Questions about proxy and server.xml

My JIRA instance was recently put under a proxy so that external users could access it without the need for a VPN-client. However the proxy serves pages via HTTPS, and tomcat serves them over HTTP. I can't change the port on which the proxy forwards the requests, thus I'm stuck using port 80 on tomcat.

JIRA is now reporting some errors related to this, some dashboard widgets do not work, and I can't get my head around the documentation, since it assumes that I have control over the proxy, which I do not.

Could someone hint on how I should modify my server.xml to get rid of the errors?
I've made the BASE URL-changes in JIRA, and turned off GZIP-compression. 

And Admin, this is not spam. Nor was the previous question... smile

2 answers

1 accepted

2 votes
Accepted answer

It shouldn't be an issue that tomcat is listening on port 80 since the HTTPS proxy is running on 443, the default HTTPS port.  (assumption)  Whether tomcat runs over SSL or not really has no bearing on the situation because the proxy is running on SSL and is handling the security.  Here's an example configuration on our instance:

<Connector port="8091"
        maxThreads="150"
        minSpareThreads="25"
        connectionTimeout="20000"
        enableLookups="false"
        maxHttpHeaderSize="8192"
        protocol="HTTP/1.1"
        useBodyEncodingForURI="true"
        acceptCount="100"
        disableUploadTimeout="true"
        secure="true" 
        proxyName="jiratest.mydomain.com" proxyPort="443" scheme="https" />

So in this example you should change the proxyName to whatever the https URL is for your domainm the rest can stay but you should take into account your instance size and more when working our the MaxThreads, minSpareThreads, connectionTimeout and more.  

Now there's a couple ways to get the redirect for your site to function as expected:

  • Have the administrator of your proxy put in a simple rewrite to rewrite all requests for http to https.  This is by far the easiest way to manage this and the administrators should have no problem doing this.  
  • You can setup a connector on port 80 that has a redirect port for 443; however, then you'll need to have access to the proxy to change the port that it connects on.  

At this point, it seems like you're going to need some interaction with the proxy administrators unless anyone else has a clever idea.  

 

Just adding proxyName="jiratest.mydomain.com" proxyPort="443" scheme="https" to the connector config, removed the error messages.

Now the only thing remaining is a few dashboard widgets that don't work. The Activity Stream is one of them.

Checking the URL:s for those widgets, I find that they still contain old URL-references.

Will this be resolved if I get the proxy guy to implement the changes you suggested?

Which type of Proxy is this? It sounds like it may be incorrectly configured, or you may need to flush your JIRA caches out. The first sounds like the most likely culprit. Do you have an screenshot of the errors that your can share? It may be worth sticking a support ticket in to Atlassian. This is what I found: https://confluence.atlassian.com/display/JIRAKB/JIRA+Displays+an+Error+Banner+about+the+Base+URL

That banner is gone since I modified the server.xml according to your suggestions. The only thing remining seems to be some references to the old URL. Thanks for your help. I've created a support ticket.

I'll add an answer to the second part of the issue:
Following the instructions here: https://donalconlon.wordpress.com/tag/forefront-tmg/ makes the Activity Stream work again. 

Suggest an answer

Log in or Sign up to answer
Community showcase
Asked Dec 06, 2018 in Jira Ops

I'm John Allspaw, Ask Me Anything about incident analysis and postmortems

I'm John Allspaw, co-founder of   Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...

5,523 views 21 17
View question

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you