Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to pass the request through a virtual server to physical server using Apache

Shib Saha
Shib Saha November 13, 2017

Hello Everyone,

We have Jira and Confluence server version installed on the same sever. With the help of Apache using as reverse proxy both the application is accessible on the user friendly URL with self signed certificate as it is our stagging environment.

Here the concern is request is directly hitting the physical server and it is a security concern as per our network security.

Is there any way to pass the request through a virtual server and then it hits on the physical server(When we ping the jira url, virtual server IP should be found and not the original IP), with the help of Apache as reverse proxy.

Any comment is most welcomed!!

Thanks and Regards,
Shib Saha 

 

Answer
Watch
Like Be the first to like this
301 views

1 answer

0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 13, 2017

Most of us get our Atlassian stacks working, then put the Apache in front of them, and simply firewall the application server off from the rest of the world.  My Jira server is firewalled to the point where it only listens to ssh on the local network, talks to Apache on one other machine on the network and a database server on another local machine.  All other networking is firewalled completely.

That will stop the security problem of people hitting the service direct, as they'll get nothing back from it.

Redirecting them is possibly more complex, but mostly possible.  If you edit the hosts file on the Jira server so that it uses the right names for itself and the proxy server without going to DNS, then you can poison your DNS - tell it to resolve the name of the Jira server is the ip address of the proxy.  This won't (and can't) stop people using the raw ip address of the jira server (that may be possible with routing in your network, but I've never tried it), so you should still do the firewall thing.

View More Comments
Shib Saha
Shib Saha November 13, 2017

Thanks nic!!

Hey Nic,

The first approach to keep Jira application on one server, Apache on 2nd and Jira database of the 3rd server. But i am little bit confused with SSH, could you please elaborate a bit more. Thank you!!

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
November 15, 2017

I'm not sure what you want from any elaboration?  I'm happy to do it, but I don't know what the question is!

Like
Shib Saha
Shib Saha December 8, 2017

Hi Nic,

I need your help.

Earlier i had installed apache on the same server where Jira and Confluence application is installed and both jira and confluence was accessible with proxied URL.

But due to some network security constraint, installed apache on different server and configured the same way and when hit the proxied URL it is giving error "Server can not be reached".

Could please suggest any possible way how to resolve the issue.

Thanks for your help.

Regards,

Shib Saha

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 8, 2017

That usually means that the proxy server cannot reach the services you have set up to be proxied.

It's trying to ask Jira and Confluence for data, but simply cannot reach them on the proxy urls you have given it.

Are the urls correct?  Are they firewalled off from the proxy?  Try a simple wget/curl/telnet to the services from the proxy server and check the error response, it's usually a bit more informative than "server cannot be reached"

Like
Shib Saha
Shib Saha December 11, 2017

Hey Nic,

Do i have to make some change on server level to make both the server to communicate to each other??.  I have simply installed apache on different server and set the httpd config. no more change i did.

Regards,
Shib Saha 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 11, 2017

You need to set up the Tomcat connector to talk to Apache as well.

Like
Shib Saha
Shib Saha December 12, 2017

I set up connector of tomcat to communicate to apache using proxy name, proxy port and sheme, but the problem is same.

May be i need to make both the server (application server and apache server ) to communicate to each other.

Thanks,
Shib Saha 

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 12, 2017

I'm afraid I can't tell you any more.  I would say that you have not set up the Tomcat and Apache connector correctly, but you have not gone into any detail about what you've done, so I cannot tell much more than that.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events