Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

JIRA Server with SSL Behind Apache Reverse Proxy Not Working

Dalectric
Dalectric
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2014

I'm trying to get JIRA setup behind an Apache reverse proxy where the connection to Apache is via SSL and then the connection between Apache and JIRA is http.

i.e. Internet/Network <=https=> Apache <=http=> JIRASERVER

I'm using a self certified certificate created as described here

Both Apache and JIRA are running on the same Windows 2008 R2 server.

I've followed the instructions from Atlassian but it just doesn't seem to work, I've been looking around all over the Internet and not found a solution for my issue.

I can setup Apache without SSL and that seems to work fine

Config 1

Internet/Network <=http=> Apache <=http=> JIRASERVER

JIRA Setup Files

server.xml

&lt;Service name="Catalina"&gt;
    	&lt;Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" 
        enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" 
        port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
    	proxyName="JIRASERVERNAME" proxyPort="80"/&gt;

Apache Setup File

httpd.conf

LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so

    ServerName JIRASERVERNAME

    Include conf/extra/httpd-vhosts.conf

httpd-vhosts.conf

&lt;VirtualHost *&gt;
    	ServerName JIRASERVERNAME

    	ProxyRequests		Off
    	ProxyPreserveHost	On
    	&lt;Proxy *&gt;
    		Order deny,allow
    		Allow from all
    	&lt;/Proxy&gt;
    
    	ProxyPass		/	http://JIRASERVERNAME:8080/
    	ProxyPassReverse	/	http://JIRASERVERNAME:8080/
	
    &lt;/VirtualHost&gt;

Type JIRASERVERNAME in a browser URL directs to JIRASERVERNAME/secure/Dashboard.jspa and works fine.

Config 2

However when I try and enable the SSL by changing the files to be as shown below (i.e. remove the setup for non-SSL and just use SSL) I get no response and am confused as to what's wrong.

JIRA Setup Files

server.xml

&lt;Service name="Catalina"&gt;
        &lt;Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" 
    	maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
        protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
    	scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/&gt;

Apache Setup File

httpd.conf

LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule ssl_module modules/mod_ssl.so 

    ServerName JIRASERVERNAME
    
    Include conf/extra/httpd-vhosts.conf

httpd-vhosts.conf

&lt;VirtualHost *:443&gt;
    	ServerName JIRASERVERNAME
    
    	SSLEngine			On
    	SSLCertificateFile		"C:\Program Files\Atlassian\JIRA\jre\server.crt"
    	SSLCertificateKeyFile	"C:\Program Files\Atlassian\JIRA\jre\server.key"
    	SSLProxyEngine		On
    	
    	ProxyRequests		Off
    	ProxyPreserveHost	On

    	&lt;Proxy *&gt;
    		Order deny,allow
    		Allow from all
    	&lt;/Proxy&gt;
    
    	ProxyPass		/	http://JIRASERVERNAME:8080/
    	ProxyPassReverse	/	http://JIRASERVERNAME:8080/
    	
    &lt;/VirtualHost&gt;
    &lt;VirtualHost *:80&gt;
    	ServerName JIRASERVERNAME
    	Redirect		/	https://JIRASERVERNAME/
    &lt;/VirtualHost&gt;

Typing in JIRASERVERNAME redirects to the secure URL https://JIRASERVERNAME`

But I get the response in Chrome "This web page is not available"

Can anyone help point out what I've done wrong please, I'd be very grateful

Answer
Watch
Like Be the first to like this
16724 views

3 answers

1 accepted

2 votes
Answer accepted
Dalectric
Dalectric
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 31, 2014

I got it working, it was mainly because Apache wasn't listening on port 443, and I fixed this by including httpd-ssl.conf and then defining my VirtualHost in there.

So this is what I've ended up with

JIRA Setup Files

server.xml

&lt;Service name="Catalina"&gt;
        &lt;Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" 
    	maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
        protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
    	scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/&gt;

Apache Setup File

httpd.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so 

ServerName JIRASERVERNAME
    
Include conf/extra/httpd-vhosts.conf

Include conf/extra/httpd-ssl.conf

httpd-vhosts.conf

&lt;VirtualHost *:80&gt;
    	ServerName JIRASERVERNAME
    	Redirect		/	https://JIRASERVERNAME/
    &lt;/VirtualHost&gt;

httpd-ssl.conf

Listen 443 #This was already defined in here

&lt;VirtualHost *:443&gt;
    ServerName JIRASERVERNAME
    
    SSLEngine			On
    SSLCertificateFile		"C:\Program Files\Atlassian\JIRA\jre\server.crt"
    SSLCertificateKeyFile	"C:\Program Files\Atlassian\JIRA\jre\server.key"
    SSLProxyEngine		On
    	
    ProxyRequests		Off
    ProxyPreserveHost	On

    &lt;Proxy *&gt;
    	Order deny,allow
    	Allow from all
    &lt;/Proxy&gt;
    
    ProxyPass		/	http://JIRASERVERNAME:8080/
    ProxyPassReverse	/	http://JIRASERVERNAME:8080/
    	
&lt;/VirtualHost&gt;

I also commented out any lines that were superceded by my VirtualHost config.

Thanks again for your help, very much appreicated.

Reply
0 votes
C_ Faysal
C_ Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2014

why don't you use the AJP connector instead?

vhost config would look like this then:

&lt;VirtualHost yourHost:443&gt;

# /SSL Section

    ServerAdmin admin@yourhost.tld
    ServerName yourHost
    ServerAlias yourHost

    ProxyRequests Off
    ProxyPreserveHost On

&lt;Proxy *&gt;
Order deny,allow
Allow from all
&lt;/Proxy&gt;
SSLProxyEngine On
ProxyRequests           Off
ProxyPreserveHost       On
ProxyPass           /       ajp://localhost:yourPort/
ProxyPassReverse    /       ajp://localhost:yourPort/
&lt;Location /&gt;
    Order allow,deny
    Allow from all
    &lt;/Location&gt;

&lt;/VirtualHost&gt;

View More Comments
C_ Faysal
C_ Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2014

this is the only connector you need to be active in the server.xml then

&lt;Connector port="yourPort" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/&gt;

Like
Dalectric
Dalectric
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2014

Thanks for the suggestion, I'll give it a go and get back with how I get on

Like
Dalectric
Dalectric
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 31, 2014

Thanks again for the suggestion, but I couldn't get this to work, but that was before I'd realised that I'd not included httpd-ssl.conf and had Apache listen on port 443. What advantage would AJP provide?

Like
Reply
0 votes
Andris Grinbergs
Andris Grinbergs
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2014

Try to set "SSLProxyEngine Off"

View More Comments
Andris Grinbergs
Andris Grinbergs
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2014

Iguess:

SSLProxyEngine On

is used for HTTPS->HTTPS setup, but you have HTTPS->HTTP

Also check if http://JIRASERVERNAME:8080/opens correctly from your apache server host.

And check if your apache server listens on port 443. There should be similar line somewhere in config "Listen 443". You can test if firewall does not block it by trying to connect to 443 port with telnet.

Like
Dalectric
Dalectric
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 30, 2014

Thanks for the suggestion, I'll give it a go and get back with how I get on

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events