Questions about proxy and server.xml

David Karlsson December 8, 2015

My JIRA instance was recently put under a proxy so that external users could access it without the need for a VPN-client. However the proxy serves pages via HTTPS, and tomcat serves them over HTTP. I can't change the port on which the proxy forwards the requests, thus I'm stuck using port 80 on tomcat.

JIRA is now reporting some errors related to this, some dashboard widgets do not work, and I can't get my head around the documentation, since it assumes that I have control over the proxy, which I do not.

Could someone hint on how I should modify my server.xml to get rid of the errors?
I've made the BASE URL-changes in JIRA, and turned off GZIP-compression. 

And Admin, this is not spam. Nor was the previous question... smile

2 answers

1 accepted

3 votes
Answer accepted
RobertH
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 9, 2015

It shouldn't be an issue that tomcat is listening on port 80 since the HTTPS proxy is running on 443, the default HTTPS port.  (assumption)  Whether tomcat runs over SSL or not really has no bearing on the situation because the proxy is running on SSL and is handling the security.  Here's an example configuration on our instance:

<Connector port="8091"
        maxThreads="150"
        minSpareThreads="25"
        connectionTimeout="20000"
        enableLookups="false"
        maxHttpHeaderSize="8192"
        protocol="HTTP/1.1"
        useBodyEncodingForURI="true"
        acceptCount="100"
        disableUploadTimeout="true"
        secure="true" 
        proxyName="jiratest.mydomain.com" proxyPort="443" scheme="https" />

So in this example you should change the proxyName to whatever the https URL is for your domainm the rest can stay but you should take into account your instance size and more when working our the MaxThreads, minSpareThreads, connectionTimeout and more.  

Now there's a couple ways to get the redirect for your site to function as expected:

  • Have the administrator of your proxy put in a simple rewrite to rewrite all requests for http to https.  This is by far the easiest way to manage this and the administrators should have no problem doing this.  
  • You can setup a connector on port 80 that has a redirect port for 443; however, then you'll need to have access to the proxy to change the port that it connects on.  

At this point, it seems like you're going to need some interaction with the proxy administrators unless anyone else has a clever idea.  

 

David Karlsson December 9, 2015

Just adding proxyName="jiratest.mydomain.com" proxyPort="443" scheme="https" to the connector config, removed the error messages.

Now the only thing remaining is a few dashboard widgets that don't work. The Activity Stream is one of them.

Checking the URL:s for those widgets, I find that they still contain old URL-references.

Will this be resolved if I get the proxy guy to implement the changes you suggested?

RobertH
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 10, 2015

Which type of Proxy is this? It sounds like it may be incorrectly configured, or you may need to flush your JIRA caches out. The first sounds like the most likely culprit. Do you have an screenshot of the errors that your can share? It may be worth sticking a support ticket in to Atlassian. This is what I found: https://confluence.atlassian.com/display/JIRAKB/JIRA+Displays+an+Error+Banner+about+the+Base+URL

David Karlsson December 10, 2015

That banner is gone since I modified the server.xml according to your suggestions. The only thing remining seems to be some references to the old URL. Thanks for your help. I've created a support ticket.

0 votes
David Karlsson December 21, 2015

I'll add an answer to the second part of the issue:
Following the instructions here: https://donalconlon.wordpress.com/tag/forefront-tmg/ makes the Activity Stream work again. 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events