Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Configuring F5 load balancer with Jira SSL

I am trying to use an F5 load balancer with an SSL certificate that is configured on F5 (BIG / IP).

I am not balancing the load of JIRA, it will only be a single server behind a single VIP.

I'm just trying to avoid installing an SSL certificate directly on the Jira server that was installed in the http://jiradev.test.com:8080 standard and I want through the F5 that the certificate is installed to be access through https: // jiradev.test.com
The following is the configuration of "server.xml"

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" />

I would like the procedure to be performed in the jira so that the access is in https without having to install the certificate in Jira and yes only in F5.

2 answers

1 accepted

0 votes
Answer accepted

Hi,

The procedure is, install SSL certs on F5 and then modify server.xml of JIRA to include  schemeproxyName & proxyPort attributes. Replace them with the appropriate domain and port of the proxy, as in the below example,

<!-- Apache Proxy Connector with values for scheme, proxyName and proxyPort -->
        <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true" 
            scheme="https" proxyName="jira.atlassian.com" proxyPort="443"/> 

Then restart JIRA. 

Typically, proxyName value would be the JIRA's URL that is pointing to VIP in F5

 

Thanks

Shankar

Hello Shankar!

The setting that you indicated to me right.
I just did comment the default server.xml block and enabled the HTTPS block informing the domain of the certificate that is in F5.
Thank you for your help.

Polybio

Hello,

I'm having an error on the page below. Do you have any tips to solve this?

"gadget.common.error.500 using nginx and HTTPS"

I'm waiting.
Thank you

Hi Polybio,

Please visit the link below to see if the issue got addressed.

https://community.atlassian.com/t5/Jira-Software-questions/Jira8-behind-Nginx-proxy-gadget-common-error-500/qaq-p/1010477

Please make sure that your BASE URL and the proxyName in server.xml should match. And also verify the same in nginx configuration.

 

thanks

Like Shankar Asam _Appfire_ likes this

@Shankar Asam _Appfire_ @Polybio Fernandes 

Dears, 

I am trying to install the SSL on Palo Alto similar to F5. Is there any special config I should do on Jira?

Should I install any certificate on Jira server? It is not working although as mentioned above.

Kindly help. Thank you,

Hi,

If you are terminating SSL at F5 or Palo Alto, then you don't have to install / import any SSL certs into JIRA (F5 --> JIRA and JIRA --> F5 will be on HTTP only). You just need to modify server.xml to add your proxy-related config(see above).

 

If this is not the case and want to have https between F5 and app server (JIRA) - then you will need to import SSL certs into Java's keystore on app server (JIRA) .  See this KB article for more info and specifically ( Step 2. Update Tomcat with the KeyStore under Advanced  configuration)

 

-shankar

@Shankar Asam _Appfire_ 

Thank you for the reply :) the first part worked for me. I had to adjust the host file too. 

Regards, 

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you