It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Apache forbidden. You don't have permission to access this resource.

Sal Ila I'm New Here Dec 29, 2019

Hello All,

I am trying to integrate Jira with Apache, as per the article here https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html

My Apache server is already configured with a GoDaddy CA and wildcard *.mydomain.com and currently works well serving others Apache "alias" such https://server.domain.com/abc, https://server.domain.com/xyz

 

The problem which I experience is related to the path https://server.domain.com/jira which returns permission access.

 

                       Configuration

Apache2  apache.conf

Alias /jira "/usr/local/atlassian/jira/atlassian-jira"
<Directory "/usr/local/atlassian/jira/atlassian-jira/">
AllowOverride All
Order allow,deny
Allow from all
</Directory>

 

Jira server.xml

<Engine defaultHost="localhost" name="Catalina">
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="t
rue">


<Service name="Catalina">

<!-- Apache Proxy Connector with values for scheme, proxyName and proxyPort -->
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443
" useBodyEncodingForURI="true"
scheme="https" proxyName="jira.atlassian.com" proxyPort="443"/>

<!-- Standard HTTP Connector -->
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1" redirectPort="8443
" useBodyEncodingForURI="true"/>

 

The user "jira" is a member of the Apache user group;

The user "apache" is a member of the "jira" group".

The apache server has been restarted many times with no effect.

Any idea what the problem might be, please? What I am making wrong?

Thanks in advance

Sal

 

 

 

1 answer

0 votes

Hi,

are you sure you configured your Apache as described in:

https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html

I cannot find your proxy configuration. Also the directory mapping in apache.conf is not needed & wrong.

Best

JP

Sal Ila I'm New Here Jan 05, 2020

Hi JP,

Thanks for willing to assist me. As I guess that this task might be difficult to complete, may I suggest to split the troubleshooting in phases, thus making it easier to progress? 

Following your link in Confluence, this is what I now have in Step 1, Tomcat server.xml.

=======================================================

<?xml version="1.0" encoding="utf-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

<Service name="Catalina">
<!--
========================================================================================================
======
DEFAULT - Direct connector with no proxy for unproxied access to Jira.

If using a http/https proxy, comment out this connector.
========================================================================================================
======
-->

<!-- Relaxing chars because of JRASERVER-67974 -->
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

<!--
========================================================================================================
======
HTTP - Proxying Jira via Apache or Nginx over HTTP

If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the
docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/DAFmGQ
========================================================================================================
======
-->

<!--
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="<subdomain>.<domain>.com" proxyPort="80"/>

-->
<!--
========================================================================================================
======
HTTPS - Proxying Jira via Apache or Nginx over HTTPS

If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the
docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/DAFmGQ
========================================================================================================
======
-->

<!-- -->
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="jira.mydomain.com" proxyPort="443"/>
-->

<!--
========================================================================================================
======
AJP - Proxying Jira via Apache over HTTP or HTTPS

If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line
See the following for more information:

Apache - https://confluence.atlassian.com/x/QiJ9MQ
========================================================================================================
======
-->

<!--
<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/>
-->

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &
quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>
root@linux:/usr/local/atlassian/jira/conf# vi server.xml
root@linux:/usr/local/atlassian/jira/conf# vi server.xml
If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line
See the following for more information:

Apache - https://confluence.atlassian.com/x/QiJ9MQ
==============================================================================================================
-->

<!--
<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/>
-->

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>

=================================================

Step 1 / 4  Not changed anything in WEB-INF/web.xml. I have just left the default.

Step 1 / 6 http://jiraserver:8081/jira. "This site can't be reached". 

Step 1 / 7  http://jiraserver:8080  No Warnings. It correctly lands to the Jira Dashboard.

 

Commented out apache2.conf as per your request:

# Alias /jira "/usr/local/atlassian/jira/atlassian-jira"
# <Directory "/usr/local/atlassian/jira/atlassian-jira/">
# AllowOverride All
# Order allow,deny
# Allow from all
#</Directory>

Apache2 server restart, but Step 1/6 appears not satisfied, or not working.

       

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you