How to pass the request through a virtual server to physical server using Apache

Hello Everyone,

We have Jira and Confluence server version installed on the same sever. With the help of Apache using as reverse proxy both the application is accessible on the user friendly URL with self signed certificate as it is our stagging environment.

Here the concern is request is directly hitting the physical server and it is a security concern as per our network security.

Is there any way to pass the request through a virtual server and then it hits on the physical server(When we ping the jira url, virtual server IP should be found and not the original IP), with the help of Apache as reverse proxy.

Any comment is most welcomed!!

Thanks and Regards,
Shib Saha 

 

1 answer

0 votes

Most of us get our Atlassian stacks working, then put the Apache in front of them, and simply firewall the application server off from the rest of the world.  My Jira server is firewalled to the point where it only listens to ssh on the local network, talks to Apache on one other machine on the network and a database server on another local machine.  All other networking is firewalled completely.

That will stop the security problem of people hitting the service direct, as they'll get nothing back from it.

Redirecting them is possibly more complex, but mostly possible.  If you edit the hosts file on the Jira server so that it uses the right names for itself and the proxy server without going to DNS, then you can poison your DNS - tell it to resolve the name of the Jira server is the ip address of the proxy.  This won't (and can't) stop people using the raw ip address of the jira server (that may be possible with routing in your network, but I've never tried it), so you should still do the firewall thing.

Thanks nic!!

Hey Nic,

The first approach to keep Jira application on one server, Apache on 2nd and Jira database of the 3rd server. But i am little bit confused with SSH, could you please elaborate a bit more. Thank you!!

I'm not sure what you want from any elaboration?  I'm happy to do it, but I don't know what the question is!

Hi Nic,

I need your help.

Earlier i had installed apache on the same server where Jira and Confluence application is installed and both jira and confluence was accessible with proxied URL.

But due to some network security constraint, installed apache on different server and configured the same way and when hit the proxied URL it is giving error "Server can not be reached".

Could please suggest any possible way how to resolve the issue.

Thanks for your help.

Regards,

Shib Saha

That usually means that the proxy server cannot reach the services you have set up to be proxied.

It's trying to ask Jira and Confluence for data, but simply cannot reach them on the proxy urls you have given it.

Are the urls correct?  Are they firewalled off from the proxy?  Try a simple wget/curl/telnet to the services from the proxy server and check the error response, it's usually a bit more informative than "server cannot be reached"

Hey Nic,

Do i have to make some change on server level to make both the server to communicate to each other??.  I have simply installed apache on different server and set the httpd config. no more change i did.

Regards,
Shib Saha 

You need to set up the Tomcat connector to talk to Apache as well.

I set up connector of tomcat to communicate to apache using proxy name, proxy port and sheme, but the problem is same.

May be i need to make both the server (application server and apache server ) to communicate to each other.

Thanks,
Shib Saha 

I'm afraid I can't tell you any more.  I would say that you have not set up the Tomcat and Apache connector correctly, but you have not gone into any detail about what you've done, so I cannot tell much more than that.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,989 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot