Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cannot get Jira to load in browser

it@phhp.ufl.edu
it@phhp.ufl.edu December 13, 2018

Hello, I recently setup Jira Core and Confluence on the same server.  Using SSL reverse proxy, Apache 2.4.  Shibboleth authentication with a SSO SAML plugin by Re:solution. Everything was working fine a few weeks ago, and I put the project on hold while fiscal bought the licenses.  Licenses show up today so I go to install them, but I cannot get Jira to load in a browser.  Confluence works fine though.  I've tried several browsers on different machines, and nothing.  No browser error, just blank.

atlassian-jira.log  says

2018-12-13 15:15:28,946 JIRA-Bootstrap INFO [c.a.jira.startup.JiraStartupLogger]

************************************************************************************
JIRA 7.10.1 build: 710002 started. You can now access JIRA through your web browser.
***********************************************************************

*************

Bypassing the SSO redirect by going to https://my site blah/jira/login.action?nosso should allow for local login but that page does not load either.

And this: wget https://####/jira/login.action?nosso
--2018-12-13 15:59:18-- https://####jira/login.action?nosso
Resolving
Connecting to |:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2018-12-13 15:59:18 ERROR 404: Not Found.

But yet: wget https://######/login.action?nosso
--2018-12-13 16:57:25-- https://#######/confluence/login.action?nosso
Resolving
Connecting to p|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘login.action?nosso’

 

So I'm stuck and not sure where to look cause this all work, and the only changes since then have been some RHEL updates.

thank you for the help - BW

 

Answer
Watch
Like Be the first to like this
1571 views

1 answer

0 votes
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 13, 2018

Hi!

thanks for using our plugin - by what you describe, especially also using the ?nosso URL t doesn't sound like the SSO Plugin should be the Issue here.

Here is a KB Article, how you can start Jira without our Plugin enabled: https://wiki.resolution.de/doc/saml-sso/latest/all/knowledgebase-articles/technical/application-startup-issue-disable-sso-plugin

Instead of using the parameter "--disable-addons" you can also use " -disable-all-addons" which will disable all non-system Addon's. Which is a good troubleshooting step too (https://confluence.atlassian.com/jirakb/add-on-tips-and-tricks-779168621.html)

I can also see that in your test, you are getting a 404 Page Not Found error on the https connection.

This sound like you have a reverse Proxy in front of the Jira/Confluence Server? Do you want to give us a bit more detail on your setup there?

Cheers,
   Christian

View More Comments
it@phhp.ufl.edu
it@phhp.ufl.edu December 20, 2018

Hi Christian

Starting with the plugins disabled has the same effect and yes a reverse proxy is setup.  Here's the relevant bits. 

ProxyRequests Off
ProxyPreserveHost Off
ProxyTimeout 120
ProxyPassInterpolateEnv On

ProxyPass /confluence http://127.0.0.1:8090/confluence
ProxyPassReverse /confluence http://127.0.0.1:8090/confluence

ProxyPass /jira http://127.0.0.1:8080/jira
ProxyPassReverse /jira http://127.0.0.1:8080/jira


<Location />
 Require all granted
 #AllowOverride All
</Location>

<Location />
 AuthType shibboleth
 ShibRequireSession On  #
 ShibUseHeaders On
 Require shib-attr #here is our Active Directory group used to access
</Location>

<Location "/Shibboleth.sso">
 Order deny,allow
 Allow from all
 # Ensure shibboleth responds to this path
 SetHandler shib
 </Location>


# Shib protect /jira location 
 <Location /jira/plugins/servlet/samlsso>
 AuthType shibboleth
 #ShibRequireSession On
  require shibboleth
 </Location>


 # Shib protext /confluence location
 <Location /confluence/plugins/servlet/samlsso>
 AuthType shibboleth
 require shibboleth
 </Location>


____________

And here's server.xml

<Connector address="127.0.0.1" port="8080"
 maxThreads="150"
 minSpareThreads="25"
 connectionTimeout="20000"
 enableLookups="false"
 maxHttpHeaderSize="8192"
 protocol="HTTP/1.1"
 useBodyEncodingForURI="true"
 redirectPort="8443"
 acceptCount="100"
 disableUploadTimeout="true"
 scheme="https"
 proxyName="###
 proxyPort="443"
 bindOnInit="false"/> 

<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">


 thank you - Boyd

Like
Christian Reichert (resolution)
Christian Reichert (resolution)
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 21, 2018

Hi Boyd,

ok - if it still happens with Plugins disabled, then it has got nothing to do with our SSO Plugin or any of the other one's.

