Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Idea on how to run both JIRA via http and https

Martin Bayreuther
Martin Bayreuther October 4, 2011

Hello all,

we run our JIRA instance under two hostnames, one for internal (Intranet) users and one for external users (public internet). Authentication happens via LDAP against our Active Directory. In addition we have some local users as well (local meaning authenticated against the JIRA local user directory).

For the external authentication I would rather use https for obvious reasons. Internally this is not a requirement.

JIRA has the URL scheme coded in the application properties so it is either or for the whole instance. Now comes my weird idea and I am asking the community (especially the folks at Atlassian) whether this will work.

I would run 2 instances in parallel. Each instance would be a full installation. One would be configured as http, the other would be configured as https. To avoid the "locking" problem of the jira-data directory, those would be separate as well. What would be shared is

  1. the underlying database
  2. the data subdirectory of jira-data (via a symlink)

Now: will this work? Is it supported?

Best regards

Maba

Answer
Watch
Like Be the first to like this
3942 views

4 answers

1 accepted

2 votes
Answer accepted
Radu Dumitriu
Radu Dumitriu
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 4, 2011

"I would run 2 instances in parallel." - Wrong, unsuppoted, will yield weird results. Reason: there is a cache in each Jira instance, and they cannot be synchonized (changes in one app will be not reflected in the other, or will be partially reflected).

But: your container (read: Tomcat) know how to handle both http and https. It is very easy to configure it to listen on one interface on 443 and on the other (internal) interface on 80. Also, you can put a reverse proxy for the internet access. There are quite a number of configurations that can solve your problem with only one instance of Jira.

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 4, 2011

It's not just the cache - if you have separate home directories, you have separate indexes, which means a change in one Jira won't go into the index of the other. Neither Jira will be aware of writes by the other one to the database, so the caches and indexes will go out of sync. Even if you pointed the index directories to the same location, you'd instantly hit locking and concurrent write problems. The only way this works is if both Jiras are fully aware of the other, which means clustering and Jira does not do that.

Exactly as Radu says, just run a single Jira and have it listen twice. You'll have some fun with the base url, but it'll work.

Like
Martin Bayreuther
Martin Bayreuther October 5, 2011

Hello Radu or Nic,

could you have a look at the server.conf and let me know whether I got that right?

Thanks a lot

maba

Like
Reply
0 votes
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
October 4, 2011

Jira can only have one "base url" - if you present it to the world over two different urls, one of them will be wrong. The base url is used for communication with other systems and displays

Email is the most obvious case - one set of users will be fine, but the ones using the "wrong" url will be receiving emails based on the base url that they cannot see.

Reply
0 votes
Martin Bayreuther
Martin Bayreuther October 4, 2011

Will the following work? Thumbs up / down?

Please note: I intend to run the Intranet part with ...mycompany.net and the external part with ...mycompany.com.

What do you mean with "fun with the base URL"?

<Service name="Catalina">

        <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   scheme="http"

                   proxyName="myjira.mycompany.net"
                   proxyPort="80"
        />
            <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
              maxHttpHeaderSize="8192" SSLEnabled="true"
              maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"

                   proxyName="myjira.mycompany.com"
                   proxyPort="443"

          />

Best regards

Maba

Reply
0 votes
Martin Bayreuther
Martin Bayreuther October 4, 2011

So this would mean that inside server.xml I just turn on both connectors and configure my proxyName and proxyPort accordingly:

Will something like this do what I would expect? Listen on 443 / 8443 for requests on https://jira.myexample.com/ and on 80 / 8080 for requests on http://jira.myexample.net/

<Service name="Catalina">
      <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"

                   scheme="http"
                   proxyName="jira.myexample.net"
                   proxyPort=80
        />

        <Connector port="8443"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"

                   SSLEnabled="true"
                   secure="true"
                   clientAuth="false" 
                   sslProtocol="TLS"

                   scheme="https"
                   proxyName="jira.myexample.com"
                   proxyPort=443
        />
....
   </Service>

Any thumbs up, thumbs down? What kind of fun is the "base url"?

Thanks in advance

maba

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events