Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Integrating JIRA and Confluence behind IIS ARR

William Yeack
William Yeack December 26, 2013

I have a JIRA and a Confluence server behind an IIS ARR acting as a reverse proxy with SSL.

JIRA is accessible via https://projects.domain.comand Confluence is accessible via https://documents.domain.com.

When trying to integrate the JIRA and Confluence servers together, I have been having alot of issues - they are basically unable to see eachother.

If I revert the base URLs back to the local domain names, the Application Links work perfectly. However, when I change the links back, they stop working.

When I try to create a new issue in Confluence, I get either a 404 or 504 error. If I try to recreate the link with the actual external URL, it cannot see that the server exists.

What am I missing here?


Currently, my server.xml on my JIRA is as follows:

<?xml version="1.0" encoding="UTF-8"?>
    <Server port="8005" shutdown="SHUTDOWN">
    <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
    <Listener className="org.apache.catalina.core.JasperListener"/>
    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
    <Service name="Catalina">
        <Engine defaultHost="localhost" name="Catalina">
            <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
                <Context docBase="${catalina.home}/atlassian-jira" path="" reloadable="false" useHttpOnly="true">
                    <Resource auth="Container" factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60" name="UserTransaction" type="javax.transaction.UserTransaction"/>
                    <Manager pathname=""/>
                </Context>
            </Host>
            <Valve className="org.apache.catalina.valves.AccessLogValve" pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r"" resolveHosts="false"/>

        </Engine>
          <Connector
            protocol="org.apache.coyote.http11.Http11Protocol"
            acceptCount="100"
            disableUploadTimeout="true"
            enableLookups="false"
            maxHttpHeaderSize="8192"
            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

            port="443"
            SSLEnabled="true"
            sslProtocol="TLS"
            scheme="https"
            secure="true"
            clientAuth="false"
            useBodyEncodingForURI="true"

            connectionTimeout="20000"
            keyAlias="<key alias>"
            keystoreFile="C:\Program Files\Atlassian\JIRA\jre\lib\security\cacerts" keystorePass="changeit"
            keystoreType="JKS"
            proxyName="projects.<domain>.com"
            proxyPort="443"/>
          </Service>
    </Server>

The server.xml on my confluence is as follows:

<Server port="8000" shutdown="SHUTDOWN" debug="0">
    <Service name="Tomcat-Standalone">
        <Engine name="Standalone" defaultHost="localhost" debug="0">
            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false">
                <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
                    <Manager pathname="" />
                </Context>
            </Host>
        </Engine>
        <Connector
            protocol="org.apache.coyote.http11.Http11Protocol"
            acceptCount="100"
            disableUploadTimeout="true"
            enableLookups="false"
            maxHttpHeaderSize="8192"
            maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

            port="443"
            SSLEnabled="true"
            sslProtocol="TLS"
            scheme="https"
            secure="true"
            clientAuth="false"
            URIEncoding="UTF-8"

            connectionTimeout="20000"
            keyAlias="le-0e9f6755-3182-4701-aa42-76478d411226"
            keystoreFile="C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts"
            keystorePass="changeit"
            keystoreType="JKS"
            proxyName="documents.<domain>.com"
            proxyPort="443"/>
      </Service>
</Server>

Answer
Watch
Like Deleted user likes this
2647 views

5 answers

1 accepted

0 votes
Answer accepted
William Yeack
William Yeack January 1, 2014

I solved this issue - basically, I just had to go into portecle and tell it that the domain of the other server is safe -

Reply
1 vote
Deleted user January 21, 2015

Now it is setup with Application Request Routing. The steps for setting this up were gleaned from here:

https://confluence.atlassian.com/display/JIRAKB/Integrating+JIRA+with+IIS+using+ARR#

Those instructions seem to work, but they leave a few things glitchy and the Application Links you setup between JIRA and Confluence do not work at all (lots of errors about not having a link setup on the other end, not being a valid URL (and the url will have the 8080 or 8090 port in it, etc). Google and the comments on that article eventually led to the solution:

