Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

The Atlassian Marketplace server is not reachable

Aleksandar Pesic
Aleksandar Pesic May 11, 2016

I simply cannot make UPM working behind an outbound proxy. My setup is: JIRA 7.1.4 on-premise on Ubuntu 14.04. (Confluence, Bitbucket, FishEye-Crucible, Crowd sharing the same Ubuntu machine.) When the machine has direct internet access - everything works like charm, but when secured behind outbound HTTP proxy UPM cannot connect.

First I must say that in reality on-premise implementations will mostly be secured with outbound proxy, so I'm very disappointed with a way this scenario is covered in documentation. The documentation is limited, ambiguous, and even inaccurate. Also Atlassian should make their products to pickup system-wide proxy settings, for example to check environment variables http_proxy and no_proxy on Linux. There's no too much sense in forcing per-application settings. But besides that, bare minimum should be to provide appropriate, correct instructions. Here I will enumerate everything I've tried, and the results I've got.

By-the-Book Approach

I've followed these instructions, and edited setenv.sh file as follows:

JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts=localhost\|mydomain.com\|*.mydomain.com\|*.mydomain.local"

Result I've got is that I can't even login to the site (we are using Crowd SSO); any password is incorrect, and more surprisingly no traffic ever reaches the proxy (according to proxy log files).

Without Escaping Pipes

Since the original documentation says "The pipe character (|) may need to be escaped in Linux...", I've tried without backslash escaping. The result is that JIRA refuses to start. I'm getting 503 service unavailable response. Needless to say - no traffic reaches the proxy. (Btw. documentation with "may"s is ambiguous!)

Double Quotes within Single Quotes

JIRA KB suggests using pipe escaping within double quotes, i.e.:

-Dhttp.nonProxyHosts="*.atlassian\|localhost"

But we cannot put double-quoted property value into another double quotes used by JVM_SUPPORT_RECOMMENDED_ARGS. For this reason I've tried with double quotes within single quotes approach as follows:

JVM_SUPPORT_RECOMMENDED_ARGS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost\|mydomain.com\|*.mydomain.com\|*.mydomain.local"'

With this settings JIRA starts, I can login, and for the first time any traffic actually reaches the proxy (sadly the wrong traffic). So proxy shows blocked traffic directed to mydomain.com:443, and consequently, of course, application links in JIRA don't work anymore (showing status "ACCESS DENIED" because they are blocked by the proxy).

But the biggest surprise is that UMP still cannot access Atlassian marketplace. Actually no traffic directed to atlassian.com ever reaches the proxy, meaning that UMP still tries to use direct access, ignoring proxy settings. I've even tried with rebooting host machine (again), but no luck.

Double Quotes within Single Quotes without Escaping

Since the previous setting at least reached the proxy, I've concluded that the problem is in nonProxyHosts property (mydomain.com shouldn't reach the proxy in the first place). So I've tried with the same settings but without escapes:

JVM_SUPPORT_RECOMMENDED_ARGS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|mydomain.com|*.mydomain.com|*.mydomain.local"'

And guess what? It works (except for UMP...) This time no mydomain.com traffic reaches the proxy and application links are working... But UMP still cannot connect, and still ignores proxy settings and tries to go out directly!

Notice that the only partly-working proxy settings is not mentioned in the original documentation at all!

Btw. you can also note that I've put more effort in this question then Atlassian in the original documentation...

So how on Earth to make UMP use application's proxy settings??? According to another doc page ("By default, UPM uses the proxy settings of the host application to connect to the Marketplace...") it should do so, but obviously it is not the case. Common guys...

Thanks!

Answer
Watch
Like Be the first to like this
3022 views

2 answers

1 accepted

1 vote
Answer accepted
Aleksandar Pesic
Aleksandar Pesic May 11, 2016

Hah, it hasn't took me too long to find the solution! Never documented, but besides using http.proxyHost and http.proxyPort you also have to set http.pac.proxyHost and http.pac.proxyPort. So the final configuration needed is as in the following example:

JVM_SUPPORT_RECOMMENDED_ARGS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|mydomain.com|*.mydomain.com|*.mydomain.local" -Dhttp.pac.proxyHost=internal-proxy.mydomain.com -Dhttp.pac.proxyPort=8080'

Don't ask me what pac is - I've ran into it here. But one thing is for sure - it works. It actually makes UMP using the proxy.

The same settings works for Confluence also (tested), but adding the settings is different there. You need to change CATALINA_OPTS variable in setenv.sh file.

Again, the correct settings very different than one offered by documentation (single-double quotes, no escapes, pac magic...) Change the docs guyz wink

View More Comments
Srinidhi
Srinidhi May 28, 2018

Hi Aleksandar,  Thanks. your post helped to resolve the issue with JIRA, but the same thing is not working for confluence.  Can you pls post the exact line you have set for CATALINA_OPTS?

Like
Reply
0 votes
Aleksandar Pesic
Aleksandar Pesic May 11, 2016

Just for convenience I'll confirm that it also works with FishEye and Bitbucket. In case of FishEye new environment variable FISHEYE_OPTS should be introduced. In Ubuntu it is done by adding the following line to /etc/environment file:

FISHEYE_OPTS='-Dhttp.proxyHost=internal-proxy.mydomain.com -Dhttp.proxyPort=8080 -Dhttp.nonProxyHosts="localhost|mydomain.com|*.mydomain.com|*.mydomain.local" -Dhttp.pac.proxyHost=internal-proxy.mydomain.com -Dhttp.pac.proxyPort=8080'

In Bitbucket it is done in the same way as with JIRA.

I hope it helps.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events