Not sure what you try to achieve with AuthType Shibboleth in front of our Plugin Path? It looks a bit like you are forcing a Shibboleth Authentication before our Plugin can actually do the Single Sign On for the first time. 
This should not be necessary as if there isn't an established shibboleth session before we do the redirect for the first time, then Shibboleth will just do the Authentication then & there. But this shouldn't be the reason your Jira doesn't load.

What happens when you do a  

wget -v http://127.0.0.1:8080/jira 

locally on the machine where you are running this i.e. not going via the Proxy?


Cheers,
    Christian

Like
it@phhp.ufl.edu
it@phhp.ufl.edu February 14, 2019

Hello, finally getting back around to this...

I put the same proxy config above in a non-ssl vhost, commented out all the Shibboleth locations, and Jira works just fine over HTTP.  HTTPS gives a "service unavailable screen".

wget:

Connecting to 127.0.0.1:8080... connected.
HTTP request sent, awaiting response... 302
Location: /jira/ [following]
--2019-02-14 16:19:16-- http://127.0.0.1:8080/jira/
Reusing existing connection to 127.0.0.1:8080.
HTTP request sent, awaiting response... 200
Length: unspecified [text/html]
Saving to: ‘jira’

[ <=> ] 45,672 --.-K/s in 0.02s

 

Like I said this was working fine, nothing with the Jira/Apache configs changed.  I looked back through the yum logs and noticed that the cacerts got updated.  Would that have an effect since I'm using Apache for SSL?  Not really sure where to look. 

Here's some debug log from an attempt to connect via HTTPS.

