Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

Broken SSL

Shannon Harvey
Shannon Harvey Nov 03, 2020

Hello All,

First and foremost please forgive my lack of knowledge and verbiage regarding this product. I was given a task without any prior working knowledge of Atlassian products and have run into a stumbling block and thought that I'd post here with hopes that I can get some assistance. 

I have been asked to setup SSL for all of our Atlassian products using a reverse proxy which I've done using apache and a self signed certificate. On the surface everything appears to be working as expected however several components of the application appear to be broken when attempting to navigate the app. 

To be more specific if I access servicedesk and try to create a new issue i get met with the following error message and am unable to proceed "The Jira server could not be contacted. This may be a temporary glitch or the server may be down" Additonally none of the avatars appear to be functioning as expected. 

Has anyone here experienced anything like this and if so can you assist. The product is running on RedHat.

 

Answer
Watch
Like Be the first to like this
221 views

2 answers

1 accepted

1 vote
Answer accepted
Dirk Ronsmans
Dirk Ronsmans Community Leader Nov 03, 2020

@Shannon Harvey ,

In the server.xml file which connectors do you have enabled?

If you have both the direct one and the SSL one enabled these can cause interference with eachother.

Normally there is a comment above the connector telling you which one to enable. (for you that would be HTTPS using a reverse proxy)

View More Comments
Shannon Harvey
Shannon Harvey Nov 03, 2020

Hi @Dirk Ronsmans 

 

here is my server.xml file. can you tell me if something is getting in the way?

<?xml version="1.0" encoding="UTF-8"?>

<!--Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributed withthis work for additional information regarding copyright ownership.The ASF licenses this file to You under the Apache License, Version 2.0(the "License"); you may not use this file except in compliance withthe License. You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License. -->

-<Server shutdown="SHUTDOWN" port="8005">

<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>

<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>

<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>


-<Service name="Catalina">

<!--==============================================================================================================DEFAULT - Direct connector with no proxy for unproxied access to Jira.If using a http/https proxy, comment out this connector.============================================================================================================== -->


<!-- Relaxing chars because of JRASERVER-67974 -->


<Connector port="8080" bindOnInit="false" disableUploadTimeout="true" acceptCount="100" redirectPort="8443" useBodyEncodingForURI="true" protocol="HTTP/1.1" maxHttpHeaderSize="8192" enableLookups="false" connectionTimeout="20000" minSpareThreads="25" maxThreads="150" relaxedQueryChars="[]|{}^\`"<>" relaxedPathChars="[]|"/>

<!--==============================================================================================================HTTP - Proxying Jira via Apache or Nginx over HTTPIf you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.See the following for more information:Apache - https://confluence.atlassian.com/x/4xQLMnginx - https://confluence.atlassian.com/x/DAFmGQ============================================================================================================== -->


<!-- <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"proxyName="wfdservicedesk.goodrich.root.local" proxyPort="80"/> -->


<!--==============================================================================================================HTTPS - Proxying Jira via Apache or Nginx over HTTPSIf you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.See the following for more information:Apache - https://confluence.atlassian.com/x/PTT3MQnginx - https://confluence.atlassian.com/x/DAFmGQ============================================================================================================== -->


<Connector port="8080" bindOnInit="false" disableUploadTimeout="true" acceptCount="100" redirectPort="8443" useBodyEncodingForURI="true" protocol="HTTP/1.1" maxHttpHeaderSize="8192" enableLookups="false" connectionTimeout="20000" minSpareThreads="25" maxThreads="150" relaxedQueryChars="[]|{}^\`"<>" relaxedPathChars="[]|" proxyPort="443" proxyName="wfddevsd01.goodrich.root.local" scheme="https" secure="true"/>
-->
<!--==============================================================================================================AJP - Proxying Jira via Apache over HTTP or HTTPSIf you're proxying traffic to Jira using the AJP protocol, uncomment the following connector lineSee the following for more information:Apache - https://confluence.atlassian.com/x/QiJ9MQ============================================================================================================== -->


