Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Getting 503 Errors when using Apache2 as load balancer in front of jira datacenter cluster

Niklas Klein
Niklas Klein April 1, 2021

Hi everyone,

Me and a colleague are currently installing a JIRA datacenter cluster for educational purposes. The system consists of:

  • 1 Data-Server which hosts a postgresql db and an NFS-Server with a share for the shared home folder
  • 3 Servers with JIRA datacenter as nodes
  • 1 Server with an Apache2 webserver as a loadbalancer

We are roughly following those two guides

https://confluence.atlassian.com/adminjiraserver/set-up-a-jira-data-center-cluster-993929600.html

https://confluence.atlassian.com/enterprise/jira-data-center-load-balancer-examples-781200827.html

But now the issue: We can reach all of the three JIRA nodes via the Apache2 and we get the Cookie for the Session. However, we get a lot of 503 Errors when accesing each of the JIRA dashboards or the setup wizard.

image.pngsdsdsd

However, when I access the JIRA node directly via the Tomcat we get a perfectly fine webpage

image.png

The same happens when I remove the balancer part of my vhost apache2 config and replace it with a direct path to only one of the JIRA nodes. Therefore we believe the apache2 and especially the balancer configuration shredds the site.

Here is the vhost config:

<VirtualHost *:80>

ServerName jira-cluster.foobar.local

ProxyRequests Off
ProxyPreserveHost On
ProxyVia Off

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://jira-http>
BalancerMember http://10.0.0.11:8080/jira route=synnode1
BalancerMember http://10.0.0.12:8080/jira route=synnode2
BalancerMember http://10.0.0.13:8080/jira route=synnode3
ProxySet stickysession=ROUTEID
Require all granted
</Proxy>

# ProxyPass /jira http://10.0.0.11:8080/jira
ProxyPass /jira balancer://jira-http/

# ProxyPassReverse /jira http://10.0.0.11:8080/jira
ProxyPassReverse /jira balancer://jira-http/


<Location /jira >
Require all granted
</Location>

RewriteEngine on

</VirtualHost>

And here is the connector from the tomcats server.xml

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="org.apache.coyote.http11.Http11NioProtocol" useBodyEncodingForURI="true"
redirectPort="80" acceptCount="100" disableUploadTimeout="true" bindOnInit="false" proxyName="jira-cluster.foobar.local" scheme="http"/>

Any solutions or ideas are appreciated and if this is the wrong place for such a question, please point me to where else I can ask :)

Answer
Watch
Like Be the first to like this
963 views

2 answers

1 accepted

0 votes
Answer accepted
Niklas Klein
Niklas Klein April 13, 2021

To finish this up. Looks like the missing ProxyPort was the Issue. It was creating "Cross Site Request Forgery" Errors in the logs and after I added it, the website was shown as expected.

Reply
0 votes
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 1, 2021

@Niklas Klein 

Hi Niklas

 

welcome to the Atlassian community.

Can you check if moving the stickysession attribute to the proxypass directive as described in 

https://confluence.atlassian.com/enterprise/jira-data-center-load-balancer-examples-781200827.html

The context path is set to /jira in your server.xml - right?

 

Cheers

Kurt

View More Comments
Niklas Klein
Niklas Klein April 6, 2021

Hey Kurt,

thanks for your answer. Context path was set correct and moving the stickysession attribute did not help.

What did help though was fixing the connector attributes in the server.xml as in https://confluence.atlassian.com/kb/cross-site-request-forgery-csrf-protection-changes-in-atlassian-rest-779294918.html. Especially adding the proxyPort. I also changed all permissions in the JIRA home directory to 755 (was 750 before) so that could have also played a role in my solution but I will verify when I spin up the environment again (working with vagrant VMs).

Greetings,

Niklas

Like
Kurt Klinner
Kurt Klinner
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 6, 2021

@Niklas Klein 

 

Great catch did also not realize that the proxyport was missing.

Keep me posted on your test

 

All the best

 

Kurt

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events