Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Using Crowd on servers with a dynamic IP

Hello, I am new to Crowd, I recently installed it and began preparations for establishing SSO on JIRA. When I was adding the application it mentioned needing to have the application's IP address.

The server JIRA and Crowd run on are the same (they run on a single server with reverse proxy through Nginx using SSL.

The IP address for the server is dynamic, additionally is it proxied a second time by Cloudflare.

Is there anything in place for handling when a connected application's IP address can be dynamic and the client's IP can be dynamic each time a person connects?

1 answer

0 votes
Andy Heinzer Atlassian Team Oct 11, 2019

Hi,

I see that you are setting up Crowd and have some concerns in regards to making sure that other applications such as Jira or Confluence will always be able to reach the Crowd application in a situation where the server address could be changing.

The additions of using SSL and what appears to be more than one reverse proxy will complicate this, but I will try to explain a scenario to make this work.  Since we know that your environment has both Jira and Crowd installed to the same server, we can leverage that fact to use a static address that won't change.  127.0.0.1 This is the equivalent of the localhost address that linux/unix machines have as a means to refer to the local address.  We can use this address when we are linking Jira to Crowd as a way to make sure each application can always communicate with either other.

In order to make this work though, you might have to create an additional connector for the Tomcat web server in both Crowd and Jira that is specifically listening to a different port.   Since we know you're using a proxy and using SSL, you can still have those connectors, but setting up an additional connector in the tomcat $install/conf/server.xml file will allow each application to serve requests on both ports. 

We have an application generic guide for this in How to bypass a reverse proxy or SSL in Application Links. You can follow this guide to make some changes, specifically to the server.xml file for each application.

  • For Crowd this location is <install-path>/apache-tomcat/conf/ 
  • For Jira this is in $JIRAINSTALL/conf/

Let's say that Jira and Crowd are already setup and using the default ports of 8080 (Jira) and 8095 (Crowd).  You can follow that guide above to add an additional connector here for each product, say 8081 Jira, and 8096 for Crowd. 

Once you add that connector to each server.xml, you need to restart each application for the settings to take affect.  Then when you create the link between them, within Crowd you can just use the 127.0.0.1 for the Remote IP Address.  And within Jira, for the Server settings, you can use the Server URL value of http://127.0.0.1:8096/crowd/ when integrating these.  This way, Jira will bypass your SSL and proxy setting when communicating with Crowd, and vice versa.  This configuration allows the applications to be able to still communicate to each other regardless of what the external IP address or even the fully qualified domain name might change to be.

As for that IP address clients might have, that actually doesn't matter here.  They will all probably just be reaching your Jira site directly through the proxied address anyways.  Just keep in mind that will the applications could use that same address, they are not required to.

I hope this helps, let me know if you have any questions or concerns about this suggested configuration.

Cheers,

Andy

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

181 views 6 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you