Jira 5.2.6 produces non-ssl links though configured correctly with apache SSL and mod_proxy

My Jira installation produces non-ssl links and I don't know how to solve it:

I followed these steps exactly: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL

The Jira Base Url is configured as SSL (https://jira.example.com/) and jira is installed from the installer-package on an Ubuntu 10.04 x64 (Package version: atlassian-jira-5.2.6-x64.bin)

I reconized, Jira is producing non-ssl links. This causes apache to perform a redirect on almost every request, which makes a plain ssl usage completely useless.

Please have a look at this curl command, especially the Location header:

curl -I "https://jira.example.com/secure/MyJiraHome.jspa"
HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Feb 2013 08:46:37 GMT
Server: Apache-Coyote/1.1
X-AREQUESTID: 586x235x1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-AUSERNAME: anonymous
X-Content-Type-Options: nosniff
Location: http://jira.example.com/secure/Dashboard.jspa
Content-Type: text/html;charset=UTF-8
Set-Cookie: atlassian.xsrf.token=B93W-MDAQ-IETE-MZQV|fbb10c5d10002d9f9c7bd5d75dffd507318a00c0|lout; Path=/
Set-Cookie: JSESSIONID=34EFA5B7EABBC54BFECB696B289D070F; Path=/; HttpOnly
Via: 1.1 jira.example.com
Vary: Accept-Encoding

Any Idea how to solve this (upgrade-safe ftw)?

btw: confluence works like a charm, with the same proxy config

Best regards,

David

2 answers

1 accepted

Ok, this is how I managed to solve it:

edit /opt/atlassian/jira/conf/server.xml

and add these lines to the connector on port 8080:

proxyPort="443"
scheme="https"

stop and start jira and all is full SSL.

However, accessing jira without SSL won't work anymore.

1 vote
David Currie Atlassian Team Feb 19, 2013

Thanks for updating the Answer with your fix - to serve HTTPs through a proxy (offloading at Apache), the Tomcat connector needs to be configured as a proxy connector which you've done.

If you'd like to have JIRA available on both HTTP and HTTPS (not sure why, you wan't to do this, though), you can:

  1. Set up Apache to forward 443 to the 8080 proxy connector in the HTTPS VirtualHost.
  2. Forward port 80 to another, separate non-proxy (standard) connector on 8081 (as in https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Step1:ConfigureTomcat) through a separate HTTP VirtualHost.

That way you have JIRA running on two connectors, one is a proxy and the other is a standard HTTP/1.1. Alternatively, you could forward 443 to an AJP connector as in https://confluence.atlassian.com/display/JIRA/Configuring+Apache+Reverse+Proxy+Using+the+AJP+Protocol

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Sunday in Agility

You asked for it, so we delivered: images on issues have arrived

A picture tells a thousand words. And agility boards have just released their latest feature: cover images on issues – so now your board can tell a story at first glance. Upload attachmen...

184 views 1 11
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you