Cannot get administrator access with apache ssl proxy in front of jira

I tried to follow this guide:
https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Troubleshooting

Everything seems to work....until I need to become an administrator.
Then the hostname part of the url string seems to get lost.

3 answers

1 accepted

This widget could not be displayed.

Finaly found the right server setup:

<?xml version="1.0" encoding="utf-8"?>
<Server port="8010" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" scheme="https"
proxyName="jira.server.net" proxyPort="443" />

<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" />

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">

<Context docBase="${catalina.home}/atlassian-jira" path=""
reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container"
type="javax.transaction.UserTransaction" factory="org.objectweb.jotm.UserTransactionFactory"
jotm.timeout="60" />
<Manager pathname="" />
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
resolveHosts="false"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;" />

</Engine>
</Service>
</Server>

I can now proyx through apache httpd with ssl enable at the httpd server.

This widget could not be displayed.

Hi Johannes, have you set the mod_rewrite to redirect http to https? If so, I've seems a number of cases where this configuration caused problems.

You may be interested to know that you can also set the redirection with only the paramenters scheme, proxyName & proxyPort in you server.xml file.

I hope it helps.

Cheers

I have:

<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<br< a="">> </VirtualHost>

And my vhost to proxy to jira:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /
http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
</virtualhost>

I have been fiddeling back and forth and right now I have tried taking Apache out of the equation.

If I follow this guide: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache#IntegratingJIRAwithApache-Step1:ConfigureTomcat

Accessing Jira on port 8081 works, but accessing Jira on 8080 makes the dashboard unhappy (same as if apache was in front).

So, according to step 6. accessing Jira on 8080 should make it redirect, but this dos not seem to be the case.

Any idea why this is?

This is my connectore settings:

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"
proxyName="ea-test-jira.itcm.oneadr.net"
proxyPort="80"/>

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8081"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"/>

Any help appriciated....

Hi Johannes, since you have the proxyName and proxyPort in the connect with port 8080, I believe the redirection in your proxy settings should be this:

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

Cheers

Updating to this setting:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</virtualhost>

did not change anything....unfortunally. Any other suggestions? And thanks for your help by the way...

This widget could not be displayed.
Ruchi Tandon Atlassian Team Jul 01, 2014

In your Server.xml file you have set the path incorrectly.

<Context docBase="${catalina.home}/atlassian-jira" path="/" reloadable="false" useHttpOnly="true">

This should be path="" rather than path="/".

More details on this can be found here : https://confluence.atlassian.com/display/JIRAKB/Administrator+Access+is+Incorrectly+Redirecting].

I hope this resolves the problem here.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Tuesday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

170 views 1 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you