Jira 5.2.6 produces non-ssl links though configured correctly with apache SSL and mod_proxy

My Jira installation produces non-ssl links and I don't know how to solve it:

I followed these steps exactly: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL

The Jira Base Url is configured as SSL (https://jira.example.com/) and jira is installed from the installer-package on an Ubuntu 10.04 x64 (Package version: atlassian-jira-5.2.6-x64.bin)

I reconized, Jira is producing non-ssl links. This causes apache to perform a redirect on almost every request, which makes a plain ssl usage completely useless.

Please have a look at this curl command, especially the Location header:

curl -I "https://jira.example.com/secure/MyJiraHome.jspa"
HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Feb 2013 08:46:37 GMT
Server: Apache-Coyote/1.1
X-AREQUESTID: 586x235x1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-AUSERNAME: anonymous
X-Content-Type-Options: nosniff
Location: http://jira.example.com/secure/Dashboard.jspa
Content-Type: text/html;charset=UTF-8
Set-Cookie: atlassian.xsrf.token=B93W-MDAQ-IETE-MZQV|fbb10c5d10002d9f9c7bd5d75dffd507318a00c0|lout; Path=/
Set-Cookie: JSESSIONID=34EFA5B7EABBC54BFECB696B289D070F; Path=/; HttpOnly
Via: 1.1 jira.example.com
Vary: Accept-Encoding

Any Idea how to solve this (upgrade-safe ftw)?

btw: confluence works like a charm, with the same proxy config

Best regards,

David

2 answers

1 accepted

This widget could not be displayed.

Ok, this is how I managed to solve it:

edit /opt/atlassian/jira/conf/server.xml

and add these lines to the connector on port 8080:

proxyPort="443"
scheme="https"

stop and start jira and all is full SSL.

However, accessing jira without SSL won't work anymore.

This widget could not be displayed.
David Currie Atlassian Team Feb 19, 2013

Thanks for updating the Answer with your fix - to serve HTTPs through a proxy (offloading at Apache), the Tomcat connector needs to be configured as a proxy connector which you've done.

If you'd like to have JIRA available on both HTTP and HTTPS (not sure why, you wan't to do this, though), you can:

  1. Set up Apache to forward 443 to the 8080 proxy connector in the HTTPS VirtualHost.
  2. Forward port 80 to another, separate non-proxy (standard) connector on 8081 (as in https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Step1:ConfigureTomcat) through a separate HTTP VirtualHost.

That way you have JIRA running on two connectors, one is a proxy and the other is a standard HTTP/1.1. Alternatively, you could forward 443 to an AJP connector as in https://confluence.atlassian.com/display/JIRA/Configuring+Apache+Reverse+Proxy+Using+the+AJP+Protocol

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted yesterday in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

83 views 0 1
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you