Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Apache forbidden. You don't have permission to access this resource.

Sal Ila
Sal Ila December 29, 2019

Hello All,

I am trying to integrate Jira with Apache, as per the article here https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html

My Apache server is already configured with a GoDaddy CA and wildcard *.mydomain.com and currently works well serving others Apache "alias" such https://server.domain.com/abc, https://server.domain.com/xyz

 

The problem which I experience is related to the path https://server.domain.com/jira which returns permission access.

 

                       Configuration

Apache2  apache.conf

Alias /jira "/usr/local/atlassian/jira/atlassian-jira"
<Directory "/usr/local/atlassian/jira/atlassian-jira/">
AllowOverride All
Order allow,deny
Allow from all
</Directory>

 

Jira server.xml

<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="t
rue">


<Service name="Catalina">

<!-- Apache Proxy Connector with values for scheme, proxyName and proxyPort -->
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443
" useBodyEncodingForURI="true"
scheme="https" proxyName="jira.atlassian.com" proxyPort="443"/>

<!-- Standard HTTP Connector -->
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1" redirectPort="8443
" useBodyEncodingForURI="true"/>

 

The user "jira" is a member of the Apache user group;

The user "apache" is a member of the "jira" group".

The apache server has been restarted many times with no effect.

Any idea what the problem might be, please? What I am making wrong?

Thanks in advance

Sal

 

 

 

Answer
Watch
Like Minh Tran likes this
1951 views

1 answer

0 votes
JP _AC Bielefeld Leader_
JP _AC Bielefeld Leader_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 3, 2020

Hi,

are you sure you configured your Apache as described in:

https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html

I cannot find your proxy configuration. Also the directory mapping in apache.conf is not needed & wrong.

Best

JP

View More Comments
Sal Ila
Sal Ila January 5, 2020

Hi JP,

Thanks for willing to assist me. As I guess that this task might be difficult to complete, may I suggest to split the troubleshooting in phases, thus making it easier to progress? 

Following your link in Confluence, this is what I now have in Step 1, Tomcat server.xml.

=======================================================

<?xml version="1.0" encoding="utf-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

<Service name="Catalina">
<!--
========================================================================================================
======
DEFAULT - Direct connector with no proxy for unproxied access to Jira.

If using a http/https proxy, comment out this connector.
========================================================================================================
======
-->

<!-- Relaxing chars because of JRASERVER-67974 -->
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

<!--
========================================================================================================
======
HTTP - Proxying Jira via Apache or Nginx over HTTP

If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the
docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/DAFmGQ
========================================================================================================
======
-->

<!--
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="<subdomain>.<domain>.com" proxyPort="80"/>

-->
<!--
========================================================================================================
======
HTTPS - Proxying Jira via Apache or Nginx over HTTPS

If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the
docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/DAFmGQ
========================================================================================================
======
-->

<!-- -->
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="jira.mydomain.com" proxyPort="443"/>
-->

<!--
========================================================================================================
======
AJP - Proxying Jira via Apache over HTTP or HTTPS

If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line
See the following for more information:

Apache - https://confluence.atlassian.com/x/QiJ9MQ
========================================================================================================
======
-->

<!--
<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/>
-->

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &
quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>
root@linux:/usr/local/atlassian/jira/conf# vi server.xml
root@linux:/usr/local/atlassian/jira/conf# vi server.xml
If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line
See the following for more information:

Apache - https://confluence.atlassian.com/x/QiJ9MQ
==============================================================================================================
-->

<!--
<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/>
-->

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>

=================================================

Step 1 / 4  Not changed anything in WEB-INF/web.xml. I have just left the default.

Step 1 / 6 http://jiraserver:8081/jira. "This site can't be reached". 

Step 1 / 7  http://jiraserver:8080  No Warnings. It correctly lands to the Jira Dashboard.

 

Commented out apache2.conf as per your request:

# Alias /jira "/usr/local/atlassian/jira/atlassian-jira"
# <Directory "/usr/local/atlassian/jira/atlassian-jira/">
# AllowOverride All
# Order allow,deny
# Allow from all
#</Directory>

Apache2 server restart, but Step 1/6 appears not satisfied, or not working.

       

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events