Cannot get administrator access with apache ssl proxy in front of jira

I tried to follow this guide:
https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Troubleshooting

Everything seems to work....until I need to become an administrator.
Then the hostname part of the url string seems to get lost.

3 answers

1 accepted

Finaly found the right server setup:

<?xml version="1.0" encoding="utf-8"?>
<Server port="8010" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" scheme="https"
proxyName="jira.server.net" proxyPort="443" />

<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" />

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">

<Context docBase="${catalina.home}/atlassian-jira" path=""
reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container"
type="javax.transaction.UserTransaction" factory="org.objectweb.jotm.UserTransactionFactory"
jotm.timeout="60" />
<Manager pathname="" />
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
resolveHosts="false"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;" />

</Engine>
</Service>
</Server>

I can now proyx through apache httpd with ssl enable at the httpd server.

Hi Johannes, have you set the mod_rewrite to redirect http to https? If so, I've seems a number of cases where this configuration caused problems.

You may be interested to know that you can also set the redirection with only the paramenters scheme, proxyName & proxyPort in you server.xml file.

I hope it helps.

Cheers

I have:

<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<br< a="">> </VirtualHost>

And my vhost to proxy to jira:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /
http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
</virtualhost>

I have been fiddeling back and forth and right now I have tried taking Apache out of the equation.

If I follow this guide: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache#IntegratingJIRAwithApache-Step1:ConfigureTomcat

Accessing Jira on port 8081 works, but accessing Jira on 8080 makes the dashboard unhappy (same as if apache was in front).

So, according to step 6. accessing Jira on 8080 should make it redirect, but this dos not seem to be the case.

Any idea why this is?

This is my connectore settings:

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"
proxyName="ea-test-jira.itcm.oneadr.net"
proxyPort="80"/>

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8081"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"/>

Any help appriciated....

Hi Johannes, since you have the proxyName and proxyPort in the connect with port 8080, I believe the redirection in your proxy settings should be this:

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

Cheers

Updating to this setting:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</virtualhost>

did not change anything....unfortunally. Any other suggestions? And thanks for your help by the way...

0 votes
Ruchi Tandon Atlassian Team Jul 01, 2014

In your Server.xml file you have set the path incorrectly.

<Context docBase="${catalina.home}/atlassian-jira" path="/" reloadable="false" useHttpOnly="true">

This should be path="" rather than path="/".

More details on this can be found here : https://confluence.atlassian.com/display/JIRAKB/Administrator+Access+is+Incorrectly+Redirecting].

I hope this resolves the problem here.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,950 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot