It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence and Jira with SSL and reverse proxy on apache and ubuntu on different domains Edited

Hi,

I read multiple community Q&A's and multiple tutorials to get my Jira and Confluence installation working on a single server. I use lets encrypt SSL installed with certbot auto. 

Confluence: - suba.domain.com, HTTP Application port 8080, Tomcat HTTP port 8091 and synchrony port 9095. 

Jira:  - subb.domain.com, HTTP port 80, Tomcat HTTP port 8090. 

I ended up with Jira working on HTTPS on subb.domain.com but I can't manage to get confluence working. It works with HTTP.   It won't work over https. I got the following configuration.

- Ubuntu 18.04 LTS

- Confluence 6.12

 - Jira 7.12

My apache confg is:

 


# CONFLUENCE
<VirtualHost *:443>
ServerName suba.domain.com
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://suba.domain.com:8091/$1 [P]
ProxyPass /synchrony http://127.0.0.01:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:8095%{REQUEST_URI} [P]
</Location>

ProxyPass / http://127.0.0.1:8091/
ProxyPassReverse / https://127.0.0.1:8091/

<Location />
Require all granted
</Location>

SSLCertificateFile /etc/letsencrypt/live/suba.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/suba.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

<VirtualHost *:80>
ServerName suba.domain.com
Redirect Permanent / https://suba.domain.com
RewriteEngine on

RewriteCond %{SERVER_NAME} =suba.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

# Jira
<VirtualHost *:443>
ServerName subb.domain.com
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 127.0.0.1
RewriteEngine On

ProxyPass / http://127.0.0.1:8090/
ProxyPassReverse / http://127.0.0.1:8090/

SSLCertificateFile /etc/letsencrypt/live/subb.domain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subb.domain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>

<VirtualHost *:80>
ServerName subb.domain.com
Redirect Permanent / https://subb.domain.com
RewriteEngine on
RewriteCond %{SERVER_NAME} =subb.domain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>


and for server.xml 

confluence: 


<?xml version='1.0' encoding='utf-8'?>
<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="8091" protocol="HTTP/1.1"
minProcessors="5"
maxProcessors="75"
enableLookups="false"
debug="0"
useURIValidationHack="false"
URIEncoding="UTF-8"
useBodyEncodingForURI="true"
compression="off"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-$
proxyName="suba.domain.com"
proxyPort="443"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
disableUploadTimeout="true"
acceptCount="100"
secure="true"
scheme="https"/>

<Engine name="Standalone" defaultHost="127.0.0.1" debug="0">

<Host name="127.0.0.1" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<Manager pathname="" />
</Context>
</Host>
</Engine>
</Service>
</Server>

 and for jira server.xml

<?xml version="1.0" encoding="utf-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

<Service name="Catalina">

<Connector port="8090"
maxThreads="150"
minSpareThreads="25"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
proxyName="subb.domain.com"
proxyPort="443"
acceptCount="100"
disableUploadTimeout="true"
secure="true"
scheme="https"/>
<Engine name="Catalina" defaultHost="127.0.0.1">

<Host name="127.0.0.1" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>

<Manager pathname=""/>

</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot$
</Engine>
</Service>
</Server>

Can someone please help me out?  THNX

 

2 answers

0 votes
Jan-Peter Rusch Community Leader Mar 28, 2019

Check your Confluence server.xml 

proxyPort="8443"

Best

JP

Hi JP,

 

THNX adjusted it in the question and in the code/file. Still getting a service unavailable message. apache port 443. 

any clue? 

Jan-Peter Rusch Community Leader Mar 28, 2019

Hm,

maybe:

defaultHost="localhost"

should be changed to 127.0.0.1

Just an idea. Sometimes on Linux localhost uses the loopback device which is not the same as 127.0.0.1

Best

JP 

THNX! again changed is it in the question and in the server.xml file. Now confluence works. Funny thing is that Jira stopped working :-). 

After some fixes the current situation is: 

- Jira and Confluence won't start at the same time. After Jira is started I can restart confluence. 

- When using confluence while for instance adding add-ons. It keeps giving proxy errors 443. 

Anny clue? 

Jan-Peter Rusch Community Leader Mar 29, 2019

Think about running either Jira or Confluence on the real IP of the host. Running both on one machine is possible but really not recommended. This is the first time I've seen a config running both of them on 127.0.0.1

Try switching one to another IP & check again.

I've tried switching confluence to 127.0.0.2 no results. 

 

Still 502 on port 433. 

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Calling all Jira Cloud users! Give us feedback on our exploration of a new navigation.

Hi everyone! My name’s Matt and I’m a product manager at Atlassian. I work in the navigation & findability space for all our Jira Cloud products. We’ve been working on trying to improve the exp...

1,060 views 16 12
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you