Can not link jira and stash behind apache proxy

HI *,

I have a seriuos problem with my jira and stash installation (on the same server) behind a ssl apache proxy. Both systems have HTTPS as Base URL configured.

I can access the systems with the following urls:

https://foo.bar.com/jira

https://foo.bar.com/stash

But if I try adding the systems in application links it says, that the url is not responding, which is not correct.

So why?

4 answers

1 accepted

This widget could not be displayed.

Found the solution by myself... atlassian seems to have an own jre folder inside /opt/atlassian/jira/jre (don't know why) and uses an own cacerts file which was not updated with the new trusted ca

This widget could not be displayed.

I don't know if this is a bug in the Atlassian products. I've had big problems to establish a link between Atlassian products on my local network with a reverse proxy (nginx) and SSL. Without SSL it worked out of the box. With SSL there was always a warning/error 'unable to find valid certification path to requested target' in the log. But the root CA was in the default java keystore (cacerts) for sure. I've verified this by SSLPoke (https://confluence.atlassian.com/pages/viewpage.action?pageId=186712330).

After all I've found the problem: My reverse proxy was hosting multiple (virtual) domains (f.e. *.mysite.com, *.mysite.local) with different wildcard SSL-certs. And JIRA (Confluence, Stash, ...) is connecting to the reverse proxy without the domain name, just by the IP. The reverse proxy returned in this case the certificate for the default (com) site. And this was not the expected (local) certificate by JIRA. My workaround is now to listen with the reverse proxy on a dedicated IP address for the local services and return the local certificate as default. Okey, it's now also a more secure solution. But on the other hand it is not uncommon to host different domains, each with its own SSL certificate, on the same IP address. So maybe it's a bug?

This widget could not be displayed.

There are atleast couple of reasons why this can happen. Your logs should tell the exact error.

1.Due to certificate errors. See https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services on how to fix that.

2.Missing proxy settings. See

https://confluence.atlassian.com/display/JIRAKB/Application+Link+authentication+fails+due+to+bad+URL+signature

This widget could not be displayed.

Okey obviously I forgot the things with the cacerts. Stash is now able to connect to Jira, but it is not working vici versa and there is no message in the log file. My Proxy settings of Stash are the following:

<Connector port="7990" protocol="HTTP/1.1"
            connectionTimeout="20000"
            useBodyEncodingForURI="true"
            redirectPort="8443"
            compression="on"
            compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
            scheme="https"
            proxyName="foo.bar.com"
            proxyPort="443" />

Suggest an answer

Log in or Sign up to answer
Atlassian Summit 2018

Meet the community IRL

Atlassian Summit is an excellent opportunity for in-person support, training, and networking.

Learn more
Community showcase
Posted Wednesday in New to Jira

Are you planning to trial, or are currently trialling Jira Software? - We want to talk to you!

Hello! I'm Rayen, a product manager at Atlassian. My team and I are working hard to improve the trial experience for Jira Software Cloud. We are interested in   talking to 20 people planning t...

119 views 2 0
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you