Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Installing Let's Encrypt SSL on JIRA

Nitish Kumar
Nitish Kumar August 23, 2019

Hello,

 

I was trying to install let's encrypt ssl on my jira software. I made a domain under the name jira.nitsonline.in, I followed this guide to install the let's encrypt on this particular domain. I was able to do all the steps required, but whenever I try to start jira it doesn't show running on any of my ports.

netstat -ntlp

(Not all processes could be identified, non-owned process info

 will not be shown, you would have to be root to see it all.)

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                   

tcp6       0      0 127.0.0.1:44531         :::*                    LISTEN      -                   

tcp6       0      0 :::7990                 :::*                    LISTEN      -                   

tcp6       0      0 :::22                   :::*                    LISTEN      -                   

tcp6       0      0 127.0.0.1:7992          :::*                    LISTEN      -                   

tcp6       0      0 ::1:7992                :::*                    LISTEN      -                   

tcp6       0      0 127.0.0.1:7993          :::*                    LISTEN      -                   

tcp6       0      0 ::1:7993                :::*                    LISTEN      -                   

tcp6       0      0 :::7999                 :::*                    LISTEN      -                   

tcp6       0      0 127.0.0.1:38143         :::*                    LISTEN      -                   

tcp6       0      0 :::5701                 :::*                    LISTEN      - 

Whenever I try to start the jira it doesn't show any error:

 

sudo /etc/init.d/jira start


To run JIRA in the foreground, start the server with start-jira.sh -fg

executing using dedicated user: jira


                  `sMMMMMMMMMMMMMM+

                     MMMMMMMMMMMMMM

                     :sdMMMMMMMMMMM

                             MMMMMM

          `sMMMMMMMMMMMMMM+  MMMMMM

             MMMMMMMMMMMMMM  +MMMMM

              :sMMMMMMMMMMM   MMMMM

                     MMMMMM    `UOJ

   `sMMMMMMMMMMMMM+  MMMMMM

     MMMMMMMMMMMMMM  +MMMMM

      :sdMMMMMMMMMM   MMMMM

             MMMMMM    `UOJ

             MMMMMM

             +MMMMM

              MMMMM

               `UOJ




      Atlassian Jira

      Version : 8.3.2

                  




If you encounter issues starting or stopping JIRA, please see the Troubleshooting guide at https://docs.atlassian.com/jira/jadm-docs-083/Troubleshooting+installation







Server startup logs are located in /opt/atlassian/jira/logs/catalina.out

Using CATALINA_BASE:   /opt/atlassian/jira

Using CATALINA_HOME:   /opt/atlassian/jira

Using CATALINA_TMPDIR: /opt/atlassian/jira/temp

Using JRE_HOME:        /opt/atlassian/jira/jre/

Using CLASSPATH:       /opt/atlassian/jira/bin/bootstrap.jar:/opt/atlassian/jira/bin/tomcat-juli.jar

Using CATALINA_PID:    /opt/atlassian/jira/work/catalina.pid

Existing PID file found during start.

Removing/clearing stale PID file.

Tomcat started  

But still it doesn't show any port running 8080 or 8443.

My server.xml file looks like:

<?xml version="1.0" encoding="utf-8"?>

<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

<Service name="Catalina">
<!-- Relaxing chars because of JRASERVER-67974 -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true" scheme="https" secure="true" sslEnabledProtocols="TLSv1.2,TLSv1.3"
clientAuth="false" keyAlias="jira" keystoreFile="/usr/lib/jvm/java-11-openjdk-amd64/jre/jira.jks"
keystorePass="Nitish@03Sept" keystoreType="JKS" port="8080"
relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>

Help me out with this. Thanks.

Answer
Watch
Like Be the first to like this
1134 views

2 answers

1 accepted

0 votes
Answer accepted
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 23, 2019

@Nitish Kumar 

 

Hi Nitish

 

did you have a look to the catalina.out file to check for any exceptions?

 

Cheers

Kurt

View More Comments
Nitish Kumar
Nitish Kumar August 23, 2019

@Kurt Klinner Hi thanks for reply. I did check my catlina.out file, I am getting:

 

23-Aug-2019 15:10:42.814 SEVERE [main] org.apache.tomcat.util.digester.Digester.fatalError Parse Fatal Error at line 38 column 62: Attribute "port" was already specified for element "Connector".

 org.xml.sax.SAXParseException; systemId: file:/opt/atlassian/jira/conf/server.xml; lineNumber: 38; columnNumber: 62; Attribute "port" was already specified for element "Connector".

        at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)

        at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:177)

        at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)

        at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)

        at com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1472)

        at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(XMLDocumentFragmentScannerImpl.java:1560)

        at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1315)

        at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2784)

        at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:602)

        at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:505)

        at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:842)

        at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:771)

        at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)

        at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1213)

        at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:643)

        at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1518)

        at org.apache.catalina.startup.Catalina.load(Catalina.java:611)

        at org.apache.catalina.startup.Catalina.load(Catalina.java:662)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:498)

        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:309)

        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:492)




23-Aug-2019 15:10:42.817 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Attribute "port" was already specified for element "Connector".

23-Aug-2019 15:10:42.817 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server. Server instance is not configured.

"catalina.out" 29L, 2971C

I am new bee. I am unable to understand the logs. 

Like
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 23, 2019

@Nitish Kumar 

 

Hi Nitish

Attribute "port" was already specified for element "Connector"

is the part you should look at 

 

you dis specify port twice within

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true" scheme="https" secure="true" sslEnabledProtocols="TLSv1.2,TLSv1.3"
clientAuth="false" keyAlias="jira" keystoreFile="/usr/lib/jvm/java-11-openjdk-amd64/jre/jira.jks"
keystorePass="Nitish@03Sept" keystoreType="JKS" 
port="8080"

Cheers

 

Kurt

Like
Nitish Kumar
Nitish Kumar August 23, 2019

Hey, Thanks, I can see I've mentioned twice but different values 

protocol="HTTP/1.1"

Do I need to remove this also?

Like
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 23, 2019

@Nitish Kumar 

 

Check https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html out it describes the needed config changes

Port=8443 is the one you should use in your case

 

A more common approach would be to terminate ssl on a webserver / loadbalancer in front of jira, see also https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html

 

Cheers

Kurt

Like
Reply
0 votes
jira guy
jira guy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 23, 2019

This is not a very good practice. You would save lot of time and effort integrating with a load balancer like nginx. 

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events