Issues Changing TCP Port For JIRA/Confluence (CentOS)

Zebadiah Ramos November 3, 2017

Hello!

I'm attempting to change the default ports for JIRA/Confluence (8080/8090) to TCP port 80. We'd like to be able to use port 80 so we can create an A record within DNS so our users can type just "JIRA" or "Confluence" into their address bar and get to the referenced application.

I followed the steps listed on the below link:

 - https://confluence.atlassian.com/adminjiraserver073/changing-jira-application-tcp-ports-861253904.html

However after changing the connector port they become unavailable. I've done the following troubleshooting steps to resolve this:

1. After changing the connector port I've ensured that I'm re-starting the services as root.

2. Ensured that the ports are open on the local firewall.

Any ideas as to what I'm missing here? Thank you for your help as always, everyone!

 

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 3, 2017

What does the log say the problem is?

Are you sure it is listening on that port? 

It's a very bad idea to run the service as root by the way - it will work, but it becomes an attack vector.  You should run it as an unprivileged user with rights to use port 80 (this is what Apache does)

Zebadiah Ramos November 6, 2017

Hello Nic!

 

Where can I view the log information? 

 

I'll verify that we're listening on port 80.

 

Concerning running as root I was just going off of the instructions listed below on the page I linked earlier. I assume this is no longer necessary/best practices?

 

"If you are running on a Unix server and bind the ports below 1024 (such as port 80 for example), you will need to start JIRA as root in order to successfully bind to the port."

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 6, 2017

Logs should be under <Jira home>/logs and <Jira install>/log.

It's never been a good idea to run the Tomcat as root, no matter what the docs might suggest.  "Run Tomcat as root" is bad advice.   I personally always proxy it with Apache (because I'm familiar with Apache, having had some lessons from Dirk, Graham and Lars in my last job), but if you don't want to proxy it, then run it with the elevated privilige trick Apache uses.

Zebadiah Ramos November 6, 2017

Gotcha, I'm going to try to proxy with NginX as we're planning on leveraging them for other items in our environment.

 

Thanks, Nic.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
November 6, 2017

Nginx will work just as well as Apache, and is a bit easier to configure a lot of the time.

Zebadiah Ramos November 7, 2017

Nic,

 

You mentioned you had experience with using Apache in this instance. Would you be able to clarify something for me?

 

When following the directions within this page, https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html, it mentions using the FQDN or what users type in the address bar to get to Confluence. Since we use the IP address followed by port "8090" to get to it would I be able to use the IP address in this instance? I apologize if this is a dumb question, but I have no experience with Apache or reverse proxy for that matter.

 

"

proxyName="<subdomain>.<domain>.com"
 proxyPort="80"
 scheme="http"/>

Note that the proxyName parameter should be set to the FQDN that Apache HTTP Server will be configured to serve. This is the address a user would type into their browser to access the application. For example:

  • use <atlassianapp>.ourcompany.com to access the application at a sub-domain like http://<atlassianapp>.ourcompany.com"
0 votes
josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 6, 2017

Don't run JIRA on port 80 on linux by running as root. Keep it using a dedicated unprivileged service account.

Use a proxy such as Apache and have that run on port 80.

https://confluence.atlassian.com/adminjiraserver070/integrating-jira-with-apache-749383658.html

Suggest an answer

Log in or Sign up to answer