  1. Need to set preserveHostHeader proxy configuration to false

    C:\Windows\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true
  2. Allow HTTP_X_xxxx server variables for URL Rewriting configurations, and add those to the rewrite rules (see sample web.config file for conlfuence HERE: http://pastebin.com/wSwcrbSr)
  3. First, Allow server variables to be used so you don't get 500 Error about them not being permitted. See the "Allow Server Variables to be Changed" section on this page:
    http://www.iis.net/learn/extensions/url-rewrite-module/setting-http-request-headers-and-iis-server-variables
    1. Goto IIS root level in IIS Manager > URL Rewrite > View Server Variables
    2. Add the following
      1. HTTP_X_ORIGINAL_HOST
      2. HTTP_X_FORWARDED_HOST
      3. HTTP_X_FORWARDED_SERVER

  4. Next, add sections like this to your confluence or JIRA IIS website web.config files:

    &lt;rule name="reverseproxy" stopProcessing="true"&gt;
  &lt;match url="(.*)" /&gt;
  &lt;action type="Rewrite" url="http://confluence.domain.com:8090/{R:1}" /&gt;
  &lt;serverVariables&gt;
    &lt;set name="HTTP_X_ORIGINAL_HOST" value="confluence.domain.com" /&gt;
    &lt;set name="HTTP_X_FORWARDED_HOST" value="confluence.domain.com" /&gt;
    &lt;set name="HTTP_X_FORWARDED_SERVER" value="confluence.domain.com" /&gt;
  &lt;/serverVariables&gt;
&lt;/rule&gt;

  5. In the Application Request Routing proxy setup screen that you go through in the Atlassian instructions, un-check the Reverse rewrite hose in response headers checkbox.
     

 

View More Comments
William Yeack
William Yeack February 3, 2015

Could you expand on steps 2 and 3? Also, I don't see where you attached the sample Web.config.

Like
Deleted user February 3, 2015

Sorry, I had, but it wasn't obvious because the nesting of my steps was out of whack (3 and 4 were actually sub-points to 2) I also included a few links, one of them to the sample web.config on pastebin.

Like
William Yeack
William Yeack February 3, 2015

Now I am running into this issue on Jira when I try to add "Incoming Authentication" for the application link: Unable to retrieve the application's certificate: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Like
Deleted user February 3, 2015

Never saw that one... do you have https or SSL somewhere in your setup? Ours is all internal intranet and so there is zero SSL involved.

Like
William Yeack
William Yeack February 4, 2015

JIRA and Confluence are exposed to the internet via a reverse proxy. This proxy server uses SSL offloading to encrypt the traffic. Currently, I have fixed everything except for one issue: when I am in JIRA and I try to search for a Confluence page to link it finds all of the expected pages but then when I press add it says that the page does not exist. Any ideas?

Like
Reply
0 votes
William Yeack
William Yeack February 4, 2015

- I was getting the "Application Offline" message but then I made both servers 'trust' the certificate of the other one as described here: https://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services Ever since then, they can both see eachother. - The base URL for JIRA is "https://projects.yeack.com"; and the base url for Confluence is "https://documents.yeack.com";. - The internal URL for JIRA is "http://issueserver.yeack.local"; and Confluence is "http://documentserver.yeack.local";. - Both applications are on physically different servers. - Yes - both applications can access eachother from eachother's server. - No more error messages - They go through a reverse proxy - what whitelist are you referring to? Currently, the application links seem to be working correctly in every way except one; from JIRA, when I try to add a link to a confluence page by using the Confluence page lookup functionality, it finds the page but then when I click add it says that the page does not exist. Any ideas?

Reply
0 votes
William Yeack
William Yeack December 26, 2013

1) Yes

2) documents.yeack.comfor confluence and projects.yeack.comfor JIRA

3) Yes, different servers.

4) Yes

5) Yes, 404 and 504 errors

6) Yes

Reply
0 votes
Teck-En
Teck-En
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 26, 2013
  • Did you got the "application offline message" in the Application Links page?
  • What's the base url set for both application?
  • What's your internal URL?
  • Both application located in different servers?
  • Able to access JIRA from Confluence server using external URL and vice versa?
  • Any noticiable error message in JIRA and Confluence log when you establish the application link?
  • Did you whitelist proxy ip in JIRA and Confluence(assuming the external url go through the proxy)?
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events