Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Using a reverse proxy with Jira: mismatched URL Port

stephan.bosch@u
stephan.bosch@udg.de
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 27, 2016

I have Setup JIRA and CONFLUENCE on CentOS. 

 

Confluence is working like a charm, but JIRA has some issues with the Reverse Proxy. 

My Setup is:

Apache with SSL --> JIRA

 

Apache Config:

<Virtualhost *:80>
  ServerName subdomain.domain.xyz
        ProxyRequests Off
        ProxyPreserveHost On
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Virtualhost>
<Virtualhost 1.2.3.4:443>
  ServerName subdomain.domain.xyz

  ProxyRequests Off
  ProxyPreserveHost On
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass        /  http://localhost:8080/ connectiontimeout=5 timeout=300
  ProxyPassReverse /  http://localhost:8080/
  SSLEngine On
  SSLProxyEngine On
  SSLCertificateFile /etc/ssl/certs/XXX.crt
  SSLCertificateKeyFile /etc/ssl/certs/XXX.key
  SSLCertificateChainFile /etc/ssl/certs/XXX.crt
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLProtocol All -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  Header always set X-Frame-Options DENY
  Header always set X-Content-Type-Options nosniff
  <Location />
        Order allow,deny
        Allow from all
  </Location>
</Virtualhost>

 

Server.XML

<Connector port="8080"
                   proxyname="subdomain.domain.xyz"
                   proxyport="443"
                   secure="true"
                   scheme="https"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"/>
  <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>

 

I have already found this:

https://answers.atlassian.com/questions/11992128

 

But its not working. You guys have any ideas? 

 

I'm always getting:

 

Mismatched URL Port

JIRA is reporting that it is running on the port '80', which does not match the hostname used to run these diagnostics, '443'. 

 

and

 

com.atlassian.gadgets.dashboard.internal.diagnostics.UrlPortMismatchException: Detected URL port, '80', does not match expected port, '443'
Answer
Watch
Like Jonas Andersson likes this
2159 views

1 answer

1 accepted

0 votes
Answer accepted
Jonas Andersson
Jonas Andersson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 27, 2016

Wow, UDG smile I want a tshirt smile In return i give you this:

UPDATE: I thought udg.de was Ultimate DJ gear, no need for a tshirt, this is a freebee smile

I would not terminate SSL at the application server, but at the apache mod proxy and instead send it cleartext from the modproxy to JIRA with something like this (this is debian, using a different apache server so configs are a bit different but i hope it will help anyway:

/etc/apache2/sites-available/jira.conf

<VirtualHost *:80>
    ServerName jira.fully.qualified.name
    ServerAlias jira.fully.qualified.name.com jira
    <Directory />

    AllowOverride None
    Order allow,deny
    allow from all
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://jira.fully.qualified.name%{REQUEST_URI} [R,L]
    </Directory>
</VirtualHost>
<VirtualHost *:443>
    ServerName jira.fully.qualified.name
    ServerAlias jira.fully.qualified.name.com jira
    SSLProxyEngine on
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://jira.fully.qualified.name:8081/ keepalive=On
    ProxyPassReverse / http://jira.fully.qualified.name:8081/
    ErrorLog /var/log/apache2/jira_ssl_error_log
    MaxKeepAliveRequests 500
    KeepAlive On
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /home/jira/jira.crt
    SSLCertificateKeyFile /home/jira/jira.key
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
</VirtualHost>

Snippet of server.xml describing the port:

<Connector port="8081"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   proxyName="jira.fully.qualified.name"
                   proxyPort="443"
                   scheme="https"
                   keyAlias="jira"
                   keystoreFile="/opt/atlassian/application-data/jira-prod/cacerts" 
                   keystorePass="changeit"
/>

 

Make sure you import the cert inot the java keystore used by the application server.

 

View More Comments
stephan.bosch@u
stephan.bosch@udg.de
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
October 27, 2016

Thank you very much, Jonas.

I hope this works. Greets from UDG smile

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security