Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Application Links SSL and Reverse Proxy

Hello People,

I'm wondering if anyone can help me solve that problem because I have tried everything and sill cannot find proper resolution.

Currently I use this following configuration example With a reverse proxy I use Sophos WAF setup so all incoming connections that hits  WAN interface with query for kb.testdomain.com is redirected to internal confluence server and sd.testdomain.com redirected to Jira server
Confluence is currently configured to use SSL and port 8888  and Jira port 8889
All custom generated certificates and Root CA is already imported to default Java store as well as to keystore used by Confluence and Jira. 
This is my current server.xml config:
Confluence:

<Connector port="8888" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keyAlias="kb.testdomain.com" keyPass="something"
keystoreFile="/etc/ssl/cert.p12" keystorePass="something"
proxyName="kb.testdomain.com" proxyPort="443"

Jira

<Connector port="8889" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keyAlias="sd.testdomain.com" keyPass="something"
keystoreFile="/etc/ssl/cert.p12" keystorePass="something"
proxyName="sd.testdomain.com" proxyPort="443" />

 

At his point every user who is connected to those instances from external network is able to login edit pages add pages etc, so everything works fine.

Problem is when I want to create Application link between those to applications.
I was  able to add links but than I get this error  in Confluence:

Invalid OAuth signature
We couldn't connect to Jira, possibly because that instance is behind a misconfigured proxy.

and from Confluence
Invalid OAuth signature
We couldn't connect to Confluence, possibly because that instance is behind a misconfigured proxy.

Here is my current application links setup from following applications
From Confluence:
Application URL sd.testdomain.com:8889
Display URL sd.testdomain.com
Server Base URL sd.testdomain.com

From Jira
Application URL kb.testdomain.com:8888
Display URL kb.testdomain.com
Server Base URL kb.testdomain.com

I have also tried point to server IP but result was that same.
So far I was able to figured out that if I remove from server.xml following lines application links works perfect

proxyName="sd.testdomain.com" proxyPort="443"
proxyName="kb.testdomain.com" proxyPort="443"

 

But after removing above lines every user that is connecting to those applications in not able to add, edit pages etc. anymore.

I have no idea what else could be done here to fix that issue and I will really appreciate if someone could help me solve that.

 

Thanks 
Raf

 

 

2 answers

1 vote
Diego Atlassian Team Jan 02, 2019

Hello here!
Rafal, this error is somewhat common when setting application links with a proxy between applications.

First thing we could check is if the Base URL is correct. The Base URL should be the same as your proxyName=**** setting in server.xml:

Configuring the Server Base URL - Confluence

Configuring the Base URL - Jira

After that, also check the Application Links compatibility Matrix and make sure that both Confluence and Jira are listed as compatible:

Application Links version matrix

As a general rule, you should ensure your applications are using the same major version of AppLinks to resolve any potential incompatibilities.

You can find more information on this behaviour here, in our article:

OAuth error oauth_problem=signature_invalid

If using the proxy for Application Links does not work, we can try to create an unproxied Application Link:

How to bypass a reverse proxy or SSL in Application Links

How to create an unproxied application link

Let us know if this helps your situation Rafal!

Still not luck so far.

Any other ideas?

How to create an unproxied application link 

this one helped me

I use contextpath, not subdomain, though

- created new connector on new port (step 1.)

accessed jira and confluence, locally using new port:

 http://localhost:<new port>/<contextpath>

changed base URL to http://localhost:<new port>/<contextpath>

created app links using http://localhost:<new port>/<contextpath>

changed base URL back to https://<domain>/<contextpath>

Based URL and proxy setting are correct as follows:

proxyName="sd.testdomain.com"   and base URL is sd.testdomain.com
proxyName="kb.testdomain.com"  and base URL is  kb.testdomain.com

I run Confluence 6.13.0 and JIra 7.13.0 so there should not be  a issue.

So basically I'm able to get through first steps when creating AL between those two because they can see each other and fills up all field automatically  

This is how I configure Application Links from Concfluence to Jira
Under application links on Confluence I enter following URL
https://sd.testdomain.com:8889

After clicking on create application links followed data is automatically filled out


You are creating a link from:
Display URL: https://sd.testdomain.com
Application URL: https://sd.testdomain.com:8889
Name: PM
Application: Jira

To this application:
Display URL: https://kb.testdomain.com
Application URL: https://kb.testdomain.com
Name: KB
Application: Confluence

After clicking on continue it redirect me to Jira and this is how it should be but than I get this messages:

It has not been possible to retrieve the required information from https://kb.testdomain.com Therefore the link cannot be created.
Click Continue to be redirected back to https://kb.testdomain.com Click Close to remain here.

I think this is because Jira is trying connect back to https://kb.testdomain.com instead of https://kb.testdomain.com:8888  and this is the problem here.

Later when I'm redirected back to AL on Confluence server I see this message:
Application Link 'SD' was created successfully locally but the reciprocal link was not created. Please review the configuration using the Edit option.

If I edit option on confluence and jire and select that same auth I see green arrows but at the top I see following message

Invalid OAuth signature

We couldn't connect to SD possibly because that instance is behind a misconfigured proxy.

But proxy settings are configured correctly

So to me it looks like jira is trying connect back to https://kb.testdomain.com instead https://kb.testdomain.com:8888 and this where problem exists in my opinion.

Keep in mind the following server xml configuration

Confluence:

<Connector port="8888" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keyAlias="kb.testdomain.com" keyPass="something"
keystoreFile="/etc/ssl/cert.p12" keystorePass="something"
proxyName="kb.testdomain.com" proxyPort="443"

Jira

<Connector port="8889" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
URIEncoding="UTF-8" keyAlias="sd.testdomain.com" keyPass="something"
keystoreFile="/etc/ssl/cert.p12" keystorePass="something"
proxyName="sd.testdomain.com" proxyPort="443" />

 

When I remove proxyName, proxyPort  and change base URL to kb.testdomain.com:8888 and sd.testdomain.com:8889 application links works perfect .

But than all incoming connection from WAF because there is not proxy configuration on server.xml  users are not able to add, edit, remote pages etc. 
If I reverse and add proxyName, proxyPort than WAF connection works perfectly but Application Link is broken again and I have not clue how to fix that :-(

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

Announcing Team Calendars in Confluence Data Center

Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond.  A long time favorite,  Team Cale...

198 views 0 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you