Using a reverse proxy with Jira: mismatched URL Port

I have Setup JIRA and CONFLUENCE on CentOS. 

 

Confluence is working like a charm, but JIRA has some issues with the Reverse Proxy. 

My Setup is:

Apache with SSL --> JIRA

 

Apache Config:

<Virtualhost *:80>
  ServerName subdomain.domain.xyz
        ProxyRequests Off
        ProxyPreserveHost On
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Virtualhost>
<Virtualhost 1.2.3.4:443>
  ServerName subdomain.domain.xyz

  ProxyRequests Off
  ProxyPreserveHost On
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass        /  http://localhost:8080/ connectiontimeout=5 timeout=300
  ProxyPassReverse /  http://localhost:8080/
  SSLEngine On
  SSLProxyEngine On
  SSLCertificateFile /etc/ssl/certs/XXX.crt
  SSLCertificateKeyFile /etc/ssl/certs/XXX.key
  SSLCertificateChainFile /etc/ssl/certs/XXX.crt
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLProtocol All -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  Header always set X-Frame-Options DENY
  Header always set X-Content-Type-Options nosniff
  <Location />
        Order allow,deny
        Allow from all
  </Location>
</Virtualhost>

 

Server.XML

<Connector port="8080"
                   proxyname="subdomain.domain.xyz"
                   proxyport="443"
                   secure="true"
                   scheme="https"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"/>
  <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>

 

I have already found this:

https://answers.atlassian.com/questions/11992128

 

But its not working. You guys have any ideas? 

 

I'm always getting:

 

Mismatched URL Port

JIRA is reporting that it is running on the port '80', which does not match the hostname used to run these diagnostics, '443'. 

 

and

 

com.atlassian.gadgets.dashboard.internal.diagnostics.UrlPortMismatchException: Detected URL port, '80', does not match expected port, '443'

1 answer

1 accepted

Wow, UDG smile I want a tshirt smile In return i give you this:

UPDATE: I thought udg.de was Ultimate DJ gear, no need for a tshirt, this is a freebee smile

I would not terminate SSL at the application server, but at the apache mod proxy and instead send it cleartext from the modproxy to JIRA with something like this (this is debian, using a different apache server so configs are a bit different but i hope it will help anyway:

/etc/apache2/sites-available/jira.conf

<VirtualHost *:80>
    ServerName jira.fully.qualified.name
    ServerAlias jira.fully.qualified.name.com jira
    <Directory />

    AllowOverride None
    Order allow,deny
    allow from all
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://jira.fully.qualified.name%{REQUEST_URI} [R,L]
    </Directory>
</VirtualHost>
<VirtualHost *:443>
    ServerName jira.fully.qualified.name
    ServerAlias jira.fully.qualified.name.com jira
    SSLProxyEngine on
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://jira.fully.qualified.name:8081/ keepalive=On
    ProxyPassReverse / http://jira.fully.qualified.name:8081/
    ErrorLog /var/log/apache2/jira_ssl_error_log
    MaxKeepAliveRequests 500
    KeepAlive On
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /home/jira/jira.crt
    SSLCertificateKeyFile /home/jira/jira.key
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
</VirtualHost>

Snippet of server.xml describing the port:

<Connector port="8081"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   proxyName="jira.fully.qualified.name"
                   proxyPort="443"
                   scheme="https"
                   keyAlias="jira"
                   keystoreFile="/opt/atlassian/application-data/jira-prod/cacerts" 
                   keystorePass="changeit"
/>

 

Make sure you import the cert inot the java keystore used by the application server.

 

Thank you very much, Jonas.

I hope this works. Greets from UDG smile

 

Suggest an answer

Log in or Join to answer
Community showcase
Emilee Spencer
Published 31m ago in Marketplace Apps

Marketplace Spotlight: DeepAffects

Hello Atlassian Community! My name is Emilee, and I’m a Product Marketing Manager for the Marketplace team. Starting with this post, I'm kicking off a monthly series of Spotlights to highlight Ma...

16 views 0 2
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot