I simply cannot make UPM working behind an outbound proxy. My setup is: JIRA 7.1.4 on-premise on Ubuntu 14.04. (Confluence, Bitbucket, FishEye-Crucible, Crowd sharing the same Ubuntu machine.) When the machine has direct internet access - everything works like charm, but when secured behind outbound HTTP proxy UPM cannot connect.
First I must say that in reality on-premise implementations will mostly be secured with outbound proxy, so I'm very disappointed with a way this scenario is covered in documentation. The documentation is limited, ambiguous, and even inaccurate. Also Atlassian should make their products to pickup system-wide proxy settings, for example to check environment variables
no_proxy on Linux. There's no too much sense in forcing per-application settings. But besides that, bare minimum should be to provide appropriate, correct instructions. Here I will enumerate everything I've tried, and the results I've got.
I've followed these instructions, and edited
setenv.sh file as follows:
JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=localhost\|mydomain.com\|*.mydomain.com\|*.mydomain.local"
Result I've got is that I can't even login to the site (we are using Crowd SSO); any password is incorrect, and more surprisingly no traffic ever reaches the proxy (according to proxy log files).
Since the original documentation says "The pipe character (|) may need to be escaped in Linux...", I've tried without backslash escaping. The result is that JIRA refuses to start. I'm getting 503 service unavailable response. Needless to say - no traffic reaches the proxy. (Btw. documentation with "may"s is ambiguous!)
JIRA KB suggests using pipe escaping within double quotes, i.e.:
But we cannot put double-quoted property value into another double quotes used by
JVM_SUPPORT_RECOMMENDED_ARGS. For this reason I've tried with double quotes within single quotes approach as follows:
JVM_SUPPORT_RECOMMENDED_ARGS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost\|mydomain.com\|*.mydomain.com\|*.mydomain.local"'
With this settings JIRA starts, I can login, and for the first time any traffic actually reaches the proxy (sadly the wrong traffic). So proxy shows blocked traffic directed to mydomain.com:443, and consequently, of course, application links in JIRA don't work anymore (showing status "ACCESS DENIED" because they are blocked by the proxy).
But the biggest surprise is that UMP still cannot access Atlassian marketplace. Actually no traffic directed to atlassian.com ever reaches the proxy, meaning that UMP still tries to use direct access, ignoring proxy settings. I've even tried with rebooting host machine (again), but no luck.
Since the previous setting at least reached the proxy, I've concluded that the problem is in nonProxyHosts property (mydomain.com shouldn't reach the proxy in the first place). So I've tried with the same settings but without escapes:
JVM_SUPPORT_RECOMMENDED_ARGS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|mydomain.com|*.mydomain.com|*.mydomain.local"'
And guess what? It works (except for UMP...) This time no mydomain.com traffic reaches the proxy and application links are working... But UMP still cannot connect, and still ignores proxy settings and tries to go out directly!
Notice that the only partly-working proxy settings is not mentioned in the original documentation at all!
Btw. you can also note that I've put more effort in this question then Atlassian in the original documentation...
So how on Earth to make UMP use application's proxy settings??? According to another doc page ("By default, UPM uses the proxy settings of the host application to connect to the Marketplace...") it should do so, but obviously it is not the case. Common guys...
Hah, it hasn't took me too long to find the solution! Never documented, but besides using
http.proxyPort you also have to set
http.pac.proxyPort. So the final configuration needed is as in the following example:
JVM_SUPPORT_RECOMMENDED_ARGS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|mydomain.com|*.mydomain.com|*.mydomain.local" -Dhttp.pac.proxyHost=internal-proxy.mydomain.com -Dhttp.pac.proxyPort=8080'
Don't ask me what pac is - I've ran into it here. But one thing is for sure - it works. It actually makes UMP using the proxy.
The same settings works for Confluence also (tested), but adding the settings is different there. You need to change CATALINA_OPTS variable in
Again, the correct settings very different than one offered by documentation (single-double quotes, no escapes, pac magic...) Change the docs guyz
Just for convenience I'll confirm that it also works with FishEye and Bitbucket. In case of FishEye new environment variable FISHEYE_OPTS should be introduced. In Ubuntu it is done by adding the following line to
FISHEYE_OPTS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|mydomain.com|*.mydomain.com|*.mydomain.local" -Dhttp.pac.proxyHost=internal-proxy.mydomain.com -Dhttp.pac.proxyPort=8080'
In Bitbucket it is done in the same way as with JIRA.
I hope it helps.
This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.Read more
As a Jira power user, I was at first doubtful that Trello could benefit my workflow. Jira already uses boards (ones you can customize!), so why would I even need to use Trello?! In this post you will...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs