We have two servers, and installed several Atlassian products:
Server #1: dms.server.com, Ubuntu v16.04.4, local Posgresql v9.5.173
Server #2: code.server.com, , Ubuntu v16.04.4, local Posgresql v9.5.173
Detail configuration at the bottom。
Now, we can provide these app for users like this:
In Jira or Confluence, we can't create Application Link use the url like "https://dms.server.com/jira" or "https://dms.server.com/wiki", the system responds this:
No response was received from the URL you entered - it may not be valid. Please fix the URL below, if needed, and click Continue.
While I use the url like "http://dms.server.com:8092/wiki" in Jira to create AppLink , the system responds this:
Confirm URLs
The Application URL is different to the Display URL
Confirm that this is correct or change the Application URL below.
The Application URL should only be different to the Display URL if your application cannot access the internet directly (e.g. behind a firewall or proxy).
Application URL http://dms.server.com:8092/wiki
This is the URL used to connect to the remote application from this server.
Display URL https://dms.server.com/wiki
The display URL is used when rendering links to the application in the user's browser.
And in next step, Confluence can't auto-create reciprocal link for Jira.
Unable to create reciprocal link
It has not been possible to retrieve the required information from https://dms.totalcare.com/jira. Therefore the link cannot be created.
Click Continue to be redirected back to https://dms.totalcare.com/jira.
Click Close to remain here.
We have tried create separate AppLink both in Jira(use http://dms.server.com:8092/wiki) and Confluence(use http://dms.server.com:8082/jira), the AppLink works fine. But while we try between Jira & BitBucket, it wasn't success.
Now, can you give me a guide about how to create Applink between several Atlassian applications cross the Nginx Reverse Proxy? Thank you very much!
Best Regards
===========================
Xiao Li, System Admin
Server 1#:dms.server.com configuration
===JIRA===========================================
/opt/atlassian/jira/conf/server.xml
<Server port="8005" shutdown="SHUTDOWN">
......
<Service name="Catalina">
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="dms.server.com"
proxyPort="443"
scheme="https"
secure="true"
/>
<!-- Add Backup Service Port Connection -->
<Connector port="8082"
maxThreads="150"
minSpareThreads="10"
connectionTimeout="20000"
enableLookups="false"
acceptCount="10"
URIEncoding="UTF-8"
/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
......
===Confluence=====================================
/opt/atlassian/confluence/conf/server.xml
<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="dms.server.com"
proxyPort="443"
scheme="https"
secure="true"
/>
<Connector port="8092"
maxThreads="150"
minSpareThreads="10"
connectionTimeout="20000"
enableLookups="false"
acceptCount="10"
URIEncoding="UTF-8"
/>
<Engine name="Standalone" defaultHost="localhost" debug="0">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="/wiki" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
......
===Nginx==========================================
/etc/nginx/sites-enabled/Atlassian_ReverseSecProxy
server {
listen 80 default_server;
server_tokens off;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_tokens off;
server_name dms dms.server.com;
ssl_certificate /etc/ssl/certs/server.com.pem;
ssl_certificate_key /etc/ssl/private/server.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/dms;
index index.html;
# Resource respond method
location / {
try_files $uri $uri/ =404;
}
# Deny security file access
location ~ /\.ht {
deny all;
}
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://dms.server.com:8080/jira;
client_max_body_size 300M;
}
location /wiki {
client_max_body_size 300M;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://dms.server.com:8090/wiki;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Server #2: code.server.com configuration
===Bitbucket======================================
/var/atlassian/application-data/bitbucket/shared/bitbucket.properties
#>*******************************************************
#> Migrated to database at jdbc:postgresql://localhost:5432/bitbucket
#> Updated on 2018-04-03T16:58:44.261+08:00
#>*******************************************************
jdbc.driver=org.postgresql.Driver
jdbc.url=jdbc:postgresql://localhost:5432/bitbucket
jdbc.user=jiradbo
jdbc.password=password
server.port=7990
server.secure=true
server.scheme=https
server.proxy-port=443
server.proxy-name=code.server.com
server.context-path=/bitbucket
server.additional-connector.1.port=7995
===Nginx==========================================
/etc/nginx/sites-enabled/Atlassian_ReverseSecProxy
server {
listen 80 default_server;
server_tokens off;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_tokens off;
server_name dms dms.server.com;
ssl_certificate /etc/ssl/certs/server.com.pem;
ssl_certificate_key /etc/ssl/private/server.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/dms;
index index.html;
# Resource respond method
location / {
try_files $uri $uri/ =404;
}
# Deny security file access
location ~ /\.ht {
deny all;
}
location /bitbucket {
proxy_pass http://code.server.com:7990/bitbucket;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_redirect off;
}
}
The problem have been resolved. the reason is Wrong SSL ceritificate.
I checked the log file of bitbucket(/var/atlassian/application-data/bitbucket/log/atlassian-bitbucket.log)find out like bellow, and the similar errors appear in the Jira log file。
2018-04-11 13:18:45,923 ERROR [http-nio-7990-exec-6] code-admin @1DEJJUCx798x47x0 rjcdxn 10.0.2.177,127.0.0.1 "GET /rest/applinks/3.0/applicationlinkForm/manifest.json HTTP/1.0" c.a.a.c.r.u.CreateApplicationLinkUIResource ManifestNotFoundException thrown while retrieving manifest
com.atlassian.applinks.spi.manifest.ManifestNotFoundException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.atlassian.applinks.core.manifest.AppLinksManifestDownloader.doDownload(AppLinksManifestDownloader.java:198)
......
I found out that the cert configure in nginx, file "server.com.pem", ONLY have the server's self certificate, not include Root CA and Intermediate CA Certificates. So I just put the rootCA&IntermediateCA's certs in the file of "server.com.pem".
While Restart the Nginx, All Atlassian Apps can create Application Link use the NICE url like https://dms.server.com/jira, https://code.server.com/bitbucket, etc.
And Thanks for ur responds! @Gonchik Tsymzhitov
Best Regards
Xiao Li
Bye the way, the file of "server.com.pem" must have this format:
-----BEGIN CERTIFICATE-----
......
Server‘s Certificate
......
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
......
Intermediate CA Certificate
......
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
......
Root CA Certificate
......
-----END CERTIFICATE-----
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
My congratulations!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi!
Could you set for this parameter:
proxy_pass http://127.0.0.1:7990/bitbucket;
instead of
proxy_pass http://code.server.com:7990/bitbucket;
And the just enter in application link configuration the base url from jira in bitbucket interface.
Cheers,
Gonchik Tsymzhitov
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for ur help!
I just tried, but still got the same wrong:
Bitbucket have one “Config Error” link, and Jira still empty...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Okay,
Could you check from both servers firewalls?
I mean some telnet tms.totalcare.com 8082 and 443 port?
Also it will be nice if you check access_log and error_log in nginx.
Cheers,
Gonchik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.