Can not link jira and stash behind apache proxy

HI *,

I have a seriuos problem with my jira and stash installation (on the same server) behind a ssl apache proxy. Both systems have HTTPS as Base URL configured.

I can access the systems with the following urls:

https://foo.bar.com/jira

https://foo.bar.com/stash

But if I try adding the systems in application links it says, that the url is not responding, which is not correct.

So why?

4 answers

1 accepted

Accepted Answer
0 votes

Found the solution by myself... atlassian seems to have an own jre folder inside /opt/atlassian/jira/jre (don't know why) and uses an own cacerts file which was not updated with the new trusted ca

I don't know if this is a bug in the Atlassian products. I've had big problems to establish a link between Atlassian products on my local network with a reverse proxy (nginx) and SSL. Without SSL it worked out of the box. With SSL there was always a warning/error 'unable to find valid certification path to requested target' in the log. But the root CA was in the default java keystore (cacerts) for sure. I've verified this by SSLPoke (https://confluence.atlassian.com/pages/viewpage.action?pageId=186712330).

After all I've found the problem: My reverse proxy was hosting multiple (virtual) domains (f.e. *.mysite.com, *.mysite.local) with different wildcard SSL-certs. And JIRA (Confluence, Stash, ...) is connecting to the reverse proxy without the domain name, just by the IP. The reverse proxy returned in this case the certificate for the default (com) site. And this was not the expected (local) certificate by JIRA. My workaround is now to listen with the reverse proxy on a dedicated IP address for the local services and return the local certificate as default. Okey, it's now also a more secure solution. But on the other hand it is not uncommon to host different domains, each with its own SSL certificate, on the same IP address. So maybe it's a bug?

0 votes

There are atleast couple of reasons why this can happen. Your logs should tell the exact error.

1.Due to certificate errors. See https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services on how to fix that.

2.Missing proxy settings. See

https://confluence.atlassian.com/display/JIRAKB/Application+Link+authentication+fails+due+to+bad+URL+signature

Okey obviously I forgot the things with the cacerts. Stash is now able to connect to Jira, but it is not working vici versa and there is no message in the log file. My Proxy settings of Stash are the following:

<Connector port="7990" protocol="HTTP/1.1"
            connectionTimeout="20000"
            useBodyEncodingForURI="true"
            redirectPort="8443"
            compression="on"
            compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
            scheme="https"
            proxyName="foo.bar.com"
            proxyPort="443" />

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 16, 2018 in Jira

Looking for anyone who made the switch to Data Center

The Jira Marketing team is putting together an ebook on migrating to Data Center. We're looking for pro tips on how you staffed your project team and organized your Proof of Concept. Share yo...

69 views 0 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you