Confluence / jira application links not working on SSL

We have recently migrated our tomcat based applications to SSL

Confluence & Bamboo have no problem with application links but Jira & Stash are no longer able to link to the SSL applications.

On the applications links pages we get the message:

Application 'Confluence' seems to be offline. Click here to Relocate.
Application 'Jira' seems to be offline. Click here to Relocate.

These applications are able to do user verification through the Jira user directory over SSL and that works fine.

All aplications work fine over SSL in web browsers

We've imported a wildcard/chain certificate into the individual Unix users .keystore and into the trust keystore

We've configured tomcat via server.xml and web.xml to accept connections on their old non-SSL ports but to redirect to the new HTTPS/SSL ports.

The applications have had their base URL changed to reflect their use of HTTPS & the new ports.

Any suggestions and ideas would be greatly appreciated and any additional config details can be provided on request.

2 answers

1 accepted

Thanks Henning... yes I did do that. In the end, I went for what turned out to be a much simpler option... and used Apache as a reverse proxy.

Henning Tietgens Community Champion Sep 23, 2013

Maybe we should consider this, too. Is there a documantation in the web for this? Or maybe, are you willing to share your configuration?

Thanks,

Henning

No... I didn't use AJP.

There was some documentation somewhere on confluence.atlassian.com that I used to get me started.


But one of the things that made me abandon working with Tomcat & do an Apache reverse proxy is I've done a lot of Apache config anyway (My main job is as a PHP developer) so I just used my experience.

I'll see if I can post my config soon.

Apache Config:

LoadModule rewrite_module modules/mod_rewrite.so

Listen 8080
NameVirtualHost *:8080

# We've got a mod_rewrite on port 8080 to redirect all our old links
# to the SSL port

<VirtualHost *:8080>
  ServerName example.example.com
  ServerAlias example
  RewriteEngine On
  RewriteRule ^(.*)$ https://example.example.com/$1 [QSA,R=301,L]
</VirtualHost>

# Jira's "official" port is 8080 but the proxy is using 8081
# See notes above for URL redirection for an explanation of this

LoadModule ssl_module modules/mod_ssl.so
Listen 443
NameVirtualHost *:443

<VirtualHost *:443>
  ServerName example.example.com
  ServerAlias example
  RewriteEngine on
  RewriteCond %{HTTP_HOST} ^example$
  RewriteRule (.*) https://example.example.com/$1 [QSA,R=301,L]
  ProxyRequests Off
  <Proxy *>
    Order deny,allow
    Allow from all
  </Proxy>
  ProxyPass / http://example.example.com:8081/
  ProxyPassReverse / http://example.example.com:8081/
  SSLEngine on
  SSLProxyEngine on
  RequestHeader set Front-End-Https "On"
  BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  SSLCertificateFile /etc/ssl/certs/example.example.com.pem
  SSLCertificateKeyFile /etc/ssl/certs/example.example.com.key
  SSLCertificateChainFile /etc/ssl/certs/chain.cer
</VirtualHost>

Jira server.xml Connector spec:

<Connector
  port="8081"
  maxThreads="150"
  minSpareThreads="25"
  connectionTimeout="20000"
  enableLookups="false"
  maxHttpHeaderSize="8192"
  protocol="HTTP/1.1"
  useBodyEncodingForURI="true"
  scheme="https"
  proxyName="example.example.com"
  proxyPort="443"
  redirectPort="8443"
  acceptCount="100"
  disableUploadTimeout="true"
/>

Jira server.conf "Connector" spec:

<Connector
  port="8081"
  maxThreads="150"
  minSpareThreads="25"
  connectionTimeout="20000"
  enableLookups="false"
  maxHttpHeaderSize="8192"
  protocol="HTTP/1.1"
  useBodyEncodingForURI="true"
  scheme="https"
  proxyName="buster.mathembedded.com"
  proxyPort="443"
  redirectPort="8443"
  acceptCount="100"
  disableUploadTimeout="true"
/>

0 vote
Henning Tietgens Community Champion Sep 17, 2013

Did you import the key chain of the other server into the Java keystore (cacerts) of the application? After that you have to restart the application.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Sunday in Agility

You asked for it, so we delivered: images on issues have arrived

A picture tells a thousand words. And agility boards have just released their latest feature: cover images on issues – so now your board can tell a story at first glance. Upload attachmen...

216 views 2 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you