Cannot get administrator access with apache ssl proxy in front of jira

I tried to follow this guide:
https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Troubleshooting

Everything seems to work....until I need to become an administrator.
Then the hostname part of the url string seems to get lost.

3 answers

1 accepted

0 votes
Accepted answer

Finaly found the right server setup:

<?xml version="1.0" encoding="utf-8"?>
<Server port="8010" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" scheme="https"
proxyName="jira.server.net" proxyPort="443" />

<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" />

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">

<Context docBase="${catalina.home}/atlassian-jira" path=""
reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container"
type="javax.transaction.UserTransaction" factory="org.objectweb.jotm.UserTransactionFactory"
jotm.timeout="60" />
<Manager pathname="" />
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
resolveHosts="false"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;" />

</Engine>
</Service>
</Server>

I can now proyx through apache httpd with ssl enable at the httpd server.

Hi Johannes, have you set the mod_rewrite to redirect http to https? If so, I've seems a number of cases where this configuration caused problems.

You may be interested to know that you can also set the redirection with only the paramenters scheme, proxyName & proxyPort in you server.xml file.

I hope it helps.

Cheers

I have:

<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<br< a="">> </VirtualHost>

And my vhost to proxy to jira:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /
http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
</virtualhost>

I have been fiddeling back and forth and right now I have tried taking Apache out of the equation.

If I follow this guide: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache#IntegratingJIRAwithApache-Step1:ConfigureTomcat

Accessing Jira on port 8081 works, but accessing Jira on 8080 makes the dashboard unhappy (same as if apache was in front).

So, according to step 6. accessing Jira on 8080 should make it redirect, but this dos not seem to be the case.

Any idea why this is?

This is my connectore settings:

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"
proxyName="ea-test-jira.itcm.oneadr.net"
proxyPort="80"/>

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8081"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"/>

Any help appriciated....

Hi Johannes, since you have the proxyName and proxyPort in the connect with port 8080, I believe the redirection in your proxy settings should be this:

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

Cheers

Updating to this setting:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</virtualhost>

did not change anything....unfortunally. Any other suggestions? And thanks for your help by the way...

0 votes
Ruchi Tandon Atlassian Team Jul 01, 2014

In your Server.xml file you have set the path incorrectly.

<Context docBase="${catalina.home}/atlassian-jira" path="/" reloadable="false" useHttpOnly="true">

This should be path="" rather than path="/".

More details on this can be found here : https://confluence.atlassian.com/display/JIRAKB/Administrator+Access+is+Incorrectly+Redirecting].

I hope this resolves the problem here.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,787 views 18 22
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you