It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Configuring nginx as reverse proxy for Jira 7.10 with ssl

My Jira instance is running on a machine with IP 192.168.1.41, on port 8080 with a redirect to port 8443 (jks configured with a valid wildcard cert). This setup was tested and all was well.

Then, I introduced nginx (on a different server, 192.168.2.12) to do reverse proxy. This listens on standard SSL port (also configured with a wildcard SSL certificate). But, when I try to access the site, the "Dashboard diagnostics: Mismatched URL Hostname" error shows up and my gadgets are not displayed. 

Can someone please help me configure the nginx and jira servers correctly?

Here are my current configs:

nginx:

server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/certs/cert_chain.crt;
ssl_certificate_key /etc/ssl/certs/wccert.key;
server_name jira.ourdomain.com;
charset utf-8;
location /{
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://192.168.1.41:8443;
}
}

 

and, the relevant portions of server.xml in jira server:

<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="jira.ourdomain.com" proxyPort="443"/>


<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"
keyAlias="tomcat" keystoreFile="/opt/atlassian/jira/certs/signedpcs12.jks" keystorePass='changeit' keystoreType="JKS" />

Base URL is setup as: https://jira.ourdomain.com

 

1 answer

Hi there Sri,

The proxy_pass must point to 8080 port instead of 8443, here you have some information about nginx integration.

Additionally, do you have imported the certificates to the Java's true-store?, you should run this command:

<JAVA_HOME>/bin/keytool -import -alias <server_name> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file youtCertificate.crt

 The default password is "changeit"

Regards,

Marcos.

Agreed - and I think importing cert to JIRA keystore resolves the gadget display issue too.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Demo Den Ep. 7: New Jira Cloud Reports

Learn how to use two new reports for next-gen projects in Jira Cloud:  Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...

229 views 1 2
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you