Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Idea on how to run both JIRA via http and https

Hello all,

we run our JIRA instance under two hostnames, one for internal (Intranet) users and one for external users (public internet). Authentication happens via LDAP against our Active Directory. In addition we have some local users as well (local meaning authenticated against the JIRA local user directory).

For the external authentication I would rather use https for obvious reasons. Internally this is not a requirement.

JIRA has the URL scheme coded in the application properties so it is either or for the whole instance. Now comes my weird idea and I am asking the community (especially the folks at Atlassian) whether this will work.

I would run 2 instances in parallel. Each instance would be a full installation. One would be configured as http, the other would be configured as https. To avoid the "locking" problem of the jira-data directory, those would be separate as well. What would be shared is

  1. the underlying database
  2. the data subdirectory of jira-data (via a symlink)

Now: will this work? Is it supported?

Best regards

Maba

4 answers

1 accepted

2 votes
Answer accepted

"I would run 2 instances in parallel." - Wrong, unsuppoted, will yield weird results. Reason: there is a cache in each Jira instance, and they cannot be synchonized (changes in one app will be not reflected in the other, or will be partially reflected).

But: your container (read: Tomcat) know how to handle both http and https. It is very easy to configure it to listen on one interface on 443 and on the other (internal) interface on 80. Also, you can put a reverse proxy for the internet access. There are quite a number of configurations that can solve your problem with only one instance of Jira.

It's not just the cache - if you have separate home directories, you have separate indexes, which means a change in one Jira won't go into the index of the other. Neither Jira will be aware of writes by the other one to the database, so the caches and indexes will go out of sync. Even if you pointed the index directories to the same location, you'd instantly hit locking and concurrent write problems. The only way this works is if both Jiras are fully aware of the other, which means clustering and Jira does not do that.

Exactly as Radu says, just run a single Jira and have it listen twice. You'll have some fun with the base url, but it'll work.

Hello Radu or Nic,

could you have a look at the server.conf and let me know whether I got that right?

Thanks a lot

maba

So this would mean that inside server.xml I just turn on both connectors and configure my proxyName and proxyPort accordingly:

Will something like this do what I would expect? Listen on 443 / 8443 for requests on https://jira.myexample.com/ and on 80 / 8080 for requests on http://jira.myexample.net/

<Service name="Catalina">
<Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" scheme="http" proxyName="jira.myexample.net" proxyPort=80 /> <Connector port="8443" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" SSLEnabled="true" secure="true" clientAuth="false" sslProtocol="TLS" scheme="https" proxyName="jira.myexample.com" proxyPort=443 /> .... </Service>

Any thumbs up, thumbs down? What kind of fun is the "base url"?

Thanks in advance

maba

Will the following work? Thumbs up / down?

Please note: I intend to run the Intranet part with ...mycompany.net and the external part with ...mycompany.com.

What do you mean with "fun with the base URL"?

&lt;Service name="Catalina"&gt;

        &lt;Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   scheme="http"

                   proxyName="myjira.mycompany.net"
                   proxyPort="80"
        /&gt;
            &lt;Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
              maxHttpHeaderSize="8192" SSLEnabled="true"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"

                   proxyName="myjira.mycompany.com"
                   proxyPort="443"

          /&gt;

Best regards

Maba

0 votes

Jira can only have one "base url" - if you present it to the world over two different urls, one of them will be wrong. The base url is used for communication with other systems and displays

Email is the most obvious case - one set of users will be fine, but the ones using the "wrong" url will be receiving emails based on the base url that they cannot see.

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you