Hello Community,
I'm setting up a proxy reverse to Jira Service Desk with nginx on Ubuntu 20.04. I've followed the documentation provided by Jira, but something is not working or I'm making wrong. I'm clearly pulling out my hair from many days. I've also tryed many tutorials found on the web.
The desired result when a customer go to website is the flollowing :
http://www.subdomain.exemple.com => https://subdomain.exemple.com
https://www.subdomain.exemple.com => https://subdomain.exemple.com
http://subdomain.exemple.com => https://subdomain.exemple.com
https://subdomain.exemple.com => https://subdomain.exemple.com
Here is the part (215th version xD ) of my nginx.conf :
server {
listen 80;
server_name www.subdomain.exemple.com subdomain.exemple.com;
rewrite ^ https://subdomain.exemple.com$request_uri? permanent;
}
server {
listen 443 ssl;
server_name subdomain.exemple.com;
# NGINX usually only allows 1M per request. Increase this to JIRA's maximum attachment size (10M by default)
client_max_body_size 10M;
#ssl_dhparam /path/to/file/file.pem
ssl_certificate /path/to/file/file.crt;
ssl_certificate_key /path/to/file/file.key;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers '!DHE-DSS-AES256-GCM-SHA384:!DHE-RSA-AES256-GCM-SHA384:!DHE-RSA-AES256-SHA256:!DHE-DSS-AES256-SHA256>
location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://subdomain.exemple.com:8080;
}
}
}
Here is the connector in server.xml :
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="subdomain.exemple.com"
proxyPort="443"
scheme="https"
secure="true"
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`"<>"
/>
I have a wildcard certificate for *.exemple.com.
The hostname of server is :
root@localhost:~# hostname
localhost
Any help would be appreciated. If you need more informations, let me know.
Thanks.
S
What sort of issues are you having.
One important item. If you are running selinux, you have to do the following to allow nginx to connect over http to another local port.
setsebool -P httpd_can_network_connect 1
I use 301 redirects vs rewrites.
server {
listen 80;
server_name testjira testjira.example.com;
return 301 https://testjira.example.com$request_uri;
}
server {
listen 443 ssl;
server_name testjira;
ssl_certificate /etc/nginx/certs/mycert.pem;
ssl_certificate_key /etc/nginx/certs/mycert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
return 301 https://testjira.example.com$request_uri;
}
server {
listen 443 ssl;
server_name testjira.example.com;
ssl_certificate /etc/nginx/certs/mycert.pem;
ssl_certificate_key /etc/nginx/certs/mycert.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Jespa-Connection-Id $remote_addr:$remote_port;
proxy_pass http://testjira.example.com:8081;
client_max_body_size 20M;
}
client_header_buffer_size 8k;
large_client_header_buffers 4 32k;
client_max_body_size 20M;
}
Hello,
Thank you for you answer.
When I try to pass this command :
setsebool -P httpd_can_network_connect 1
I got this message :
Cannot set persistent booleans without managed policy.
I saw that Ubuntu (I'm using 20.04 LTS) may not concerned with this comand, can you confirm ?
To answer your question, I got these issues wih my actual configuration :
http://www.subdomain.exemple.com Redirect to http://www.subdomain.exemple.com
https://www.subdomain.exemple.com Redirect to https://www.support.srmi45.fr/ with certificate warning.
http://subdomain.exemple.com Redirect to https://subdomain.exemple.com with certificate OK
https://subdomain.exemple.com Redirect to https://subdomain.exemple.com with certificate OK
An other question, how many connector(s) do you have in server.xml ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm not a Ubuntu user so I can't comment on that. Though it looks like you are not using SELinux, so that command would not be relevant then.
I have the default connector on 8080. and then I created a connector on 8081 specifically for the ssl proxy.
<
Connector port="8081"
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="16384"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
secure="true"
scheme="https"
proxyName="testjira.example.com."
proxyPort="443"
/>
As for your errors, all the certificate and redirection errors are handled by nginx, so the connector config shouldn't be involved.
Are you sure you are hitting your nginx? The fact that somewhere along the line you get redirected to a URL that isnt even in your config is odd.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.