Proxying Atlassian server applications with Apache HTTP Server

I found a small error in the "Configure virtual hosts using mod_proxy" section of this article

If you are using multiple applications behind the same Apache server, on the same physical server, each reverse proxy configuration should exist in the same VirtualHost block.

The article seems to indicate that there should be multiple VirtualHost blocks, which I could not get to work.

 

an example...

<VirtualHost *:80>
    ServerName sub.domain.com
    
    ProxyRequests Off
    ProxyVia Block
    ProxyPreserveHost On
     
    <Proxy *>
         Require all granted
    </Proxy>
 
    ProxyPass /jira http://sub.domaincom:8080/jira
    ProxyPassReverse /jira http://sub.domain.com:8080/jira
    ProxyPass /wiki http://sub.domain.com:8090/wiki
    ProxyPassReverse /wiki "http://sub.domain.com:8090/wiki
    ProxyPass /bitbucket http://sub.domain.com:7990/bitbucket
    ProxyPassReverse /bitbucket http://sub.domain.com:7990/bitbucket
			
	RemoteIPHeader X-Forwarded-For
</VirtualHost>

1 answer

Generally, you would have multiple VirtualHosts for this type of configuration.  That allows you to do individual logging and have uniquenesses in configuration per host.

do you have a working example of this? I couldn't get it to work.

using the above config, with separate VirtualHost blocks for each ProxyPass/ProxyPassReverse pair I would get 404 on `http://sub.domain.com/wiki`. however, `http://sub.domain.com/jira` would work fine, and `http://sub.domain.com:8090/wiki` would work.

just moving all the ProxyPass/ProxyPassReverse pairs into one block worked.

Here's what I typically do.  This is an SSL configuration, but you can ignore that stuff if you don't plan to use SSL.

# Generic 80 -> 443 redirect

<VirtualHost *:80>
	TimeOut 300
        RewriteEngine on
        ReWriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>


# Jira proxy

<VirtualHost *:443>
DocumentRoot "/var/www/jira"
ServerName jira.domain.com

<Proxy *>
        Order deny,allow
        Allow from all
</Proxy>

SSLProxyEngine          On
ProxyRequests           Off
ProxyPreserveHost       On
ProxyTimeout		300
RequestHeader unset Authorization

ProxyPass               /       http://127.0.0.1:8080/ retry=0 connectiontimeout=300 timeout=300
ProxyPassReverse        /       http://127.0.0.1:8080/

LogLevel info
CustomLog /var/log/httpd/access_jira.domain.com.log combined
ErrorLog /var/log/httpd/error_jira.domain.com.log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLStrictSNIVHostCheck off

SSLCertificateFile      /etc/httpd/conf/ssl/host.pem
SSLCertificateKeyFile   /etc/httpd/conf/ssl/host.key
SSLCertificateChainFile  /etc/httpd/conf/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

# Confluence proxy
<VirtualHost *:443>
DocumentRoot "/var/www/confluence"
ServerName confluence.domain.com

<Proxy *>
        Order deny,allow
        Allow from all
</Proxy>

SSLProxyEngine          On
ProxyRequests           On
ProxyPreserveHost       On
ProxyTimeout		600

ProxyPass               /       http://127.0.0.1:8090/ retry=0 connectiontimeout=60 timeout=300
ProxyPassReverse        /       http://127.0.0.1:8090/

LogLevel info
CustomLog /var/log/httpd/access_confluence.domain.com.log combined
ErrorLog /var/log/httpd/error_confluence.domain.com.log
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile      /etc/httpd/conf/ssl/host.pem
SSLCertificateKeyFile   /etc/httpd/conf/ssl/host.key
SSLCertificateChainFile  /etc/httpd/conf/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

# Stash proxy

<VirtualHost *:443>
DocumentRoot "/var/www/stash"
ServerName stash.domain.com

<Proxy *>
        Order deny,allow
        Allow from all
</Proxy>

SSLProxyEngine          On
ProxyRequests           On
ProxyPreserveHost       On
ProxyTimeout            300

ProxyPass               /       http://192.168.62.40:7990/ retry=0 connectiontimeout=300 timeout=300
ProxyPassReverse        /       http://192.168.62.40:7990/

LogLevel info
CustomLog /var/log/httpd/access_stash.domain.com.log combined
ErrorLog /var/log/httpd/error_stash.domain.com.log

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

SSLCertificateFile      /etc/httpd/conf/ssl/host.pem
SSLCertificateKeyFile   /etc/httpd/conf/ssl/host.key
SSLCertificateChainFile  /etc/httpd/conf/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

I hope that helps.

Suggest an answer

Log in or Join to answer
Community showcase
Teodora [Botron]
Published Thursday in Marketplace Apps

Jira Inferno: The Nine Circles of Jira Administration Hell

If you spend enough time as a Jira admin - whether you are managing a single, mid-sized instance, a large enterprise one or juggling multiple instances at once - you will eventually find yourself in ...

246 views 0 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot