Application without port only with URL and SSL Edited

Hello,

I have some questions and problems.
1) How can I configure my help desk system without port eg. Call 8080 or 7070 I have tried it but it does not work.
2) A technician has been trying for 7 days to connect the system help desk with an SSL certificate which can be called up with https.
It is not but I have received the feedback that it was not possible and that you would have to do it because it is much too complex and you would have to reprogram the whole system.
Could they do that for mcioh or say how it works and what I have to reprogram everything?
Jirra is a bit flawed when it comes to SSl and I need your help.
Thank you!

LG

6 answers

0 vote

For the port, you either have to run it behind a proxy, or run the Tomcat on port 443 (that's for https, you'd want 80 if it's going to be http).  I recommend a proxy and SSL in most cases.

"It does not work" doesn't tell us what you have tried.

Jira is not at all hard to run over SSL, but you need to get the proxy or Tomcat working on a different port first.

I have also tried to let Jira run on port 443 and then point to the jira directory but that does not work.

I've tried all the tutorials on the internet using jirra with keystore.
There was no correct manual that was simple and working I've programmed half the system but it just does not work.

"does not work" tells us nothing.

The fact is it does work (there's a fully SSL enabled Jira running in a tab right next to this one), but you've got something wrong.

The instructions are, I'd agree, not incredibly simple, but SSL itself is not simple.

The question becomes what are you doing differently to the standard docs, not "it doesn't work".  Because the docs do describe how to make it work.

I tried it 50x and did everything according to the instructions but it does not work that also says my friend the hat tried it too.
Also had a good guide.

You don't tell us what you tried, or what guide you have used, or what you have done differently to the guides.

We can't help you with this without you telling us what you're doing differently. I could easily write a full guide, but there's no point, because it would be mostly a copy of the documentation.

Which one of those methods do you want to use?  Proxy or Tomcat?

Which ever you choose, what did you do differently to the documentation?

I have a Ubuntu 17.10 Linux system and I want to do it with Apache2 so I think I should use proxy right?
Unfortunately I do not know exactly which instructions are correct.

Ok, so you should follow the instructions in the second guide.

Broadly, the steps are:

  • Get Jira working on the default port
  • Install apache and make sure you get the default page from it when you visit the server
  • Create a new proxy setup in Apache, pointing back to Jira
  • Reconfigure Jira's Tomcat so that it knows its behind a proxy
  • Check this all works for plain http, then add in the SSL parts (there's basically a handful of lines to add to the configs once you have them running without ssl)

I have tried the second manual manual link everything often but without success, the instructions are incomprehensible and not executable as it refuses to other instructions.

It's the doc I use to create SSL Atlassian applications.  What are you doing differently to what it says?

I have the SSL certificate created by letsencrypt.org and then I have all the .pem data and I want to embed it in Jiira and then call the portal without a port or https.
I follow only the instructions but I can not do it.

Setting up Apache in front of jira should take 10 minutes, including a restart of jira. 

 

What are you seeing? 

Do you have any error messages? 

-Lars 

As Lars says, you need to tell us what "can not do" means.

What have you configured?  What errors do you get?

A good start on an explanation would be to describe how far down the list I gave earlier you get.  Does Jira run ok on an 8080 port?  Does Apache gives you a "Hi, I'm a clean apache" message when you visit the server in a browser?  Then it fails when you try to make it proxy through?  Or not until you try to add SSL?  Please tell us where you have got to!

After completing the instructions, Jira is no longer available.
The manual does not say anything about how to properly integrate an SSL certificate so that it works.
I did not receive any error message.

I did everything again according to instructions I reach Jirra over the port 8080 and over a new proxy port aver if I try it over https the error comes ERR_CONNECTION_CLOSED.

Ok, that's something we can work with. The error usually means that the proxy is misconfigured and refusing to talk to your browser.  In some cases, it might be trying to talk to the browser, but being told by your Jira's Tomcat that it should not.

Could you confirm that Jira was ok when running on http://<a.server>:8080 though?  No ssl, just the plain server and port?  If this is true, it means we can focus on where the error really is with the proxy and its connection back to Jira.

Yes I can reach Jira perfectly without SSL under 7070 and 8080.
I added that in the server.xml ...

 

<!-- Apache Proxy Connector with values for scheme, proxyName and proxyPort -->
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8443" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
scheme="https" proxyName="system.meinedomain.com" proxyPort="443"/>

8843 is fail 8080 is ok.

8843 is a control port, don't worry about it.  The best option for proxying is generally to stick to 8080

The next step is to get the proxy to work without SSL.  Two things to do here:

1.  Change back to http temporarily for getting the basics to work.  Change "scheme" to http, and proxyPort to 80 in the server.xml

2.  What do your Apache proxy settings say?

I do not work with Microsoft ?!

Ok, that's just silly, it has nothing to do with the question.

I do not work with Microsoft products but with Linux.
My Apache2 is running.

<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =domain.tdl [OR]
RewriteCond %{SERVER_NAME} =domain.tdl [OR]
RewriteCond %{SERVER_NAME} =domain.tdl
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

There's no proxying set up in there.  You need to actually add the lines in the docs to proxy the system.

Steven Behnke Community Champion Nov 27, 2017

Proxying Jira is done by leveraging existing technology stacks Tomcat and your web server of choice. This is not difficult and should not take longer than 10 minutes for someone who isn't familiar with Jira.

If you have no idea what you're doing with Tomcat and Apache, perhaps you should involve a consulting group or your team.

There's a chunk of documentation that has not been followed.  The Apache config is only half done - it's not been configured to act as a proxy for Jira (unless we're missing a pile of further config which hasn't been mentioned here)

If it helps you out, here is our nginx config for JIRA:

server {
listen 80;
server_name issues.example.com issues;
return 301 https://issues.example.com$request_uri;

}

server {
listen 443 ssl http2 default_server;
server_name issues.example.com;


client_max_body_size 40M;
large_client_header_buffers 4 4k;

#include conf.d/ssl.inc;

ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;

ssl_certificate /etc/pki/tls/certs/wildcard-example.com/wildcard.example.com.crt;
ssl_certificate_key /etc/pki/tls/certs/wildcard-example.com/wildcard.example.com.key;
ssl_session_timeout 5m;

location / {
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-For $remote_addr;
}
}

I work with Apache2 and I want to include a SSL / Https and not reprogram the whole system.

One issue I ran into when setting up SSL was after applying the cert via config.sh, SSL would not work, regardless of using port 8443 or 443. I stumbled across this https://jira.atlassian.com/browse/JRASERVER-63734?src=confmacro. Essentially the config.sh never updated the connector in the .xml correctly. After adding org.apache.coyote.http11.Http11Nioprotocol to the xml file and restarting services I was able to hit the site via ssl. 

It was all right with me but I tried everything 1000x even my technician did not get it in 8 hours.

Use port forwarding in iptables and configure tomcat to use your ssl keystore. I have jira running this way and also using an mysql over ssl as well.

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Bridget Sauer
Published Mar 09, 2018 in Jira Service Desk

E.L. Fridge's take on education, Jira Service Desk, and creative Jira use cases

...word of mouth, so by 2016, we were working with several other entities on campus to implement Jira Service Desk . The Atlassian motto of “for every team” has really come true for us in this case. We...

1,227 views 2 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you