Hello!
I'm attempting to change the default ports for JIRA/Confluence (8080/8090) to TCP port 80. We'd like to be able to use port 80 so we can create an A record within DNS so our users can type just "JIRA" or "Confluence" into their address bar and get to the referenced application.
I followed the steps listed on the below link:
However after changing the connector port they become unavailable. I've done the following troubleshooting steps to resolve this:
1. After changing the connector port I've ensured that I'm re-starting the services as root.
2. Ensured that the ports are open on the local firewall.
Any ideas as to what I'm missing here? Thank you for your help as always, everyone!
What does the log say the problem is?
Are you sure it is listening on that port?
It's a very bad idea to run the service as root by the way - it will work, but it becomes an attack vector. You should run it as an unprivileged user with rights to use port 80 (this is what Apache does)
Hello Nic!
Where can I view the log information?
I'll verify that we're listening on port 80.
Concerning running as root I was just going off of the instructions listed below on the page I linked earlier. I assume this is no longer necessary/best practices?
"If you are running on a Unix server and bind the ports below 1024 (such as port 80 for example), you will need to start JIRA as root in order to successfully bind to the port."
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Logs should be under <Jira home>/logs and <Jira install>/log.
It's never been a good idea to run the Tomcat as root, no matter what the docs might suggest. "Run Tomcat as root" is bad advice. I personally always proxy it with Apache (because I'm familiar with Apache, having had some lessons from Dirk, Graham and Lars in my last job), but if you don't want to proxy it, then run it with the elevated privilige trick Apache uses.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Gotcha, I'm going to try to proxy with NginX as we're planning on leveraging them for other items in our environment.
Thanks, Nic.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nginx will work just as well as Apache, and is a bit easier to configure a lot of the time.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Nic,
You mentioned you had experience with using Apache in this instance. Would you be able to clarify something for me?
When following the directions within this page, https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html, it mentions using the FQDN or what users type in the address bar to get to Confluence. Since we use the IP address followed by port "8090" to get to it would I be able to use the IP address in this instance? I apologize if this is a dumb question, but I have no experience with Apache or reverse proxy for that matter.
"
proxyName="<subdomain>.<domain>.com"
proxyPort="80"
scheme="http"/>
Note that the proxyName
parameter should be set to the FQDN that Apache HTTP Server will be configured to serve. This is the address a user would type into their browser to access the application. For example:
<atlassianapp>.ourcompany.com
to access the application at a sub-domain like http://<atlassianapp>.ourcompany.com"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Don't run JIRA on port 80 on linux by running as root. Keep it using a dedicated unprivileged service account.
Use a proxy such as Apache and have that run on port 80.
https://confluence.atlassian.com/adminjiraserver070/integrating-jira-with-apache-749383658.html
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.