[Thu Feb 14 16:21:45.291261 2019] [socache_shmcb:debug] [pid 6689] mod_socache_shmcb.c(522): AH00835: socache_shmcb_retrieve (0x29 -> subcache 9)
[Thu Feb 14 16:21:45.291286 2019] [socache_shmcb:debug] [pid 6689] mod_socache_shmcb.c(877): AH00851: shmcb_subcache_retrieve found no match
[Thu Feb 14 16:21:45.291292 2019] [socache_shmcb:debug] [pid 6689] mod_socache_shmcb.c(532): AH00836: leaving socache_shmcb_retrieve successfully
[Thu Feb 14 16:21:45.291322 2019] [ssl:debug] [pid 6689] ssl_engine_kernel.c(1891): [client 10.15.200.30:41474] AH02043: SSL virtual host for servername ***jira*** found
[Thu Feb 14 16:21:45.301920 2019] [ssl:debug] [pid 6689] ssl_engine_kernel.c(1824): [client 10.15.200.30:41474] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Feb 14 16:21:45.301997 2019] [ssl:debug] [pid 6689] ssl_engine_kernel.c(225): [client 10.15.200.30:41474] AH02034: Initial (No.1) HTTPS request received for child 19 (server **jira***:443)
[Thu Feb 14 16:21:45.302010 2019] [mod_shib:debug] [pid 6689] mod_shib.cpp(369): [client 10.15.200.30:41474] get_request_config created per-request structure
[Thu Feb 14 16:21:45.302153 2019] [authz_core:debug] [pid 6689] mod_authz_core.c(809): [client 10.15.200.30:41474] AH01626: authorization result of Require all granted: granted
[Thu Feb 14 16:21:45.302169 2019] [authz_core:debug] [pid 6689] mod_authz_core.c(809): [client 10.15.200.30:41474] AH01626: authorization result of <RequireAny>: granted
[Thu Feb 14 16:21:45.302225 2019] [mod_shib:debug] [pid 6689] mod_shib.cpp(984): [client 10.15.200.30:41474] shib_fixups entered in pid (6689)
[Thu Feb 14 16:21:45.302288 2019] [proxy:debug] [pid 6689] mod_proxy.c(1123): [client 10.15.200.30:41474] AH01143: Running scheme http handler (attempt 0)
[Thu Feb 14 16:21:45.302305 2019] [proxy:debug] [pid 6689] proxy_util.c(2203): AH00942: HTTP: has acquired connection for (*)
[Thu Feb 14 16:21:45.302312 2019] [proxy:debug] [pid 6689] proxy_util.c(2256): [client 10.15.200.30:41474] AH00944: connecting http://localhost:8090/jira/secure/Dashboard.jspa to localhost:8090
[Thu Feb 14 16:21:45.303011 2019] [proxy:debug] [pid 6689] proxy_util.c(2426): [client 10.15.200.30:41474] AH00947: connected /jira/secure/Dashboard.jspa to localhost:8090
[Thu Feb 14 16:21:45.303138 2019] [proxy:debug] [pid 6689] proxy_util.c(2793): (111)Connection refused: AH00957: HTTP: attempt to connect to [::1]:8090 (*) failed
[Thu Feb 14 16:21:45.303211 2019] [proxy:error] [pid 6689] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8090 (*) failed
[Thu Feb 14 16:21:45.303233 2019] [proxy_http:error] [pid 6689] [client 10.15.200.30:41474] AH01114: HTTP: failed to make connection to backend: localhost
[Thu Feb 14 16:21:45.303238 2019] [proxy:debug] [pid 6689] proxy_util.c(2218): AH00943: HTTP: has released connection for (*)
[Thu Feb 14 16:21:45.303382 2019] [ssl:debug] [pid 6689] ssl_engine_io.c(993): [client 10.15.200.30:41474] AH02001: Connection closed to child 19 with standard shutdown (server **jira**:443)
[Thu Feb 14 16:21:45.354777 2019] [ssl:info] [pid 6676] [client 10.15.200.30:41476] AH01964: Connection to child 15 established (server ***jira***:443)
[Thu Feb 14 16:21:45.354933 2019] [ssl:debug] [pid 6676] ssl_engine_kernel.c(1891): [client 10.15.200.30:41476] AH02043: SSL virtual host for servername ***jira*** found
[Thu Feb 14 16:21:45.355502 2019] [ssl:debug] [pid 6676] ssl_engine_kernel.c(1824): [client 10.15.200.30:41476] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
[Thu Feb 14 16:21:45.357531 2019] [ssl:debug] [pid 6676] ssl_engine_kernel.c(225): [client 10.15.200.30:41476] AH02034: Initial (No.1) HTTPS request received for child 15 (server ***jira***:443)
[Thu Feb 14 16:21:45.357547 2019] [mod_shib:debug] [pid 6676] mod_shib.cpp(369): [client 10.15.200.30:41476] get_request_config created per-request structure
[Thu Feb 14 16:21:45.357619 2019] [authz_core:debug] [pid 6676] mod_authz_core.c(809): [client 10.15.200.30:41476] AH01626: authorization result of Require all granted: granted
[Thu Feb 14 16:21:45.357627 2019] [authz_core:debug] [pid 6676] mod_authz_core.c(809): [client 10.15.200.30:41476] AH01626: authorization result of <RequireAny>: granted
[Thu Feb 14 16:21:45.357647 2019] [mod_shib:debug] [pid 6676] mod_shib.cpp(984): [client 10.15.200.30:41476] shib_fixups entered in pid (6676)
[Thu Feb 14 16:21:45.357669 2019] [proxy:debug] [pid 6676] mod_proxy.c(1123): [client 10.15.200.30:41476] AH01143: Running scheme http handler (attempt 0)
[Thu Feb 14 16:21:45.357675 2019] [proxy:debug] [pid 6676] proxy_util.c(2203): AH00942: HTTP: has acquired connection for (*)
[Thu Feb 14 16:21:45.357680 2019] [proxy:debug] [pid 6676] proxy_util.c(2256): [client 10.15.200.30:41476] AH00944: connecting http://localhost:8090/favicon.ico to localhost:8090
[Thu Feb 14 16:21:45.357821 2019] [proxy:debug] [pid 6676] proxy_util.c(2426): [client 10.15.200.30:41476] AH00947: connected /favicon.ico to localhost:8090
[Thu Feb 14 16:21:45.357879 2019] [proxy:debug] [pid 6676] proxy_util.c(2793): (111)Connection refused: AH00957: HTTP: attempt to connect to [::1]:8090 (*) failed
[Thu Feb 14 16:21:45.357935 2019] [proxy:error] [pid 6676] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:8090 (*) failed
[Thu Feb 14 16:21:45.357944 2019] [proxy_http:error] [pid 6676] [client 10.15.200.30:41476] AH01114: HTTP: failed to make connection to backend: localhost
[Thu Feb 14 16:21:45.357948 2019] [proxy:debug] [pid 6676] proxy_util.c(2218): AH00943: HTTP: has released connection for (*)
[Thu Feb 14 16:21:45.358027 2019] [ssl:debug] [pid 6676] ssl_engine_io.c(993): [client 10.15.200.30:41476] AH02001: Connection closed to child 15 with standard shutdown (server ***jira***:443)

 

Thank you - Boyd

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events