When I tried to set OAuth 2.0 as the authentication method in Incoming Mail settings I realized that it's not on the list:
Then I checked the OAuth 2.0 settings:
I'm not using HTTPS at the moment. Here Running Jira applications over SSL or HTTPS
in the documentation it is said: If you need help with configuring SSL, create a question on the Atlassian community. So, I'd like to know how can I configure HTTPS in order to be able to enable the OAuth 2.0 authentication method?
Hi @JConstantine ,
Based on some of your other recent posts, I believe you're running Jira on Windows. This means you've got a few options available to you in order to run Jira over HTTPS:
In any case, it's expected that you've got a valid certificate signed by a public certificate authority in order to get HTTPS configured and OAuth working for email. If you don't have one already, you can get one free from Let'sEncrypt.
If you have specific troubles after selecting which reverse proxy you're going to use, I'm happy to help!
@Daniel EadsWill nginx work for me I'm using Windows Storage Server 2012R2 or should I use IIS if I have a server OS? Is there an Atlassian guide on configuring Jira Tomcat Server to use Let's Encrypt certificate on Windows? On the official Let's Encrypt documentation page (Let's Encrypt documentation ) the following is written:
To figure out what method will work best for you, you will need to know whether you have shell access (also known as SSH access) to your web host. If you manage your website entirely through a control panel like cPanel, Plesk, or WordPress, there’s a good chance you don’t have shell access. You can ask your hosting provider to be sure.
I installed Jira Software using the Installer. How do I know if I have SSH access to Tomcat server that Jira's working on?
From Let's Encrypt documentation:
To kick off the process, the agent asks the Let’s Encrypt CA what it needs to do in order to prove that it controls
example.com. The Let’s Encrypt CA will look at the domain name being requested and issue one or more sets of challenges. These are different ways that the agent can prove control of the domain. For example, the CA might give the agent a choice of either:
I don't really understand how can I complete these challenges, because I've never worked with certificates before. What should I do first get the certificate or set up the reverse proxy and where's the connection between those processes?
And what about this article: Running Jira applications over SSL or HTTPS ?
I'm quite confused, because I'm new to this topic and don't really understand where should I start and what is the sequence of required actions from A to Z - the consistency.
As I'm not proxying JIRA at the moment the following connector is set up in server.xml file:
There are connectors for proxying Jira via Apache and Nginx and they are commented at the moment. But there's no connector for IIS. According to the documentation I have to put this connector:
instead of the one that's currently set up in server.xml, right?
What do the following lines from the current configuration mean and do I need to put them into the new connector for IIS?
Relaxing chars because of JRASERVER-67974
use proxyPort="443" and scheme="https" in case the SSL is being terminate at IIS.
What does in case the SLL is being terminate at IIS mean?
The choice between IIS and nginx is whichever you're most comfortable with - both will run on Windows Server 2012.
We don't have official documentation on using LetsEncrypt - our documentation starts with the assumption that you've been able to procure a certificate already and are going to use that with your proxy. I would not recommend using LetsEncrypt with serving HTTPS directly from Jira. LetsEncrypt gives you a certificate with a relatively short expiration period - you'll want to have certbot renew this certificate for you. And that's difficult to do when trying to serve HTTPS directly from Tomcat/Jira, because the certificate has to be imported into the Java keystore rather than just sitting as a file on disk.
I'd suggest these actions in this order for you:
As far as the other questions - I think the above path will bypass a lot of the questions that you have. But I'll try and answer some if that helps give you a better picture:
(user's computer) <--HTTPS--> (IIS) <--HTTP--> (Jira)When users interact via https://yourjira.whatever.com - it's IIS or nginx that is serving the site over HTTPS - or "terminating the SSL connection". The traffic between IIS and Jira doesn't use SSL/TLS in this scenario - it's regular unencrypted HTTP.
Yes - apologies @JConstantine and good catch! The process is the same, but the context paths (if you use one) and port numbers will be different between Jira and Confluence. You've found the correct article for Jira that won't require changing the port numbers :)
@Daniel Eads I've stumbled upon this:
And there's this:
For me it's:
http://<JIRA Server Machine's IP address>.<JIRA Server Machine's domain name>:8080/
But whenever I try to procure a certificate from Let's Encrypt I end up with this error:
A and CNAME records for my domain name has been created. Port 80 for http and 443 for https are opened. Firewall has been temporarily disabled. Looks like I can't get the certificate from Let's Encrypt :(
We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan. &nb...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events