JIRA over https - preferred method?

I'm a new JIRA admin, starting off by migrating our somewhat neglected JIRA 4.3 installation to 6.0. I've installed JIRA 6 (6.04) on a fresh host, imported a backup of our database, and had our users bang on it some. Initially I've been testing the new server on our NAT, with the default port 8080. For the next phase of testing, I want to give it a routable IP address and use the canonical https port.

There are at least three ways of doing this documented on atlassian.com:

All three of which start with a use-at-your-own-risk disclaimer.

My question is: Is oneof these the preferred method of serving JIRA on port 443? Conversely, is one of them known to be problematic? My installation is dead simple: A stand-alone server, with JIRA the only web service it's running; no other network ports will be open to the Internet.

My intuition, just because I'm a long-time *nix admin to whom all this java web service stuff looks like Greek, is to go with the Apache proxy approach. It adds an extra layer of indirection --- but OTOH one that's pretty well understood, and one I'm certainly going to understand better than anything involving fiddling with tomcat internals. But before just heading down the route of least resistance, I figured I should get some idea of community opinion.

Thanks in advance!

1 answer

Hi,

We always suggest you running JIRA without any other application in front of it. That said, I rather configure SSL in Tomcat than Apache (this doc). It will need you to import the SSL certificates into a keystore file, and it may be complex some times, even if you're an Unix administrator. If you're going to run JIRA as well on a Linux machine, you'll need to redirect the 8080 and 8443 port to the 80 and 443 port instead, since a common user is unable to bind ports lower than 1024 in Linux. And I believe you don't feel like running JIRA with the root user. :)

If you're planning to integrate JIRA with Apache, please use AJP as says the doc you linked. It won't cause you problems with application links, rest calls and gadgets. You could set the SSL on a virtual host redirecting it for JIRA via AJP, it usually works fine, but you'll still need to import the SSL certificates into a keystore. For that, you won't add the keystore file on Tomcat (since the SSL layer will be provided by Apahe), but will need to add it on JIRA via startup options.

My personal opinion: Keep it running on Tomcat without Apache.

Best regards,
Lucas Timm

Lucas I have been trying unsucessfully to get SSL setup & working for our jira/confluence internal server. Let me say first that my background is in computer hardware; I had never even heard of jira or confluence until I took this position a little less than 2 yrs ago (after getting laid off w/ about 300 others) after almost 27 years with Vitera Healthcare/Sage Healthcare/WebMD. My new boss first gave me jira and confluence upgrade tasks and now this. I followed the link https://confluence.atlassian.com/display/JIRA/Running+JIRA+over+SSL+or+HTTPSand obtained a cert. from Cacert.organd followed all the steps to get it setup. We got the popup window for the initial login saying this was an untrusted site when changing to https but not after that. I created a ticket w/ Atlassian but the support tech I worked with said the cert. from Cacert.orgwill not work and that we must purchase one. My boss does not believe that and has told me that I need to keep searching for an answer for this. if you could help me out that would be awesome. You can e-mail me directly at john.ellis@lsgsolutions.com.

Thanks in advance,

John Ellis

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

23,283 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you