<!--<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/> -->

 

-<Engine name="Catalina" defaultHost="localhost">


-<Host name="localhost" autoDeploy="true" unpackWARs="true" appBase="webapps">


-<Context useHttpOnly="true" reloadable="false" docBase="${catalina.home}/atlassian-jira" path="">

<Resource name="UserTransaction" jotm.timeout="60" factory="org.objectweb.jotm.UserTransactionFactory" type="javax.transaction.UserTransaction" auth="Container"/>

<Manager pathname=""/>

<JarScanner scanManifest="false"/>

<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120"/>

</Context>

</Host>

<Valve className="org.apache.catalina.valves.AccessLogValve" pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/>

</Engine>

</Service>

</Server>

Like
Shannon Harvey
Shannon Harvey Nov 03, 2020

Hi Dirk.

I have the HTTPS - Proxying Jira via Apache or Nginx over HTTPS connector enabled. I dont see any others enabled

Like
Dirk Ronsmans
Dirk Ronsmans Community Leader Nov 03, 2020 • edited

And I assume you also modified the connector to suit your domainname/ports?

You also only mention the customer portal, so I guess the rest (agent side) is ok?

Like
Shannon Harvey
Shannon Harvey Nov 03, 2020

yes I've modified it to reflect my domain name and ports. I would post the configuration here but every time i do the system strips it. I dont know what you mean by customer portal. 

Like
Shannon Harvey
Shannon Harvey Nov 03, 2020

okay I got it partially working by modifying the base url. but some functionality like the avatars and images to issues and the activity stream isnt working.

Like
Dirk Ronsmans
Dirk Ronsmans Community Leader Nov 03, 2020

the customer portal is the portal where a customer would go to create a ticket :)

I still feel like your server.xml is failing somehow. Do you see anything in the atlassian-jira.log on your server? Something about the PKIX build path failing? (cause that would indicate SSL issues)

Like
Shannon Harvey
Shannon Harvey Nov 03, 2020

let me look. can you point me in the direction of where that log file would be? forgive me I'm relatively new to linux as well

Like
Dirk Ronsmans
Dirk Ronsmans Community Leader Nov 03, 2020

Hey @Shannon Harvey ,

That server.xml seems to have 2 connectors enabled (if my eyes don't trick me).

You have the default one enabled (first one) and the HTTPS proxy one.

Can you disable the first one by adding <!-- at the beginning and --> at the end of the first one (line above it and line below it should be fine) and then restart your service.

As you have both a HTTP one and HTTPS one enabled JIRA tries the HTTP one by default and then it messes up as your scheme is https in JIRA.

Like
Shannon Harvey
Shannon Harvey Nov 04, 2020

@Dirk Ronsmans that was the solution, I disabled the HTTP connector and everything works as expected. 

Thank you,

Shannon

Like # people like this
Reply
1 vote
Alexis Robert
Alexis Robert Community Leader Nov 03, 2020

Hi @Shannon Harvey , 

 

in addition to configuring Apache to handle SSL connections, you also need to change Jira configuration, as explained in this documentation : https://confluence.atlassian.com/kb/securing-your-atlassian-applications-with-apache-using-ssl-838284349.html

You will at least need to change the Base URL to https, and the server.xml to provide Tomcat with the SSL settings.

 

Let me know if this helps, 

 

--Alexis

View More Comments
Shannon Harvey
Shannon Harvey Nov 03, 2020

Thank you, can you point me to a specific part of the documentation i should be focusing on as I think I've already done all of this. Also we disabled the Base URL so i dont think that's required. 

Like
Alexis Robert
Alexis Robert Community Leader Nov 03, 2020

You can have a look here to get more details about the server.xml configuration : https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html#IntegratingJIRAwithApacheusingSSL-Step1:ConfigureTomcat

 

I'm not sure what you're saying about disabling the Base URL : this is a parameter that is needed to get Jira working.

Like Dave Liao likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
Community showcase
Kate Clavet
Kate Clavet
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

227 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you