Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root


1 badge earned


Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!


Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.


Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!


Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Problem with SSL and Reverse Proxy on Ubuntu


Hello. I've migrated my Jira Core from Windows Server to Ubuntu 16.04 LTS envoirment. In general, I have a problem with SSL configuration. The gadgets captions are broken and in Instance Health tool there is a typical error:

JIRA is not able to access itself through the configured Base URL. This is necessary so that dashboard gadgets can be generated successfully. Please verify the current Base URL and if necessary, review your network configurations to resolve the problem

According to Confluence support article Health Check: JIRA Base URL and checking the logs, here is a problem:

PKIX path building failed: unable to find valid certification path to requested target

But something is wrong. In my server.xml file there is a valid keystoreFile property with password and keyAlias. The SSLPoke test confirms that the jks keystore is ok (using and options).

/opt/atlassian/jira/jre/bin/java SSLPoke 443

Successfully connected

So what can be wrong? Maybe jkm file permissions? I am using Ubuntu 16.04 LTS with Nginx and Reverse Proxy.

Here is a Nginx virtualhost config:

server {

    listen 443 ssl;
    listen [::]:443 ssl;


    ssl_certificate /home/mati/certs/key.crt;
    ssl_certificate_key /home/mati/certs/key.rsa;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers   on;

    location / {

        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_pass https://localhost:8443/;
        client_max_body_size 10M;

And here, connector in server.xml:

<Connector proxyName="" proxyPort="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" SSLEnabled="true" sslEnabledProtocols="TLSv1.2,TLSv1.3" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" keyAlias="" keystoreFile="/home/mati/certs/klucz.jks" keystorePass="somepassword" keystoreType="JKS" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="false"/>


1 answer

0 votes
Daniel Eads Atlassian Team Aug 23, 2019

Hey there, thanks for including all this helpful information!

Our spam filter tagged your message because of the code blocks unfortunately, and it wound up in quarantine for a bit. Were you able to solve the issue already?

If not, I notice from your configuration that you're serving HTTPS at Confluence directly (via the Tomcat application server) in addition to serving HTTPS from nginx. If nginx and Confluence are on the same VM, you might consider serving the requests between nginx <-> Confluence over HTTP. This will cut out some of the additional complication (and likely the error you're seeing) as well as marginally speeding up requests.

In addition, it's worth checking your configured base URL in Confluence itself (instructions here if you're not sure where that's at) to ensure the base URL starts with https instead of just http. That's a common cause of the healthcheck failing!


Problem is solved. I don't kno why but even with added Java Key Store with my SSL keys in server.xml file, JIRA and Confluence apps uses a default key store cacerts. When I've added my certs to this default JKS, everything works fine.

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events