Hi,
We use the Server version of the Jira Service Desk, and now we are trying to create a public webpage for the Customer Portal. It is installed to our private server, which is not accessible for customers, so we would like to redirect it to a public page. With IIS we could not do that, so we decided to use a separate physical Linux server for this (using Tomcat).
Our system admin tried everything, but now we get the following error message when we try to reach that public webpage:
Could you please help what could be the problem? I tried to find any known issues about it, but I am not the responsible for this task in our company, I just try to help to our system administrator.
So I would be thankful even for a simple link with the solution for this problem.
Thank you in advance!
Tamas Soos
This is your Tomcat server throwing back data instead of sending the page data. It's obviously getting something from Jira, but not processing it correctly. This isn't a Jira problem really, its in whatever you are doing in the "redirect".
Ideally, you should probably do a complete redirect - the server at support.palmsecsolutions.com shouldn't serve up much more than a tiny bit of Javascript that takes the user off to the Jira portal.
Hello Nic,
Thank you for the answer. Currently we are using the following nginx reverse proxy configuration (accordgin to the Atlassian support page):
location /servicedesk/ {
proxy_pass http://demora:8080/servicedesk/ ;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
include conf.d/servicedesk.allow; ### restrict access
deny all;
}
Are we wrong somewhere?
Thank you again for your help!
Tamas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hmm. That mostly looks right, but we need to check the rest of the config.
Have you set your Jira's connector location to /servicedesk, and the base url to support.palmsecsolutions.com/servicedesk ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
In the meantime I tried to set the Jira connector (according to
https://confluence.atlassian.com/adminjiraserver/configuring-the-base-url-938847830.html). I modified the BaseURL in the System settings, and I also modified the \conf\server.xml file. However, it wasn't clear for me if I need to modify the \Confluence\conf\server.xml OR \JIRA\conf\server.xml file. I tried first with the \JIRA file. I stopped the "Atlassian JIRA" service, and modifeied the server.xml file as follows:
<Context docBase="../servicedesk" path="/servicedesk" reloadable="false" useHttpOnly="true">
However, the JIRA service cannot be started, it failed with an error. With the original server.xml file it started properly - so I copied back the original one.
Then I tried the \Confluence\conf\server.xml file. The Service "Atlassian Confluence.0 Confluence080318143036" has been stopped, the xml file has been modified. The Service can be restarted without any problem; however neither the Customer Portal nor the Confluence can be started (The Confluence is in our private server, so it was not a big suprise). So I copied back the original server.xml file.
And I must wrote back the BaseURL to the original one (our private server address).
So now I don't know what to do. I am sure, that the problem is somewhere here, but I cannot solve it.
In a separate comment I am going to send the whole config file, maybe it will be useful for you.
Btw, which BaseURL should I use: http://support.palmsecsolutions.com OR http://support.palmsecsolutions.com/servicedesk
Thank you again for any help!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
###################
### Plain vhost ###
###################
server {
##############
### BASICS ###
##############
listen 80;
server_name support.palmsecsolutions.com ;
###############
### LOGGING ###
###############
access_log /var/log/nginx/plain-jira.access.log;
error_log /var/log/nginx/plain-jira.error.log;
##############################
### Redirect http => https ###
##############################
return 301 https://$server_name$request_uri;
}
#################
### SSL VHOST ###
#################
server {
##############
### BASICS ###
##############
listen 443;
root /var/www-nginx ;
index index.html;
server_name support.palmsecsolutions.com ;
###################
### SSL OPTIONS ###
###################
ssl on;
ssl_certificate /etc/letsencrypt/live/support.palmsecsolutions.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/support.palmsecsolutions.com/privkey.pem;
###############
### LOGGING ###
###############
access_log /var/log/nginx/ssl-jira.access.log;
error_log /var/log/nginx/ssl-jira.error.log;
##################################
### Service desk reverse proxy ###
##################################
location /servicedesk/ {
proxy_pass http://demora:8080/servicedesk/ ;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
include conf.d/servicedesk.allow; ### restrict access
deny all;
}
# location /s/ {
# proxy_pass http://demora:8080/servicedesk/ ;
# proxy_set_header X-Forwarded-Host $host;
# proxy_set_header X-Forwarded-Server $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# client_max_body_size 10M;
# include conf.d/servicedesk.allow;
# deny all;
# }
#
#################################
### JIRA Dashboard protection ###
#################################
location /secure/ {
proxy_pass http://demora:8080/secure/;
auth_basic "Administrator Login";
auth_basic_user_file /etc/nginx/jira.htpasswd;
include conf.d/jira.allow; ### restrict access
deny all;
}
}
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, let's skip over Confluence for now. It's the same sort of idea, but it's easier to concentrate on one at a time.
