Use this if you always want to redirect to the DynDNS address (no local access).
return 301 https://$server_name$request_uri;

# Use this if you also want to access the server by local IP:
#return 301 https://$server_addr$request_uri;
} 
}

server {
listen 443 ssl http2;
server_name mypage.de 164.251.248.168;

include /etc/nginx/snippets/ssl.conf;

...

location /jiraX {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_pass http://127.0.0.1:91;
client_max_body_size 10M;
}

}

 

My sublevel-Nginx (the main config links to the this as far I configured my other apps):

server {
server_name 127.0.0.1;
listen 127.0.0.1:91;

root /opt/jira-home;
index index.html index.htm;

location / {
proxy_pass http://127.0.0.1:8081; 
}
}

(not sure withe the root-path)

Thank you for your support

my server.xml (I just ensabled)

 <!-- OPTIONAL,Nginx Proxy Connector with https -->
<Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" 
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" 
disableUploadTimeout="true" proxyName="mypage.de" proxyPort="443" scheme="https" secure="true"/>

and

<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

 

Answer
Watch
Like Be the first to like this
2959 views

1 answer

0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 1, 2021

Hi @Sascha Mühl , welcome!

First things first, you should double-check the base URL in Jira's application settings as well to ensure it's set to https://mypage.de/jiraX. Jira uses this setting to write all the links in the application itself - so not having it set correctly will result in broken links when trying to use the application.

Now to your nginx configuration - I see you've got essentially a double-proxy configured. With the setup you've got, a client browser would follow this path:

(Browser) --HTTPS-->  nginx:443  --HTTP-->   nginx:91  --HTTP-->   jira:8081

That's one more jump than is necessary - I've not tried or have seen a setup like this before, but imagine it might cause some issues. I'd instead simplify the nginx configuration to proxy jira just once:

...

location /jiraX {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_pass http://mypage.de:8081;
client_max_body_size 10M;
}

}

and then removing the subsection that's listening on port 91.

It's also worth pointing out that the context path you've got listed in server.xml is simply "/jira" rather than "/jiraX" - that will need to match too.

Let me know how that goes for you!

Cheers,
Daniel | Atlassian Support

View More Comments
Sascha Mühl
Sascha Mühl
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 3, 2021

Hi @Daniel Eads

thank you for your support. 

I do have just an external server in a data-center. So I don't have a direct desktop access. As I got it right I choosed the server.xml here:

/opt/atlassian-jira-core-8.5.0-standalone/conf/server.xml

After changing the location block according to your suggestion (just changed to the localhost, because the nginx gave an error using the cname): 

location /jiraX {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_pass http://127.0.0.1:8081;
client_max_body_size 10M;
}

...it should now be (please correct me):

(Browser) HTTP --> nginx:443 --HTTPS-->  (localhost) --HTTP--> jira:8081

My server.xml connector looks like this:

<!-- OPTIONAL,Nginx Proxy Connector with https -->
<Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="www.smuehl.de" proxyPort="443" scheme="https" secure="true"/>

Maybe it is noteworthy that I've 3 connectors in my server.xml (don't know if I need those all): 

<!-- Nginx Proxy Connector -->
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="www.smuehl.de" proxyPort="80"/> 

<!-- OPTIONAL,Nginx Proxy Connector with https -->
<Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="www.smuehl.de" proxyPort="443" scheme="https" secure="true"/> 

<!-- Standard HTTP Connector -->
<Connector port="8082" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/>

The context path looks like (Do I get it right to not change to: "/jiraX"?):

 <Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<!--path="/jira"-->
<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

Finally I restarted nginx (worked)

sudo service nginx restart

and tried to restart jira via: 

sudo /opt/atlassian-jira-core-8.5.0-standalone/bin/stop-jira.sh

but stuck now with the message

"PID file found but either no matching process was found or the current user does not have permission to stop the process. Stop aborted."

Can you tell me please, what I'm doing wrong? I don't understand how the world works any more 

Like
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 4, 2021

Don't fret! We'll get it sorted out 🙂

The other connectors aren't necessary if you'll only be accessing Jira through nginx over HTTPS. You can comment them out by surrounding them with <!-- and -->.

I've noted you put the server name in the latest set of configs. In my reply below I'll continue using "mypage.de" for your domain.

Based on the configuration you have so far, I think you'll want to be accessing your Jira server from the address mypage.de/jiraX - if that's the case, you'll want to make the following changes:

  1. Confirm Jira's base URL setting in the Jira application itself is set to https://mypage.de/jiraX

  2. In your server.xml file, change  
    proxyName="www.mypage.de"

    to 

    proxyName="mypage.de"

    on the connector for port 8081. The connector for port 8080 can be commented out. The connector for port 8082 is at your discretion - with that connector enabled, people can bypass nginx and access your Jira server directly over HTTP if port 8082 is open to the network they're accessing your server from.

  3. Change the context path to /jiraX 
    <Context path="/jiraX" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

The error you got may be due to Jira being stopped already. You can use the following command to see if a Jira process is running:

ps aux | grep jira

If one is and the stop-jira.sh command is still throwing an error, you can use kill -9 followed by Jira's PID (from the grep output) to terminate the process. Then run start-jira.sh to start Jira again.

Let me know how that goes! I did give your server a poke just now as it appears to be internet-exposed (and your URL was in the latest configs). I think you have nginx configured correctly and just have those details above to sort out.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security