How to create Application Link betwwen Bitbucket/Jira/Confluence(Cross reverse proxy)? Edited

We have two servers, and installed several Atlassian products:

Server #1: dms.server.com, Ubuntu v16.04.4, local Posgresql v9.5.173

Server #2: code.server.com, , Ubuntu v16.04.4, local Posgresql v9.5.173

Detail configuration at the bottom。

Now, we can provide these app for users like this:

In Jira or Confluence, we can't create Application Link use the url like "https://dms.server.com/jira" or "https://dms.server.com/wiki", the system responds this:

No response was received from the URL you entered - it may not be valid. Please fix the URL below, if needed, and click Continue.

While I use the url like "http://dms.server.com:8092/wiki" in Jira to create AppLink , the system responds this:

Confirm URLs

The Application URL is different to the Display URL

Confirm that this is correct or change the Application URL below.

The Application URL should only be different to the Display URL if your application cannot access the internet directly (e.g. behind a firewall or proxy).

Application URL http://dms.server.com:8092/wiki

This is the URL used to connect to the remote application from this server.

Display URL https://dms.server.com/wiki

The display URL is used when rendering links to the application in the user's browser.

And in next step, Confluence can't auto-create reciprocal link for Jira.

Unable to create reciprocal link

It has not been possible to retrieve the required information from https://dms.totalcare.com/jira. Therefore the link cannot be created.

Click Continue to be redirected back to https://dms.totalcare.com/jira.

Click Close to remain here.

We have tried create separate AppLink both in Jira(use http://dms.server.com:8092/wiki) and Confluence(use http://dms.server.com:8082/jira), the AppLink works fine. But while we try between Jira & BitBucket, it wasn't success.

Now, can you give me a guide about how to create Applink between several Atlassian applications cross the Nginx Reverse Proxy? Thank you very much!


Best Regards
===========================
Xiao Li, System Admin

Server 1#:dms.server.com configuration


===JIRA===========================================
/opt/atlassian/jira/conf/server.xml

<Server port="8005" shutdown="SHUTDOWN">
......
<Service name="Catalina">
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"

proxyName="dms.server.com"
proxyPort="443"
scheme="https"
secure="true"
/>

<!-- Add Backup Service Port Connection -->
<Connector port="8082"
maxThreads="150"
minSpareThreads="10"
connectionTimeout="20000"
enableLookups="false"
acceptCount="10"
URIEncoding="UTF-8"
/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
......

===Confluence=====================================
/opt/atlassian/confluence/conf/server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"

proxyName="dms.server.com"
proxyPort="443"
scheme="https"
secure="true"
/>

<Connector port="8092"
maxThreads="150"
minSpareThreads="10"
connectionTimeout="20000"
enableLookups="false"
acceptCount="10"
URIEncoding="UTF-8"
/>

<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="/wiki" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
......

===Nginx==========================================
/etc/nginx/sites-enabled/Atlassian_ReverseSecProxy

server {
listen 80 default_server;
server_tokens off;
server_name _;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_tokens off;
server_name dms dms.server.com;
ssl_certificate /etc/ssl/certs/server.com.pem;
ssl_certificate_key /etc/ssl/private/server.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/dms;
index index.html;
# Resource respond method
location / {
try_files $uri $uri/ =404;
}
# Deny security file access
location ~ /\.ht {
deny all;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://dms.server.com:8080/jira;
client_max_body_size 300M;
}
location /wiki {
client_max_body_size 300M;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://dms.server.com:8090/wiki;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}



