I'm running both Bitbucket Server and JIRA Server (v7.2.5#72007-sha1:61b1848) behind an nginx proxy on Windows Server 2012 R2. Neither the Bitbucket nor the JIRA Tomcat configs are running https, just http. However, the proxied connection through nginx is using TLS and exposing https to the WAN side. Only the intra-host traffic between nginx and Tomcat is unsecured.
This works very well with Bitbucket. I get a nice green lock icon in the URL bar and no complaints from Chrome. With JIRA, however, Chrome complains that "This page is trying to load scripts from unauthenticated sources", and the Chrome developer tools indicates "Mixed Content: The page at https://our.dev.server/jira/secure/Dashboard.jspa' was loaded over HTTPS, but requested an insecure image 'http://our.dev.server/jira/images/icons/priorities/medium.svg'. This content should also be served over HTTPS."
Concrete example: If I look at the page source in Bitbucket, here is how my avatar image URL is rendered:
But in JIRA, it's "<img src="http://our.dev.server/jira/secure/useravatar?size=small&ownerId=david&avatarId=10500".
And, yes, I've set the Base URL in the JIRA System settings to use https: "https://our.dev.server/jira".
I've followed these directions, https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html, using only the first Connector in 2., the Nginx Proxy Connector (since JIRA's Tomcat isn't using TLS).
Any ideas? Thanks.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot