Non-https links when running JIRA behind nginx proxy

David Eisner November 22, 2016

I'm running both Bitbucket Server and JIRA Server (v7.2.5#72007-sha1:61b1848) behind an nginx proxy on Windows Server 2012 R2. Neither the Bitbucket nor the JIRA Tomcat configs are running https, just http. However, the proxied connection through nginx is using TLS and exposing https to the WAN side. Only the intra-host traffic between nginx and Tomcat is unsecured.

This works very well with Bitbucket. I get a nice green lock icon in the URL bar and no complaints from Chrome. With JIRA, however, Chrome complains that "This page is trying to load scripts from unauthenticated sources", and the Chrome developer tools indicates "Mixed Content: The page at https://our.dev.server/jira/secure/Dashboard.jspa' was loaded over HTTPS, but requested an insecure image 'http://our.dev.server/jira/images/icons/priorities/medium.svg'. This content should also be served over HTTPS."

Concrete example: If I look at the page source in Bitbucket, here is how my avatar image URL is rendered: 

"<img src="/bitbucket/users/david/avatar.png?s=48&amp;..."

But in JIRA, it's "<img src="http://our.dev.server/jira/secure/useravatar?size=small&ownerId=david&avatarId=10500".

And, yes, I've set the Base URL in the JIRA System settings to use https: "https://our.dev.server/jira".

I've followed these directions, https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html, using only the first Connector in 2., the Nginx Proxy Connector (since JIRA's Tomcat isn't using TLS).

Any ideas? Thanks.

-David

 

 

 

1 answer

1 accepted

0 votes
Answer accepted
David Eisner November 22, 2016

Never mind, fixed it myself (after running into this error, and fix: https://answers.atlassian.com/questions/25135925). In the Connector tag in server.xml, I changed my proxyPort from 80 to 443, and added the scheme="https" attribute. Now all looks copacetic.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events