I am trying to get Jira and Stash to talk to each other via a Trusted Application link. The setup, currently, looks like this:
Jira -> http -> Jira Proxy -https-> stash proxy -http-> stash.
Jira and the Jira proxy are on the same machine.
The Jira Proxy is showing 403 Forbidden for POST requests from the stash server. It works (or seems to ) for everything else. I contend that since we're seeing 403 forbiddens in the access log for apache, Jira is never seeing the request.
Why is apache forbidding posts,and how do I fix it?
Note that the IPs for both Stash and the Stash Proxy are in the "trusted host" section.
My config:
ErrorLog "|/usr/sbin/rotatelogs /var/log/apache2/error.log 86400"
LogLevel info
CustomLog "|/usr/sbin/rotatelogs /var/log/apache2/access.log 86400" common
ServerSignature off
ServerTokens prod
Listen 8443
<VirtualHost *:443>
ServerName jira.company.com
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.cer
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLProtocol +SSLv3 +TLSv1
SSLCipherSuite DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA
# If context path is not "/wiki", then send to /jira.
RedirectMatch 301 ^/$ https://jira.company.com/jira
RedirectMatch 301 ^/gsd(.*)$ https://jira.company.com/jira$1
ProxyRequests On
ProxyPreserveHost On
ProxyVia On
ProxyPass /jira http://localhost:8080/jira
ProxyPassReverse /jira http://localhost:8080/jira
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
# Disable TRACE/TRACK requests, per security.
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
DocumentRoot /var/www
DirectoryIndex index.html
<Directory /var/www>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
<LocationMatch "/">
Order deny,allow
Deny from all
allow from x.x.71.8
allow from x.x.8.123
allow from x.x.120.179
allow from x.x.120.73
allow from x.x.120.45
satisfy any
SetEnvif Remote_Addr "x.x.71.8" TRUSTED_HOST
SetEnvif Remote_Addr "x.x.8.123" TRUSTED_HOST
SetEnvif Remote_Addr "x.x.120.179" TRUSTED_HOST
SetEnvif Remote_Addr "x.x.120.73" TRUSTED_HOST
SetEnvif Remote_Addr "x.x.120.45" TRUSTED_HOST
</LocationMatch>
<LocationMatch ^>
SSLRequireSSL
AuthType CompanyNet
PubcookieInactiveExpire -1
PubcookieAppID jira.company.com
require valid-user
RequestHeader set userid %{REMOTE_USER}s
</LocationMatch>
</VirtualHost>
# Port open for SSL, non-pubcookie access. Used to access APIs with Basic Auth.
<VirtualHost *:8443>
SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.cer
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLProtocol +SSLv3 +TLSv1
SSLCipherSuite DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA
ProxyRequests On
ProxyPreserveHost On
ProxyVia On
ProxyPass /jira http://localhost:8080/jira
ProxyPassReverse /jira http://localhost:8080/jira
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
RewriteLog "/var/log/apache2/rewrite.log"
RewriteLogLevel 2
# Disable TRACE/TRACK requests, per security.
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
DocumentRoot /var/www
DirectoryIndex index.html
<Directory /var/www>
Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>
</VirtualHost>
<VirtualHost jira.company.com:80>
ServerName jira.company.com
RedirectMatch 301 /(.*)$ https://jira.company.com/$1
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
<VirtualHost *:80>
ServerName go.company.com
RedirectMatch 301 /(.*)$ https://jira.company.com/$1
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.