We have a JIRA instance hosted on our own server which is accessible through our VPN. The server itself has a public IP but the firewall prohibits public access to port 80/443 from the Internet for security purposes.
We would really like to be able to give remote workers/freelancers access to JIRA but without having to set them up with a VPN connection (either because they are non-technical users or because the added hassle would cause them to use the system less). Secondly, I don't want to expose our JIRA interface directly to the public Internet to prevent unauthorized access.
Does anyone have any suggestions for how we could securely provide access to our instance for specific users?
I'm thinking along the lines of a system where they authenticate with a password at a special URL (or similar) which could then grant them access via a reverse proxy. In other words, some third-party login interface where they must authenticate before being able to access JIRA - anything to prevent the JIRA login from being exposed to everyone.
Thanks in advance.
As consultants working for clients, we encounter this situation occasionally. A client needs to give us access, but doesn't want to give us access to anything else on the network. Many will add point-to-point firewall rules to allow my IP address to access the application. It's a bit of a management headache, but effective. Obviously, you should use SSL if you plan to do expose your tools over the internet.
If you manage your own DNS and have split horizons (can advertise one IP internally and another IP externally for the same A record,) you could set up an SSL proxy and enable basic auth on it for the internet facing access. This would prompt users to enter a password that is managed within the proxy server before the application UI will pop up. You could get even more tricky and use client certificates on the proxy in place of basic auth (2-factor auth, essentially.) That would allow you to create a certificate for each external user, have them import the cert into their browser and use the cert to validate their access to the application UI. You can set an expiration date on the cert so that the user will automatically lose access after the date has passed and you can revoke the cert if the person should lose access sooner.
Badges are a great way to show off community activity, whether you’re a newbie or a Champion.Learn more
Heya, Hipchat friends! We’re so happy you’re checking out Stride. Whether you know it or not, you have been instrumental in making Stride come to life. Every feature, design, and functionality...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs