Customer Portal URL

Hello Nic,

Thank you for the answer. Currently we are using the following nginx reverse proxy configuration (accordgin to the Atlassian support page):

location /servicedesk/ {

                proxy_pass http://demora:8080/servicedesk/ ;

                proxy_set_header X-Forwarded-Host $host;

                proxy_set_header X-Forwarded-Server $host;

                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

                client_max_body_size 10M;

                include  conf.d/servicedesk.allow;   ### restrict access

                deny all;

                                }

Are we wrong somewhere?

Thank you again for your help!

Tamas

Hmm.  That mostly looks right, but we need to check the rest of the config.

Have you set your Jira's connector location to /servicedesk, and the base url to support.palmsecsolutions.com/servicedesk ?

In the meantime I tried to set the Jira connector (according to 

https://confluence.atlassian.com/adminjiraserver/configuring-the-base-url-938847830.html). I modified the BaseURL in the System settings, and I also modified the \conf\server.xml file. However, it wasn't clear for me if I need to modify the \Confluence\conf\server.xml OR \JIRA\conf\server.xml file. I tried first with the \JIRA file. I stopped the "Atlassian JIRA" service, and modifeied the server.xml file as follows:

<Context docBase="../servicedesk" path="/servicedesk" reloadable="false" useHttpOnly="true">

However, the JIRA service cannot be started, it failed with an error. With the original server.xml file it started properly - so I copied back the original one.

Then I tried the \Confluence\conf\server.xml file. The Service "Atlassian Confluence.0 Confluence080318143036" has been stopped, the xml file has been modified. The Service can be restarted without any problem; however neither the Customer Portal nor the Confluence can be started (The Confluence is in our private server, so it was not a big suprise). So I copied back the original server.xml file.

And I must wrote back the BaseURL to the original one (our private server address).

So now I don't know what to do. I am sure, that the problem is somewhere here, but I cannot solve it.

In a separate comment I am going to send the whole config file, maybe it will be useful for you.

Btw, which BaseURL should I use: http://support.palmsecsolutions.com OR http://support.palmsecsolutions.com/servicedesk

Thank you again for any help!

###################
### Plain vhost ###
###################
server {
 ##############
 ### BASICS ###
 ##############

listen 80;
 server_name support.palmsecsolutions.com ;

###############
 ### LOGGING ###
 ###############

access_log /var/log/nginx/plain-jira.access.log;
 error_log /var/log/nginx/plain-jira.error.log;

##############################
 ### Redirect http => https ###
 ##############################
 return 301 https://$server_name$request_uri;
}
#################
### SSL VHOST ###
#################
server {
 ##############
 ### BASICS ###
 ##############

listen 443;
 root /var/www-nginx ;
 index index.html;
 server_name support.palmsecsolutions.com ;

###################
 ### SSL OPTIONS ###
 ###################

ssl on;
 ssl_certificate /etc/letsencrypt/live/support.palmsecsolutions.com/cert.pem;
 ssl_certificate_key /etc/letsencrypt/live/support.palmsecsolutions.com/privkey.pem;

###############
 ### LOGGING ###
 ###############

access_log /var/log/nginx/ssl-jira.access.log;
 error_log /var/log/nginx/ssl-jira.error.log;

##################################
 ### Service desk reverse proxy ###
 ##################################

location /servicedesk/ {
 proxy_pass http://demora:8080/servicedesk/ ;
 proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 client_max_body_size 10M;
 include conf.d/servicedesk.allow; ### restrict access
 deny all;
 }
# location /s/ {
# proxy_pass http://demora:8080/servicedesk/ ;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# client_max_body_size 10M;
# include conf.d/servicedesk.allow;
# deny all;
# }
#
 #################################
 ### JIRA Dashboard protection ###
 #################################

location /secure/ {
 proxy_pass http://demora:8080/secure/;
 auth_basic "Administrator Login";
 auth_basic_user_file /etc/nginx/jira.htpasswd;
 include conf.d/jira.allow; ### restrict access
 deny all;
 }
}

 

Ok, let's skip over Confluence for now.  It's the same sort of idea, but it's easier to concentrate on one at a time.

