Our group is using the following atlassian products: JIRA, Confluence, Fisheye, Bamboo, Crowd with single sign on.
To provide secure access from public networks, we would like to use nginx as a reverse proxy providing https access. So far we have managed to configure JIRA, Bamboo and Fisheye to work with nginx. Our basic configuration for the applications is the following:
server {
server_name <server_name>;
listen 80;
listen 443 ssl;
ssl_certificate <path_to_certificate> ;
ssl_certificate_key <path_to_certificate_key> ;
location ^~ /bamboo {
if ($ssl_protocol = ) {
return 301 https://$server_name$request_uri;
}
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8085;
}
…
(all application has a location section almost identical to the one above, with the exception of the local port and location prefix)
Unfortunately we ran into a problem when we reconfigured Confluence to work in this fashion. The tomcat server used by confluence produces a redirect loop. The most puzzling in this is that, it redirect to a url that is in no way set in any of Confluence's configuration files, and I couldn't find a reference to it in Confluence's database.
Confluence's Connector in <confluence_install>/conf/server.xml is the following:
<connector <="" p="">
acceptCount=100
connectionTimeout=20000
disableUploadTimeout=true
enableLookups=false
maxHttpHeaderSize=8192
maxSpareThreads=75
maxThreads=150
minSpareThreads=25
port=8090
protocol=HTTP/1.1
useBodyEncodingForURI=true
scheme=https
proxyName=<proxy_name>
proxyPort=443/>
Context configuration on the same file is the following:
<context path="/confluence" docbase="../confluence" debug="1" reloadable="false" usehttponly="true">
<manager pathname="/">
<resource name="mail/GmailSMTPServer" <="" p="">
auth=Container
type=javax.mail.Session
mail.smtp.host=<smtp_host>
mail.smtp.port=<smtp_port>
mail.smtp.auth=true
mail.smtp.user=<user>
password=<password>
mail.smtp.starttls.enable=true
mail.transport.protocol=smtp
mail.smtp.socketFactory.class=javax.net.SocketFactory
/>
<resource name="jdbc/confDS" <="" p="">
auth=Container
type=javax.sql.DataSource
username=<username>
password=<password>
maxActive=100
maxIdle=10
driverClassName=org.postgresql.Driver
url=<jdbc_url>
validationQuery=Select 1
/>
</context>
What could cause the redirect loop ?
The http connector that Tomcat uses had to be marked as secure with secure="true". Otherwise, it redirected to https, which in turn was redirected to the http port by nginx, thus causing the redirect loop.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Note that the application cannot be configured to handle SSL connection (each application will work in one port, without SSL support). The only part that will work with SSL support is the NGINX when talking to the world, not with your local network.
[Apps] ---->> HTTP ----->>[NGINX]-------->>HTTPS------->>(World).
Lucas Lima
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.