Jira SSL on IIS Edited

I have Jira Software 7.3.1 running on Windows Server 2012.

First time I was using it at xxx.xxx.xxx.xxx:8080 and everything worked fine. 

Now I've to migrate it to a subdomain.

I've done everything according to this article https://confluence.atlassian.com/adminjiraserver071/integrating-jira-applications-with-iis-802593039.html and eveyrhing works good.

Now I have to use SSL certificate on this subdomain and I'm refering to https://confluence.atlassian.com/adminjiraserver071/running-jira-applications-over-ssl-or-https-802593051.html


When using system without HTTPS - it working. If I'm using with HTTPS, I see a lot of errors in browser console that requests were blocked because of asking http... from https...




I suppose, it is because I have not installed redirect 



But when I'm installing this redirect suddenly port 8443 is added



Please, advice what to do in this situation. 

My server.xml

<?xml version="1.0" encoding="UTF-8"?>

<Connector acceptCount="100"

<Connector URIEncoding="UTF-8" enableLookups="false" port="8009" protocol="AJP/1.3" redirectPort="8443"/>

<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">

<Context docBase="${catalina.home}/atlassian-jira" path="" reloadable="false" useHttpOnly="true">

<Resource auth="Container" factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60" name="UserTransaction" type="javax.transaction.UserTransaction"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>


<Valve className="org.apache.catalina.valves.AccessLogValve" pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>

<Connector SSLEnabled="true"


Also important thing is that from config wizard I cannot select HTTP and HTTPS as it's not active for me. Just HTTP or HTTPS can be selected.



Please, help me to avoid adding 8443 port to URL. 

Thanks in advance!

2 answers

2 accepted

1 vote
Answer accepted

Could you explain where you are trying to terminate the SSL connection?

In other words, is IIS supposed to be doing all the SSL work, or are you trying to make JIRA's Tomcat do it as well?

Hello Nic,

if I understand correctly, this is a solution?

I've googled a little and found article https://stackoverflow.com/questions/31922167/iis-how-to-simulate-ssl-termination-on-load-balancer

Have I to do the same as described there? 

This is IIS realization, is there any other way, less complex?

I haven't done any termination of ssl connection. I just followed articles (links above)

Not that I know of, that article doesn't seem to be about SSL proxies in IIS.

IIS is pretty horrid for doing this sort of work, a far less complex solution is running Apache or nginx as a proxy, but you should stick with IIS if your systems are all IIS based.

I'm sorry, I did not explain "termination of ssl" - you are doing it if you use https.  The phrase means "where does the encryption stop".  Imagine a standard proxy server setup of:

User -1> Internet -2> Your proxy -3> JIRA

Your user fires up an SSL connection over the internet.  You can "terminate the SSL" at -2> or at -3> here.  Whichever one you chose, the work of encryption is done on the server it lands on. 

JIRA's Tomcat is not a good place to do it - it loads the JIRA process, it's not particularly flexible, it doesn't fit in well with the reasons most people use proxies, and it means some fiddling with the proxy to make it work.  It is preferable to do it on the proxy server (IIS in your case).  The question I'm asking is where you want to do it?

Thanks Nic for you answer.

All websites are stored in IIS. It can be difficult to install Apache and make them both listent to 80 and 443 ports.

So, I've to look how to do this in IIS.

0 votes
Answer accepted

The solution was found:

1. Create on IIS website, add ssl certificate, bind app to 80 and 443 port

2. Using IIS URL rewrite module create 2 proxy rules rewriting to Https://jira_host:8443

3. Enable jira 8443 port according to the articles above.

And everything will work, there is no need to use tomcat IIS connector.

Hi there, can you elaborate on this a bit? I tried creating the proxy rules but it makes me download and install ARR 3.0 and then says something about configuring a server farm which is not my intent at all. How exactly did you create those rules? Btw, I do have the IIS URL rewrite module installed.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Feb 26, 2019 in Jira Software

How to prevent the propagation of unused project schemes, workflows & screens in Jira software

Atlassian ranks project attributes as the third most important factor impacting performance in the category of data. It’s not surprising, since project attributes are precisely the rules used to ma...

656 views 0 7
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you