The bits I've got from your last couple of comments are:

> \JIRA\conf\server.xml file. ... I stopped the "Atlassian JIRA" service, and modifeied the server.xml

Perfect.

> <Context docBase="../servicedesk" path="/servicedesk" reloadable="false" useHttpOnly="true">

Looks right, so I'm curious about what error you got when you tried to start it?

In the nginx config:

server_name support.palmsecsolutions.com ;

proxy_pass http://demora:8080/servicedesk/ ;

Look good to me.  Assuming the proxy server is able to resolve "demora" to be the server Jira is running on inside your network, then it should work, and the base url should be set to http://support.palmsecsolutions.com/servicedesk

So I tried the same again (with the \JIRA\conf\servr.xml file). When I try to start back the JIRA service I get this error. 

I doublechecked: only the <context> line has been modified in the server.xml file.

I made some tests with the server.xml file, and learned the followings:

- if I set the original docBase value back to the original one (<Context docBase="${catalina.home}/atlassian-jira") the JIRA service can be started. So only the "path" value was modified to path="/servicedesk" .

With this settings I could reach the https:\\support.palmsecsolutions.com public website; however it was not the Customer Portal, but the Dashboard.

Here Jira throws some error messages:

The Tomcat server.xml has an incorrect configuration:
scheme should be 'https'
proxyName should be 'support.palmsecsolutions.com'
proxyPort should be '443'

So I added this info to the server.xml file. Now there is no errors, BUT:

- the Dashboard is accessable from support.palmsecsolutions.com and from http://demora:8080/servicedesk/ - both are redirected automatically to ../servicedesk/secure/Dashboard.jspa.

- the Customer Portal is NOT accessible at all.

There's a lot there, but can you confirm the core of the configuration is now working ok?  In that when you visit http://support.palmsecsolutions.com/servicedesk you are taken to Jira?  And that is the current base url?

Yes, I can confirm that. When I visit https://support.palmsecsolutions.com/servicedesk I can reach JIRA. The base URL is also https://support.palmsecsolutions.com/servicedesk.

However, I reach here the Dashboard of the Service Desk which is not good. I want to reach the Customer Portal where our customers could create tickets for us.

Also: our developers use Jira SOFTWARE which can originally be reached from our private server ("demora"). And this is important, it cannot be redirected to any public page (as it contains confidential infos).

Until the server.xml and BaseURL were modified by me, the Jira Software could not be reached in our private server. So I had to set back the original configurations in order to reach the Jira Software from demora server.

So the main question is: can ONLY the Customer Portal be redirected to a public page and the other Jira components (Service Desk Dashboard, Jira Software) stay in our private server?

Thanks again Nic for your help!!

Ok, that's good, it means the basics are all working correctly.

Service Desk lives under the Jira domain, so the paths to it have to be relative.  You can't relocate the portals to other places (yet), so you need to allow access on the portal url and above it (i.e. the rest of Jira)

You could however close off access to Jira by configuring the proxy not to serve up pages that are outside the portal (I don't know how to do this though)

Hi Nic,

Thanks for your reply! It is a bit unclear for me. If I understand you right, there is not possible to redirect only the Customer Portal. I can redirect everything, but I can close off access to the other Jira instances. Is it correct?

The BaseURL I modified is the BaseURL for every Jira instance?

(Sorry if I have basic questions. It is good, that you write that "good, it means the basics are all working correctly", but I feel myself even farther from the solution. :(

The config file I sent seems to be good, the server.xml seems to be good, so I don't know what to do now. I have no internal support, as our system admin says it is a Jira related issue, he made the proxy redirection well. So I must solve it by myself.

I can't believe that I am the first who have Service Desk server version, and who want to redirect the Customer Portal to a public place for the customers.)

The base url is the root of where a Jira instance is served up.  Everything lives beneath that, including the portals.

You can close off access to the other Jira instances (although it sounded like you only had one instance, possibly with many portals and projects), but if you want a customer to see a portal, you need to make all of that instance available.