Cannot get administrator access with apache ssl proxy in front of jira

I tried to follow this guide:
https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Troubleshooting

Everything seems to work....until I need to become an administrator.
Then the hostname part of the url string seems to get lost.

3 answers

1 accepted

Finaly found the right server setup:

<?xml version="1.0" encoding="utf-8"?>
<Server port="8010" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" scheme="https"
proxyName="jira.server.net" proxyPort="443" />

<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" />

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">

<Context docBase="${catalina.home}/atlassian-jira" path=""
reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container"
type="javax.transaction.UserTransaction" factory="org.objectweb.jotm.UserTransactionFactory"
jotm.timeout="60" />
<Manager pathname="" />
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
resolveHosts="false"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;" />

</Engine>
</Service>
</Server>

I can now proyx through apache httpd with ssl enable at the httpd server.

Hi Johannes, have you set the mod_rewrite to redirect http to https? If so, I've seems a number of cases where this configuration caused problems.

You may be interested to know that you can also set the redirection with only the paramenters scheme, proxyName & proxyPort in you server.xml file.

I hope it helps.

Cheers

I have:

<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<br< a="">> </VirtualHost>

And my vhost to proxy to jira:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /
http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
</virtualhost>

I have been fiddeling back and forth and right now I have tried taking Apache out of the equation.

If I follow this guide: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache#IntegratingJIRAwithApache-Step1:ConfigureTomcat

Accessing Jira on port 8081 works, but accessing Jira on 8080 makes the dashboard unhappy (same as if apache was in front).

So, according to step 6. accessing Jira on 8080 should make it redirect, but this dos not seem to be the case.

Any idea why this is?

This is my connectore settings:

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"
proxyName="ea-test-jira.itcm.oneadr.net"
proxyPort="80"/>

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8081"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"/>

Any help appriciated....

Hi Johannes, since you have the proxyName and proxyPort in the connect with port 8080, I believe the redirection in your proxy settings should be this:

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

Cheers

Updating to this setting:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</virtualhost>

did not change anything....unfortunally. Any other suggestions? And thanks for your help by the way...

0 vote
Ruchi Tandon Atlassian Team Jul 01, 2014

In your Server.xml file you have set the path incorrectly.

<Context docBase="${catalina.home}/atlassian-jira" path="/" reloadable="false" useHttpOnly="true">

This should be path="" rather than path="/".

More details on this can be found here : https://confluence.atlassian.com/display/JIRAKB/Administrator+Access+is+Incorrectly+Redirecting].

I hope this resolves the problem here.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

73 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you