Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Nginx Proxy Reverse Redirection Edited

Hello Community,

I'm setting up a proxy reverse to Jira Service Desk with nginx on Ubuntu 20.04. I've followed the documentation provided by Jira, but something is not working or I'm making wrong. I'm clearly pulling out my hair from many days. I've also tryed many tutorials found on the web.

The desired result when a customer go to website is the flollowing :

http://www.subdomain.exemple.com => https://subdomain.exemple.com

https://www.subdomain.exemple.com => https://subdomain.exemple.com

http://subdomain.exemple.com => https://subdomain.exemple.com

https://subdomain.exemple.com => https://subdomain.exemple.com

Here is the part (215th version xD ) of my nginx.conf :

server {
listen 80;
server_name www.subdomain.exemple.com subdomain.exemple.com;
rewrite ^ https://subdomain.exemple.com$request_uri? permanent;
}
server {
listen 443 ssl;
server_name subdomain.exemple.com;
# NGINX usually only allows 1M per request. Increase this to JIRA's maximum attachment size (10M by default)
client_max_body_size 10M;
#ssl_dhparam /path/to/file/file.pem
ssl_certificate /path/to/file/file.crt;
ssl_certificate_key /path/to/file/file.key;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers '!DHE-DSS-AES256-GCM-SHA384:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-DSS-AES256-SHA256>

location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://subdomain.exemple.com:8080;
}
}
}

Here is the connector in server.xml :

<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="subdomain.exemple.com"
proxyPort="443"
scheme="https"
secure="true"
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;"
/>

I have a wildcard certificate for *.exemple.com.

The hostname of server is :

root@localhost:~# hostname
localhost

Any help would be appreciated. If you need more informations, let me know.

Thanks.

S

1 answer

What sort of issues are you having.

One important item. If you are running selinux, you have to do the following to allow nginx to connect over http to another local port.

 

setsebool -P httpd_can_network_connect 1

I use 301 redirects vs rewrites.

server {
listen 80;
server_name testjira testjira.example.com;
return 301 https://testjira.example.com$request_uri;
}

server {
listen 443 ssl;
server_name testjira;
ssl_certificate /etc/nginx/certs/mycert.pem;
ssl_certificate_key /etc/nginx/certs/mycert.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;

return 301 https://testjira.example.com$request_uri;
}

server {
listen 443 ssl;
server_name testjira.example.com;

ssl_certificate /etc/nginx/certs/mycert.pem;
ssl_certificate_key /etc/nginx/certs/mycert.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Jespa-Connection-Id $remote_addr:$remote_port;
proxy_pass http://testjira.example.com:8081;
client_max_body_size 20M;
}
client_header_buffer_size 8k;
large_client_header_buffers 4 32k;
client_max_body_size 20M;
}

Hello,

Thank you for you answer.

When I try to pass this command :

setsebool -P httpd_can_network_connect 1

I got this message :

Cannot set persistent booleans without managed policy.

I saw that Ubuntu (I'm using 20.04 LTS) may not concerned with this comand, can you confirm ?

 

To answer your question, I got these issues wih my actual configuration :

 

http://www.subdomain.exemple.com Redirect to http://www.subdomain.exemple.com

https://www.subdomain.exemple.com Redirect to https://www.support.srmi45.fr/ with certificate warning.

 

http://subdomain.exemple.com Redirect to https://subdomain.exemple.com with certificate OK

https://subdomain.exemple.com Redirect to https://subdomain.exemple.com with certificate OK

 

An other question, how many connector(s) do you have in server.xml ?

I'm not a Ubuntu user so I can't comment on that. Though it looks like you are not using SELinux, so that command would not be relevant then.

I have the default connector on 8080. and then I created a connector on 8081 specifically for the ssl proxy.

 <
Connector port="8081"
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="16384"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
secure="true"
scheme="https"
proxyName="testjira.example.com."
proxyPort="443"
/>

 

As for your errors, all the certificate and redirection errors are handled by nginx, so the connector config shouldn't be involved.

Are you sure you are hitting your nginx? The fact that somewhere along the line you get redirected to a URL that isnt even in your config is odd.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
Community showcase
Published in Jira Service Management

Why upgrade to Jira Service Management Premium?

We often have questions from folks using Jira Service Management about the benefits to using Premium. Check out this video to learn how you can unlock even more value in our Premium plan.  &nb...

133 views 0 4
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you