Using a reverse proxy with Jira: mismatched URL Port

I have Setup JIRA and CONFLUENCE on CentOS. 

 

Confluence is working like a charm, but JIRA has some issues with the Reverse Proxy. 

My Setup is:

Apache with SSL --> JIRA

 

Apache Config:

<Virtualhost *:80>
  ServerName subdomain.domain.xyz
        ProxyRequests Off
        ProxyPreserveHost On
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Virtualhost>
<Virtualhost 1.2.3.4:443>
  ServerName subdomain.domain.xyz

  ProxyRequests Off
  ProxyPreserveHost On
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>

  ProxyPass        /  http://localhost:8080/ connectiontimeout=5 timeout=300
  ProxyPassReverse /  http://localhost:8080/
  SSLEngine On
  SSLProxyEngine On
  SSLCertificateFile /etc/ssl/certs/XXX.crt
  SSLCertificateKeyFile /etc/ssl/certs/XXX.key
  SSLCertificateChainFile /etc/ssl/certs/XXX.crt
  SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
  SSLProtocol All -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
  Header always set X-Frame-Options DENY
  Header always set X-Content-Type-Options nosniff
  <Location />
        Order allow,deny
        Allow from all
  </Location>
</Virtualhost>

 

Server.XML

<Connector port="8080"
                   proxyname="subdomain.domain.xyz"
                   proxyport="443"
                   secure="true"
                   scheme="https"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"/>
  <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>

 

I have already found this:

https://answers.atlassian.com/questions/11992128

 

But its not working. You guys have any ideas? 

 

I'm always getting:

 

Mismatched URL Port

JIRA is reporting that it is running on the port '80', which does not match the hostname used to run these diagnostics, '443'. 

 

and

 

com.atlassian.gadgets.dashboard.internal.diagnostics.UrlPortMismatchException: Detected URL port, '80', does not match expected port, '443'

1 answer

1 accepted

Wow, UDG smile I want a tshirt smile In return i give you this:

UPDATE: I thought udg.de was Ultimate DJ gear, no need for a tshirt, this is a freebee smile

I would not terminate SSL at the application server, but at the apache mod proxy and instead send it cleartext from the modproxy to JIRA with something like this (this is debian, using a different apache server so configs are a bit different but i hope it will help anyway:

/etc/apache2/sites-available/jira.conf

<VirtualHost *:80>
    ServerName jira.fully.qualified.name
    ServerAlias jira.fully.qualified.name.com jira
    <Directory />

    AllowOverride None
    Order allow,deny
    allow from all
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://jira.fully.qualified.name%{REQUEST_URI} [R,L]
    </Directory>
</VirtualHost>
<VirtualHost *:443>
    ServerName jira.fully.qualified.name
    ServerAlias jira.fully.qualified.name.com jira
    SSLProxyEngine on
    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://jira.fully.qualified.name:8081/ keepalive=On
    ProxyPassReverse / http://jira.fully.qualified.name:8081/
    ErrorLog /var/log/apache2/jira_ssl_error_log
    MaxKeepAliveRequests 500
    KeepAlive On
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /home/jira/jira.crt
    SSLCertificateKeyFile /home/jira/jira.key
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
</VirtualHost>

Snippet of server.xml describing the port:

<Connector port="8081"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   proxyName="jira.fully.qualified.name"
                   proxyPort="443"
                   scheme="https"
                   keyAlias="jira"
                   keystoreFile="/opt/atlassian/application-data/jira-prod/cacerts" 
                   keystorePass="changeit"
/>

 

Make sure you import the cert inot the java keystore used by the application server.

 

Thank you very much, Jonas.

I hope this works. Greets from UDG smile

 

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Bridget Sauer
Published Thursday in Marketplace Apps

Calling all developers––You're invited to Atlas Camp 2018

 Atlas Camp   is our developer event which will take place in Barcelona, Spain  from the 6th -7th of   September . This is a great opportunity to meet other developers and get n...

74 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you