Mixed Content block when reaching Customer portal

Kámán_Gergő February 27, 2020

Hello Everyone,

 

I have run into an issue with Jira Service Desk on-prem Server version.

 

I have configured a Webproxy within our firewall and it uses the 8888 port and 443 proxy port

Server builds up and runs with no problem, on the Dashboard the connection is secure and through HTTPS but when going to the customize portal settings (for customers where they can submit tickets) when clicking on one of the cards the form is blank and the padlock icon on the browser turns red and shows a mixed content error.

whats wrong with my Tomcat config?

 

Tomcat Config:

<Service name="Catalina">


<Connector port="8888" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="sd.example.com" proxyPort="443"/>

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>

1 answer

0 votes
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 28, 2020

Hi,

I understand that you have setup Jira Service Desk to use an SSL/HTTPS connection, but users in the customer portal are seeing a mixed content warning.  This mixed content warning happens when an end user is requesting a webpage, but some parts of that page are serving content in HTTP, while others are using HTTPS.  It's not ideal in terms of providing a secure channel.

Looking at your snippet of the server.xml file, I don't see any clear configuration problems here.  That part looks okay from what I can see right now. Side note, I'd edited your post to remove your proxyName in order to help anonymize your site address.

That said, I'd like to know more about your environment.  Specifically:

  1. What value do you have for the Base URL in Jira?  The value here could be a factor in this mixed content error.
  2. Could explain some more detail about why port 8888 might be open on the proxy/firewall? 

For part 2, I'm not sure if 8888 is open externally.  I understand that Jira's Tomcat webserver is listening on port 8888.  However when using a proxy/firewall, your public address should really only be listening externally on port 443, and internally routing traffic to the 8888 port of Jira's internal network address for Jira to be able to process that info.  If port 8888 is accessible externally, then it could explain the behavior seen here were perhaps end users are able to connect to the HTTP side directly here, when they should not.

Jira's Tomcat server technically isn't terminating the SSL connection, so it is possible at least internally that Jira's Tomcat webserver is only using HTTP here.  That said, it is expecting to have SSL traffic to your https://sd.example.com:443 address routed to it.

I hope this helps.  Please let me know either way.

Andy

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events