Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,368,233
Community Members
 
Community Events
168
Community Groups

Base URL Redirect after SSL implementation

Tim Finch I'm New Here Sep 22, 2022

Hi :)

I am working with a client, we have introduced certificates for SSL, and they also want a Base URL change. (This is on Jira Server running on Windows Server)

 

Sounds simple... but...

 

Current Base url is <URL>:8080
We have implemented the SSL and changed the base url to just <URL>:8443 - that worked.

I have now changed the base url to just <URL> (no port) and that is working (however I had to use 443 rather than 8443. The client does not use, and does not want to use, a reverse proxy. hence 443 rather than 8443 to get the portless url to work

The outstanding issue I have is that the redirect from <URL>:8080 to new <URL> does not work.

I have the following in the server.xml


<Connector port="8080" redirectPort="443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"
clientAuth="false" useBodyEncodingForURI="true"
keyAlias="lse-jira-uat.numiscorp.com" keystoreFile="C:\\Program Files\\Atlassian\\Application Data\\JIRA\\lse-jira-uat.jks" keystorePass="REMOVED" keystoreType="JKS"/>

I also have atlassians recommended settings in the web.xml.


so if I am on the server and go to localhost:8080 the redirect to the new URL works.

However if I use <URL>:8080 from anywhere else the redirect fails and I get a deadlink rather than a redirect.

Am I missing a setting anywhere to get the redirect to work?

As a side note, I have done the same on Confluence and the redirect works. So not sure why Jira does not.

Any help appreciated.

1 answer

I would not recommend doing this in Tomcat.  In order to bind to port 443, Tomcat will need to run as administrator, which is a big no no from a security perspective.  You would be better off installing a reverse proxy (IIS, apache, etc,) configure SSL there and let it hand the privilege separation for you so you can run Tomcat as an unprivileged user. Atlassian has guides for common reverse proxy technologies.

Apache

NGINX

IIS

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events