The bits I've got from your last couple of comments are:
> \JIRA\conf\server.xml file. ... I stopped the "Atlassian JIRA" service, and modifeied the server.xml
Perfect.
> <Context docBase="../servicedesk" path="/servicedesk" reloadable="false" useHttpOnly="true">
Looks right, so I'm curious about what error you got when you tried to start it?
In the nginx config:
server_name support.palmsecsolutions.com ;
proxy_pass http://demora:8080/servicedesk/ ;
Look good to me. Assuming the proxy server is able to resolve "demora" to be the server Jira is running on inside your network, then it should work, and the base url should be set to http://support.palmsecsolutions.com/servicedesk
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So I tried the same again (with the \JIRA\conf\servr.xml file). When I try to start back the JIRA service I get this error.
I doublechecked: only the <context> line has been modified in the server.xml file.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I made some tests with the server.xml file, and learned the followings:
- if I set the original docBase value back to the original one (<Context docBase="${catalina.home}/atlassian-jira") the JIRA service can be started. So only the "path" value was modified to path="/servicedesk" .
With this settings I could reach the https:\\support.palmsecsolutions.com public website; however it was not the Customer Portal, but the Dashboard.
Here Jira throws some error messages:
The Tomcat server.xml has an incorrect configuration:
scheme should be 'https'
proxyName should be 'support.palmsecsolutions.com'
proxyPort should be '443'
So I added this info to the server.xml file. Now there is no errors, BUT:
- the Dashboard is accessable from support.palmsecsolutions.com and from http://demora:8080/servicedesk/ - both are redirected automatically to ../servicedesk/secure/Dashboard.jspa.
- the Customer Portal is NOT accessible at all.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There's a lot there, but can you confirm the core of the configuration is now working ok? In that when you visit http://support.palmsecsolutions.com/servicedesk you are taken to Jira? And that is the current base url?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes, I can confirm that. When I visit https://support.palmsecsolutions.com/servicedesk I can reach JIRA. The base URL is also https://support.palmsecsolutions.com/servicedesk.
However, I reach here the Dashboard of the Service Desk which is not good. I want to reach the Customer Portal where our customers could create tickets for us.
Also: our developers use Jira SOFTWARE which can originally be reached from our private server ("demora"). And this is important, it cannot be redirected to any public page (as it contains confidential infos).
Until the server.xml and BaseURL were modified by me, the Jira Software could not be reached in our private server. So I had to set back the original configurations in order to reach the Jira Software from demora server.
So the main question is: can ONLY the Customer Portal be redirected to a public page and the other Jira components (Service Desk Dashboard, Jira Software) stay in our private server?
Thanks again Nic for your help!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, that's good, it means the basics are all working correctly.
Service Desk lives under the Jira domain, so the paths to it have to be relative. You can't relocate the portals to other places (yet), so you need to allow access on the portal url and above it (i.e. the rest of Jira)
You could however close off access to Jira by configuring the proxy not to serve up pages that are outside the portal (I don't know how to do this though)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nic,
Thanks for your reply! It is a bit unclear for me. If I understand you right, there is not possible to redirect only the Customer Portal. I can redirect everything, but I can close off access to the other Jira instances. Is it correct?
The BaseURL I modified is the BaseURL for every Jira instance?
(Sorry if I have basic questions. It is good, that you write that "good, it means the basics are all working correctly", but I feel myself even farther from the solution. :(
The config file I sent seems to be good, the server.xml seems to be good, so I don't know what to do now. I have no internal support, as our system admin says it is a Jira related issue, he made the proxy redirection well. So I must solve it by myself.
I can't believe that I am the first who have Service Desk server version, and who want to redirect the Customer Portal to a public place for the customers.)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The base url is the root of where a Jira instance is served up. Everything lives beneath that, including the portals.
You can close off access to the other Jira instances (although it sounded like you only had one instance, possibly with many portals and projects), but if you want a customer to see a portal, you need to make all of that instance available.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.