Hi, I try to setup Apache2 reverse proxy .
After enable proxy - when local user try to access local site https://sd.corp.ascania.ua - some gadgets error: "can't access to site https://sd.ascania.ua" by CSP "https://sd.ascania.ua/ blocked frame-ancestors".
So my scheme is:
InetUsers -> https://sd.ascania.ua (Apache2) -> https://sd.corp.ascania.ua (local site)
My settings of Apache2 (proxy server):
<VirtualHost *:443>
# ServerName sd.ascania.ua
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyPass / https://sd.corp.ascania.ua/
ProxyPassReverse / https://sd.corp.ascania.ua/
SSLEngine on
SSLCertificateFile ssl/asc.cer
SSLCertificateKeyFile ssl/asc.key
</VirtualHost>
<VirtualHost *:80>
ServerName sd.ascania.ua
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
My setting of server.xml (Jira server):
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
clientAuth="false" useBodyEncodingForURI="true"
keyAlias="tomcat" keystoreFile="/var/atlassian/application-data/jira/tomcat.jks"
keystorePass="Password" keystoreType="JKS"
proxyName="sd.ascania.ua" proxyPort="443"/>
Jira server has redirect 443 port to 8443 by IPTABLE rules.
Hi @Ascania IT
The reason you are facing the gadget issue is the fact you are using a different Jira URL.
There is an open feature request for this https://jira.atlassian.com/browse/JRASERVER-69185, also this https://confluence.atlassian.com/jirakb/jira-server-base-url-health-check-fails-859447384.html KB, which explains the reason and the resolution steps.
Overall, you must have the same URL for both internal and external users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.