Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Apache2 reverse proxy. Gadgets error. CSP blocked frame-ancestors

Hi, I try to setup Apache2 reverse proxy .

After enable proxy - when local user try to access local site https://sd.corp.ascania.ua - some gadgets error: "can't access to site https://sd.ascania.ua" by CSP "https://sd.ascania.ua/ blocked frame-ancestors". 

So my scheme is:

InetUsers -> https://sd.ascania.ua (Apache2) -> https://sd.corp.ascania.ua (local site)

My settings of Apache2 (proxy server):

<VirtualHost *:443>
   # ServerName sd.ascania.ua
    SSLProxyEngine On
    ProxyRequests Off
    ProxyPreserveHost Off
    <Proxy *>
      Order deny,allow
      Allow from all
    </Proxy>
    SSLProxyEngine on
    ProxyPass / https://sd.corp.ascania.ua/
    ProxyPassReverse / https://sd.corp.ascania.ua/
    SSLEngine on
    SSLCertificateFile ssl/asc.cer
    SSLCertificateKeyFile ssl/asc.key
</VirtualHost>

<VirtualHost *:80>
    ServerName sd.ascania.ua
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

 

My setting of server.xml (Jira server):

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
  relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
  maxHttpHeaderSize="8192" SSLEnabled="true"
  maxThreads="150" minSpareThreads="25" connectionTimeout="20000"
  enableLookups="false" disableUploadTimeout="true"
  acceptCount="100" scheme="https" secure="true"
  sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
  clientAuth="false" useBodyEncodingForURI="true"
  keyAlias="tomcat" keystoreFile="/var/atlassian/application-data/jira/tomcat.jks"
  keystorePass="Password" keystoreType="JKS"
proxyName="sd.ascania.ua" proxyPort="443"/>

Jira server has redirect 443 port to 8443 by IPTABLE rules.

 

 

1 answer

0 votes
Artur Moura Atlassian Team Dec 23, 2021

Hi @Ascania IT 

The reason you are facing the gadget issue is the fact you are using a different Jira URL.

There is an open feature request for this https://jira.atlassian.com/browse/JRASERVER-69185, also this https://confluence.atlassian.com/jirakb/jira-server-base-url-health-check-fails-859447384.html KB, which explains the reason and the resolution steps.

Overall, you must have the same URL for both internal and external users.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.20.2
TAGS
Community showcase
Published in Jira Service Management

Next level incident management in Jira Service Management

Hello Atlassian Community! We’re thrilled to announce some exciting changes to incident management in Jira Service Management Cloud, in order to give your teams extra muscle during incidents, and ...

1,612 views 20 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you