Is there a guide on how to safely expose Jira Server through firewall?

I have JIRA Server running behind my firewall on my dev machine and need to expose it to my co-workers so they can log-in without being on a VPN or having to use JIRA On Demand since we need other tools that aren't On Demand like Bamboo and Crucible. I have read that you can use Apache as a reverse proxy to forward requests to JIRA on Tomcat, but is this all you need to safely expose JIRA to the outside world? Seems exposing Apache on port 80 has its own list of security implicaitons. Therefore, seems there should be some sort of guide or blog on how to expose JIRA safely because I thought it was generally a bad idea to expose anything on Port 80, even if Apache is being used as a proxy. 

As an aside, I work for a company whose developers are all distributed and work at home. We don't have a central office and would need to have access to JIRA hosted on one a machine at someone's residence but exposed to the internet. Otherwise, JIRA Server and other Server products seem to only be fit for those companies where everyone can be on the same LAN or VPN or have personnel that really know what they are doing.

1 answer

0 votes
Joseph Pitt Community Champion Oct 06, 2016

This is really more of a question for your network team. It should be treated like any other application. I would at least use SSL and don't put it in Public mode.

Being a small company with only 8 developers, we don't have a network team or group of sys-admins. Just developers and a few, application specific IT people that don't know much beyond supporting our software.

Joseph Pitt Community Champion Oct 06, 2016

To expose it to the outside you need to get the IP address entered in a public facing DNS site. that entry usually points to a server in the DMZ that may host JIRA or passes the traffic to the server inside that does. As I said I would use SSL and make it private (don't allow people to directly sign up for IDs). You can get an SSL certificate from many places. One of the companies I worked for used GoDaddy. . As for the port, SSL uses 443. Or you can make it any port and then the DNS entry would include :xxxx where xxxx is the port to use. The user wouldn't put the port in, the DNS server would translate the URL to the IP address with the port.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,111 views 4 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you