Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Can't start Jira Server (non SQL) after changing SSL-cert Edited

Hello Team.
Recently I updated SSL certs for NGINX (Debian that hosts the reverse proxy and Jira) by replacing the orig cert file contents with a newly generated cert.
Nginx started proreply and even shows me the correct SSL in the browser.

But Jira server doesn't start and it's errors are not informative at all (just Exit Code1). More over. attalassian-jira-log's last line is stuck on days ago state and new errors are never being added from the moment Jira failed. OS service logs etc are not useful too here(

I found the only changing and a possible reason to be SSL cert, so investigated further and found the information about JKS containers. So tried both to add a newly generated cert to a container and to make this container trusted/default. Also tried to re-generate CSR from a newly generated JKS container. Everything ran smoothly but didn't help.

So I asked a question about SSL here and the community offered me to start Jira with no SSL or no proxy. I tried both to change server.xml to work via a default or HTTP proxy connector - the same result, no logs.

A problem is that we don't have backups of Jira due to migration and changing he hypervisor so I need to either make it work ir just somehow export it's db without a webgui. The db is 100% sure should be fine as there was no corruption or any other issues on the machine expecting SSL cert renewal and chaging the contecnt of the old cert file.

Here is how server.xml looks like now It only includes connectors I tried one by one, Before things went wrong, it was TLS proxy, after the issue appeared I tried 2 others.

Please help me do understand how to make it work again or just to export all isues so I can then import them to another Jira Intance, Jira Cloud or just a file)

<?xml version="1.0" encoding="utf-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

<Service name="Catalina">
<!--
==============================================================================================================
DEFAULT - Direct connector with no proxy for unproxied access to Jira.

If using a http/https proxy, comment out this connector.
==============================================================================================================
-->

<!-- Relaxing chars because of JRASERVER-67974 -->
<
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
-->
<!--
==============================================================================================================
HTTP - Proxying Jira via Apache or Nginx over HTTP

If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/DAFmGQ

==============================================================================================================
-->

<!--
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="support.example.com" proxyPort="443"/>

-->
<!--
==============================================================================================================
HTTPS - Proxying Jira via Apache or Nginx over HTTPS

If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->

<!--
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="support.example.com" proxyPort="443"/>

1 answer

@Oleg Ponomarev 

 

Hi Oleg

 

welcome to the Atlassian community.

The server.xml snippet you shared has some issues (it that is not a copy and paste error)

 

<!-- Relaxing chars because of JRASERVER-67974 -->
<
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x

should be

<!-- Relaxing chars because of JRASERVER-67974 -->
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x

 

I would suggest to do the ssl termination on the nginx and have http traffic between nginx and the jira instance.

 

Did you check the catalina.out file for errors?

cheers

 

Kurt

@Kurt Klinner Thanks for the response.

catalina.out doesnt show latest period logs, its being finished long time ago with no explicit problems

Regarding the config.
Checked it.

SSL termination works in Nginx now, but previously Jira was set to use HTTPS proxy connector. Now I tried both the default and HTTP proxy connectos. The same thing: failing with no normal logs.

Below is the setup for the latest connector I tried. I also tried to replace the orignal config with an new exanple one and to resetup it. The same problem.


Now the question is if it's possible to export Jira (Tomcat) issues when Jira is down.

<!--
==============================================================================================================
HTTP - Proxying Jira via Apache or Nginx over HTTP

If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->

<
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="support.example.com" proxyPort="443"/>

@Oleg Ponomarev 

 

Hi Oleg

to thinks theme wrong to me in the shared snippet

<
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|

should be only

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|

and the scheme should be set to https

Cheers

Kurt

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
Community showcase
Published in Jira Service Management

Announcing Mindville Insight is now part of Jira Service Management!

Hello Community! We’re excited to announce that Mindville Insight’s asset and configuration management capabilities will now be integrated into Jira Service Management Premium and Enterprise plan...

751 views 12 15
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you