Server #2: code.server.com configuration

===Bitbucket======================================

/var/atlassian/application-data/bitbucket/shared/bitbucket.properties

#>*******************************************************
#> Migrated to database at jdbc:postgresql://localhost:5432/bitbucket
#> Updated on 2018-04-03T16:58:44.261+08:00
#>*******************************************************
jdbc.driver=org.postgresql.Driver
jdbc.url=jdbc:postgresql://localhost:5432/bitbucket
jdbc.user=jiradbo
jdbc.password=password
server.port=7990

server.secure=true
server.scheme=https
server.proxy-port=443
server.proxy-name=code.server.com
server.context-path=/bitbucket

server.additional-connector.1.port=7995

===Nginx==========================================
/etc/nginx/sites-enabled/Atlassian_ReverseSecProxy

server {
listen 80 default_server;
server_tokens off;
server_name _;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_tokens off;
server_name dms dms.server.com;
ssl_certificate /etc/ssl/certs/server.com.pem;
ssl_certificate_key /etc/ssl/private/server.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/dms;
index index.html;
# Resource respond method
location / {
try_files $uri $uri/ =404;
}
# Deny security file access
location ~ /\.ht {
deny all;
}
location /bitbucket {
proxy_pass http://code.server.com:7990/bitbucket;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}

}

 

2 answers

0 vote
Gonchik Tsymzhitov Community Champion Apr 09, 2018

Hi! 

 

Could you set for this parameter:

proxy_pass http://127.0.0.1:7990/bitbucket;

instead of

proxy_pass http://code.server.com:7990/bitbucket;

 

And the just enter in application link configuration the base url from jira in bitbucket interface.

 

Cheers,

Gonchik Tsymzhitov

Thanks for ur help!

I just tried, but still got the same wrong:

 

  • Change the Nginx cfg:

Nginx cfg.JPG

 

  • Restart service of Nginx;
  • Verify Jira base URL

jira-baseURL.JPG

Creat Applink in Bitbucket.JPG

 

Creat Applink in Bitbucket 2.JPGCreat Applink in Bitbucket 3.JPGCreat Applink in Bitbucket 4.JPG

  • Finnal result

Bitbucket have one “Config Error” link, and Jira still empty...

result-01.JPGresult-02.JPG

 

Gonchik Tsymzhitov Community Champion Apr 10, 2018

Okay, 

 

Could you check from both servers firewalls? 

I mean some telnet tms.totalcare.com 8082 and 443 port? 

Also it will be nice if you check access_log and error_log in nginx. 

 

Cheers,

Gonchik

The problem have been resolved. the reason is Wrong SSL ceritificate.

  • Check log file

I checked the log file of bitbucket(/var/atlassian/application-data/bitbucket/log/atlassian-bitbucket.log)find out like bellow, and the similar errors appear in the Jira log file。

2018-04-11 13:18:45,923 ERROR [http-nio-7990-exec-6] code-admin @1DEJJUCx798x47x0 rjcdxn 10.0.2.177,127.0.0.1 "GET /rest/applinks/3.0/applicationlinkForm/manifest.json HTTP/1.0" c.a.a.c.r.u.CreateApplicationLinkUIResource ManifestNotFoundException thrown while retrieving manifest
com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader.doDownload(AppLinksManifestDownloader.java:198)

......

  • Check the certificate which Nginx use

I found out that the cert configure in nginx, file "server.com.pem", ONLY have the server's self certificate, not include Root CA and Intermediate CA Certificates. So I just put the rootCA&IntermediateCA's certs in the file of "server.com.pem".

  • Restart Nginx

While Restart the Nginx, All Atlassian Apps can create Application Link use the NICE url like https://dms.server.com/jira, https://code.server.com/bitbucket, etc.

And Thanks for ur responds! @Gonchik Tsymzhitov

 

Best Regards

Xiao Li

Bye the way, the file of "server.com.pem" must have this format:

-----BEGIN CERTIFICATE-----
......

Server‘s Certificate
......

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
......

Intermediate CA Certificate
......

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
......

Root CA Certificate
......

-----END CERTIFICATE-----

My congratulations!

 

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jun 12, 2018 in Bitbucket

Do you use any Atlassian products for your personal projects?

After spinning my wheels trying to get organized enough to write a book for National Novel Writing Month (NaNoWriMo) I took my affinity for Atlassian products from my work life and decided to tr...

30,651 views 26 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you