Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to redirect http URL to https

xela citnad
xela citnad July 27, 2021

How do I redirect HTTP requests to HTTPS? I have Jira installed on a Linux server. All I've done is edit the HTTPS portion in the server.xml file. My goal is that when users type 'http://jira.mydomain.com' in their browser, it redirects to 'https://jira.mydomain.com'. Right now, when they type 'http://jira.mydomain.com', it does bring them to Jira, but the page is unsecured & there's a mismatch warning/error at the bottom & they also can't login. As much help will greatly be appreciated.

 

==============================================================================================================
HTTPS - Proxying Jira via Apache or Nginx over HTTPS

If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->


<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="jira.mydomain.com" proxyPort="443"/>

 

Above is the only thing I edited in the server.xml file.

Answer
Watch
Like Be the first to like this
3637 views

1 answer

0 votes
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 27, 2021

@xela citnad 

 

Hi

did you also configure the connector for port 8443 (the one that you redirect to)

https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html will provide you additional insights.

 

In parallel you could also think of handling the https in front of tomcat at an apache or nginx acting as a reverse proxy https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html

Cheers

Kurt

View More Comments
xela citnad
xela citnad July 27, 2021

Kurt, I don't think I have.  Looking at my server.xml file, all the connector ports seem to be 8080.  Is it simply as changing it to 8443?

Like
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 27, 2021

@xela citnad 

Nope you will need one where you handle the http traffic (8080)

that will forward to the https one 8443 (that one will need to have a valid certificate in his truststore etc)

Cheers

Kurt

Like
xela citnad
xela citnad July 27, 2021

@Kurt Klinner so basically, this can't be done by simply changing values in the server.xml file?

Like
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 27, 2021

No, if you would like to use https you will need to get a certificate in place, this is what https / ssl is all about. The first link i shared contains all the required steps to do so.

 

Personally speaking i think setting up ssl on apaache/nginx and having http traffic between the webserver  and the tomcat instance is way easier

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 27, 2021

Yep, I usually stick atlassian stuff behind a proxy. 

Redirects in those are trivial, you can set up a single line that catches "http://myjiraserver.com/ <everything>" and punts it over to https automatically.

Like
xela citnad
xela citnad July 28, 2021

@Kurt Klinner

I followed these instructions that you sent: https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html

However, now when I try to access 'http://jira.mydomain.com', I'm met wi/:

Jira is reporting that it is using the URL scheme 'https', which does not match the scheme used to run these diagnostics, 'http'. This is known to cause Jira to construct URLs using an incorrect hostname, which will result in errors in the dashboard, among other issues.

The most common cause of this is the use of a reverse-proxy HTTP(S) server (often Apache or IIS) in front of the application server running Jira. While this configuration is supported, some additional setup might be necessary in order to ensure that Jira detects the correct scheme.

 

Did I use the wrong connector?  I uncommented the 'HTTPS' connector in the server.xml file.

Like
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 31, 2021

@xela citnad  can you share your server.xml? How is the base url for jira set

 

Cheers

Kurt

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
July 31, 2021

The base url is set inside the application, and in the web server.

The server.xml defines a "connector" which can can be read by a proxy or a load balancer, or directly by a browser.  The connector defines whether the app looks to https or http, but it does NOT have any way to do redirects, that's up to the site or proxy.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events