Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bamboo running behind a reverse proxy

Mark Dzulko
Mark Dzulko July 14, 2011

I am continuing this thread: http://forums.atlassian.com/thread.jspa?messageID=257248717 . The basis is that I am running bamboo, and other atlassian products, behind a reverse proxy. I am not using Apache but HAProxy and Stunnel. The atlassian products need to be on SSL since we are using crowd with LDAP integration and we don't want authentication in the clear.

The problem is that bamboo on login will execute a GET /%2Fstart.action that results in directing to http instead of https, causing a page not found. Even though I have the proxy redirecting http requests to the bamboo domain, it doesn't redirect these requests since it isn't a post. The login is successful and if I simply tack the resulting URL: http://bamboo.domainname.com/%2Fstart.action and change to https://bamboo.domainname.com/%2Fstart.action , then I am delivered to the dashboard. Once in, I am largely able to navigate around without issue, though randomly at times it still tries to redirect to http or will loose context and redirect to the login again.

Any idea how to fix this?

**We want to have our SSL on a load balancer proxy so we are consolidating our certificates and we can maintain all internal traffic in http rather than having the SSL load on a per server instance. This configuration works well for Jira, with no real issues but bamboo forms causes grief.

Further Findings

I recently setup confluence 3.5 in a similar manner as bamboo above. The confluence standalone tomcat instance communicated to the reverse proxy in http. The rever proxy then handles the SSL encryption/decryption to the end user (the proxy is the SSL termination). When the user attempts login to confluence, the redirect on login goes to http://{BASE_URL}/%2fstart.action instead of https://{BASE_URL}/%2Fstart.action. If you change the URL to the correct version, then you get directed to the dashboard and all is good. The login is successful. I would say this is a minor annoyance but trying to expose this site to customers in its current state is impossible. Seems like a bug.

Answer
Watch
Like Be the first to like this
4061 views

3 answers

1 accepted

0 votes
Answer accepted
Mark Dzulko
Mark Dzulko September 4, 2011

So the solution: You need to run bamboo via Tomcat. Discard the jetty standalone and get the WAR. Then setup bamboo on Tomcat. You can then change the parameters of the connector in the server.xml file to include proxyName, scheme, and proxyPort.

Reply
0 votes
Radek Antoniuk
Radek Antoniuk
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 17, 2013

There's another simple solution to this, you can just use mod rewrite in your http vhost configuration that catches this request:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/bamboo
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Reply
0 votes
Justin Shapiro
Justin Shapiro
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 4, 2011

Do you have scheme="https" proxyPort="443" in your tomcat connector in server.xml? Adding them should fix your proxy issue with confluence. I acutally run my bamboo in tomcat as well because I didn't know how to set the same thing up in jetty.

View More Comments
Mark Dzulko
Mark Dzulko August 25, 2011

I do have that already setup. However, I believe I found the real problem. HAProxy acts out of the box as Apache with ProxyPreserveHost On, that is it forwards the Host on to the server rather than the specified URL. Turning this off in Apache will solve the problem (I know since I setup Apache as proxy for these instances as a test). But I cannot find equivalent config for HAProxy. Asked teh mailing list and will post if I find out.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bamboo
Bamboo
TAGS
AUG Leaders

Atlassian Community Events

    See all events