I am hosting Jira v.7.6.3 and Bitbucket v.5.6.2 on my own server (CentOS 7). I have them running behind an Apache reverse proxy over https. The "natural" Tomcat ports are behind a firewall. They are additionally running on their own contents paths.
Everything was humming along, and they were talking to each other via Application Links. Now I added basic authentication on the Apache front end and broke the system.
My goal is to have a "back-end" on the domain that this entirely walled off by authentication. That would include Jira, Bitbucket, other proxied servers, and basic Apache directories. So, access to the back end is reached via https://mydomain/staff. Everything on that context path is walled off. Jira and Bitbucket are found at https://mydomain/staff/jira and https://mydomain/staff/bitbucket.
At first, I could not use these proxied apps at all when I added the Apache authentication, but I fixed that with the Apache configuration for my proxies "RequestHeader unset Authorization". Problem solved.
The major trouble that remains, however, is the Application Links no longer work. How do I get my basic authentication parameters integrated into the links? I seems that legacy versions of the software e.g. Jira 6 provided a basic authentication option in the app links, but that was eliminated?
I've tried several approaches without luck so far.
As secondary problem I can see errors in my Apache log that behind the scenes Jira and Bitbucket are now failing to be able to check for updates, etc. That makes sense if the remote end can't get through this authentication wall now. I can live with that, and maybe just disable the authentication requirement temporarily when I periodically want to check for updates. In an ideal world though, that also would be fixed.
Btw, I'm totally fine with solutions that involve manually twiddling the database or configuration files as needed.
Hi Jonathan, we're not sure of the impact of authentication on the Proxy level but Applinks will not be able to provide such data. Most likely you'll need to set up a separate connector and have Bitbucket and Jira communicate directly and bypass the proxy altogether. This would be beneficial if you're on the same physical server anyway.
RequestHeader unset Authorization',
the only way around that is to bypass the proxy, whichThey key for this will be to disallow any communication from any outside location on the ports you set up as unproxied.
If Jira and Bitbucket are on different servers then you'd have to make sure that BB -> Jira is allowed and that Jira -> BB is allowed too by configuring your firewall correctly to allow traffic (via iptables or whatever you're using).
Hope that helps!
Ana
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.