having extreme issues using nginx with an SSL on it with a proxy pass to our JIRA instance on the same box.
Here is my current code following Atlassian's recommendations:
nginx.conf file:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name test.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name test.domain.com;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /var/SSL/bundle.crt;
ssl_certificate_key /var/SSL/domain.key;
# ssl_session_timeout 1d;
# ssl_session_cache shared:SSL:50m;
# ssl_session_tickets off;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
ssl_trusted_certificate /var/SSL/intermediate.cer;
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://test.domain.com:8080/jira;
client_max_body_size 10M;
}
}
server.xml file:
<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="test.domain.com"
proxyPort="443"
scheme="https"
secure="true"/>
With this method it won't even redirect. When browsing to the FQDN it simply shows me an nginx splash page.
I got it working using another method, but JIRA shows that it can't resolve to itself when using this code:
nginx.conf:
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
# The IP that you forwarded in your router (nginx proxy)
listen 443 default_server;
# Make site accessible from http://localhost/
server_name test.domain.com;
# The internal IP of the VM that hosts your Apache config
set $upstream2 127.0.0.1:8080;
ssl_certificate /var/SSL/bundle.crt;
ssl_certificate_key /var/SSL/domain.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location / {
proxy_pass_header Authorization;
proxy_pass http://$upstream2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
}
}
server.xml:
<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="test.domain.com"
proxyPort="443"
scheme="https"
secure="true"/>
Any assistance would be greatly appreciated as I cannot figure out what would be causing this problem.
Did you try https://test.domain.com/jira ?
In the first two config files, there's nothing that would redirect https://test.domain.com and since you're using the context path /jira you need to get there somehow.
I recommend against using a context path unless you have to use the same https://test.domain.com for multiple applications, such as Confluence.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.