Can not link jira and stash behind apache proxy

HI *,

I have a seriuos problem with my jira and stash installation (on the same server) behind a ssl apache proxy. Both systems have HTTPS as Base URL configured.

I can access the systems with the following urls:

https://foo.bar.com/jira

https://foo.bar.com/stash

But if I try adding the systems in application links it says, that the url is not responding, which is not correct.

So why?

4 answers

1 accepted

Found the solution by myself... atlassian seems to have an own jre folder inside /opt/atlassian/jira/jre (don't know why) and uses an own cacerts file which was not updated with the new trusted ca

I don't know if this is a bug in the Atlassian products. I've had big problems to establish a link between Atlassian products on my local network with a reverse proxy (nginx) and SSL. Without SSL it worked out of the box. With SSL there was always a warning/error 'unable to find valid certification path to requested target' in the log. But the root CA was in the default java keystore (cacerts) for sure. I've verified this by SSLPoke (https://confluence.atlassian.com/pages/viewpage.action?pageId=186712330).

After all I've found the problem: My reverse proxy was hosting multiple (virtual) domains (f.e. *.mysite.com, *.mysite.local) with different wildcard SSL-certs. And JIRA (Confluence, Stash, ...) is connecting to the reverse proxy without the domain name, just by the IP. The reverse proxy returned in this case the certificate for the default (com) site. And this was not the expected (local) certificate by JIRA. My workaround is now to listen with the reverse proxy on a dedicated IP address for the local services and return the local certificate as default. Okey, it's now also a more secure solution. But on the other hand it is not uncommon to host different domains, each with its own SSL certificate, on the same IP address. So maybe it's a bug?

0 vote

There are atleast couple of reasons why this can happen. Your logs should tell the exact error.

1.Due to certificate errors. See https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services on how to fix that.

2.Missing proxy settings. See

https://confluence.atlassian.com/display/JIRAKB/Application+Link+authentication+fails+due+to+bad+URL+signature

Okey obviously I forgot the things with the cacerts. Stash is now able to connect to Jira, but it is not working vici versa and there is no message in the log file. My Proxy settings of Stash are the following:

<Connector port="7990" protocol="HTTP/1.1"
            connectionTimeout="20000"
            useBodyEncodingForURI="true"
            redirectPort="8443"
            compression="on"
            compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
            scheme="https"
            proxyName="foo.bar.com"
            proxyPort="443" />

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,304 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot