We have recently migrated our tomcat based applications to SSL
Confluence & Bamboo have no problem with application links but Jira & Stash are no longer able to link to the SSL applications.
On the applications links pages we get the message:
Application 'Confluence' seems to be offline. Click here to Relocate.
Application 'Jira' seems to be offline. Click here to Relocate.
These applications are able to do user verification through the Jira user directory over SSL and that works fine.
All aplications work fine over SSL in web browsers
We've imported a wildcard/chain certificate into the individual Unix users .keystore and into the trust keystore
We've configured tomcat via server.xml and web.xml to accept connections on their old non-SSL ports but to redirect to the new HTTPS/SSL ports.
The applications have had their base URL changed to reflect their use of HTTPS & the new ports.
Any suggestions and ideas would be greatly appreciated and any additional config details can be provided on request.
Thanks Henning... yes I did do that. In the end, I went for what turned out to be a much simpler option... and used Apache as a reverse proxy.
Maybe we should consider this, too. Is there a documantation in the web for this? Or maybe, are you willing to share your configuration?
Thanks,
Henning
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Ok, I found https://confluence.atlassian.com/display/JIRA/Configuring+Apache+Reverse+Proxy+Using+the+AJP+Protocol
Did you use this page to setup you servers?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No... I didn't use AJP.
There was some documentation somewhere on confluence.atlassian.com that I used to get me started.
But one of the things that made me abandon working with Tomcat & do an Apache reverse proxy is I've done a lot of Apache config anyway (My main job is as a PHP developer) so I just used my experience.
I'll see if I can post my config soon.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Apache Config:
LoadModule rewrite_module modules/mod_rewrite.so Listen 8080 NameVirtualHost *:8080 # We've got a mod_rewrite on port 8080 to redirect all our old links # to the SSL port <VirtualHost *:8080> ServerName example.example.com ServerAlias example RewriteEngine On RewriteRule ^(.*)$ https://example.example.com/$1 [QSA,R=301,L] </VirtualHost> # Jira's "official" port is 8080 but the proxy is using 8081 # See notes above for URL redirection for an explanation of this LoadModule ssl_module modules/mod_ssl.so Listen 443 NameVirtualHost *:443 <VirtualHost *:443> ServerName example.example.com ServerAlias example RewriteEngine on RewriteCond %{HTTP_HOST} ^example$ RewriteRule (.*) https://example.example.com/$1 [QSA,R=301,L] ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass / http://example.example.com:8081/ ProxyPassReverse / http://example.example.com:8081/ SSLEngine on SSLProxyEngine on RequestHeader set Front-End-Https "On" BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown SSLCertificateFile /etc/ssl/certs/example.example.com.pem SSLCertificateKeyFile /etc/ssl/certs/example.example.com.key SSLCertificateChainFile /etc/ssl/certs/chain.cer </VirtualHost>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Jira server.xml Connector spec:
<Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" scheme="https" proxyName="example.example.com" proxyPort="443" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" />
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Jira server.conf "Connector" spec:
<Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" scheme="https" proxyName="buster.mathembedded.com" proxyPort="443" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" />
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did you import the key chain of the other server into the Java keystore (cacerts) of the application? After that you have to restart the application.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.