Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Cannot get administrator access with apache ssl proxy in front of jira

Johannes Skov F1
Johannes Skov Frandsen June 30, 2014

I tried to follow this guide:
https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Troubleshooting

Everything seems to work....until I need to become an administrator.
Then the hostname part of the url string seems to get lost.

Answer
Watch
Like Be the first to like this
456 views

3 answers

1 accepted

0 votes
Answer accepted
Johannes Skov F1
Johannes Skov Frandsen July 15, 2014

Finaly found the right server setup:

<?xml version="1.0" encoding="utf-8"?>
<Server port="8010" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />

<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" scheme="https"
proxyName="jira.server.net" proxyPort="443" />

<Connector acceptCount="100" connectionTimeout="20000"
disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" port="8081" protocol="HTTP/1.1"
redirectPort="8443" useBodyEncodingForURI="true" />

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true"
autoDeploy="true">

<Context docBase="${catalina.home}/atlassian-jira" path=""
reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container"
type="javax.transaction.UserTransaction" factory="org.objectweb.jotm.UserTransactionFactory"
jotm.timeout="60" />
<Manager pathname="" />
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
resolveHosts="false"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;" />

</Engine>
</Service>
</Server>

I can now proyx through apache httpd with ssl enable at the httpd server.

Reply
0 votes
Ruchi Tandon
Ruchi Tandon
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 1, 2014

In your Server.xml file you have set the path incorrectly.

<Context docBase="${catalina.home}/atlassian-jira" path="/" reloadable="false" useHttpOnly="true">

This should be path="" rather than path="/".

More details on this can be found here : https://confluence.atlassian.com/display/JIRAKB/Administrator+Access+is+Incorrectly+Redirecting].

I hope this resolves the problem here.

Reply
0 votes
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 30, 2014

Hi Johannes, have you set the mod_rewrite to redirect http to https? If so, I've seems a number of cases where this configuration caused problems.

You may be interested to know that you can also set the redirection with only the paramenters scheme, proxyName & proxyPort in you server.xml file.

I hope it helps.

Cheers

View More Comments
Johannes Skov F1
Johannes Skov Frandsen July 6, 2014

I have:

<VirtualHost _default_:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<br< a="">> </VirtualHost>

And my vhost to proxy to jira:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8081/
ProxyPassReverse / http://127.0.0.1:8081/
</virtualhost>

I have been fiddeling back and forth and right now I have tried taking Apache out of the equation.

If I follow this guide: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache#IntegratingJIRAwithApache-Step1:ConfigureTomcat

Accessing Jira on port 8081 works, but accessing Jira on 8080 makes the dashboard unhappy (same as if apache was in front).

So, according to step 6. accessing Jira on 8080 should make it redirect, but this dos not seem to be the case.

Any idea why this is?

This is my connectore settings:

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"
proxyName="ea-test-jira.itcm.oneadr.net"
proxyPort="80"/>

<Connector acceptCount="100"
connectionTimeout="20000"
disableUploadTimeout="true"
enableLookups="false"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
port="8081"
protocol="HTTP/1.1"
redirectPort="8443"
useBodyEncodingForURI="true"/>

Any help appriciated....

Like
Tiago Comasseto
Tiago Comasseto
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 6, 2014

Hi Johannes, since you have the proxyName and proxyPort in the connect with port 8080, I believe the redirection in your proxy settings should be this:

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/

Cheers

Like
Johannes Skov F1
Johannes Skov Frandsen July 6, 2014

Updating to this setting:

<VirtualHost _default_:443>
SSLEngine on
Protocol https
ServerName ea-test-jira.itcm.oneadr.net:443
SSLCertificateFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.cer"
SSLCertificateKeyFile "${SRVROOT}/conf/ssl/itcm.oneadr.net/server.key"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</virtualhost>

did not change anything....unfortunally. Any other suggestions? And thanks for your help by the way...

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events