Jira 5.2.6 produces non-ssl links though configured correctly with apache SSL and mod_proxy

My Jira installation produces non-ssl links and I don't know how to solve it:

I followed these steps exactly: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL

The Jira Base Url is configured as SSL (https://jira.example.com/) and jira is installed from the installer-package on an Ubuntu 10.04 x64 (Package version: atlassian-jira-5.2.6-x64.bin)

I reconized, Jira is producing non-ssl links. This causes apache to perform a redirect on almost every request, which makes a plain ssl usage completely useless.

Please have a look at this curl command, especially the Location header:

curl -I "https://jira.example.com/secure/MyJiraHome.jspa"
HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Feb 2013 08:46:37 GMT
Server: Apache-Coyote/1.1
X-AREQUESTID: 586x235x1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-AUSERNAME: anonymous
X-Content-Type-Options: nosniff
Location: http://jira.example.com/secure/Dashboard.jspa
Content-Type: text/html;charset=UTF-8
Set-Cookie: atlassian.xsrf.token=B93W-MDAQ-IETE-MZQV|fbb10c5d10002d9f9c7bd5d75dffd507318a00c0|lout; Path=/
Set-Cookie: JSESSIONID=34EFA5B7EABBC54BFECB696B289D070F; Path=/; HttpOnly
Via: 1.1 jira.example.com
Vary: Accept-Encoding

Any Idea how to solve this (upgrade-safe ftw)?

btw: confluence works like a charm, with the same proxy config

Best regards,

David

2 answers

1 accepted

3 votes
Accepted answer

Ok, this is how I managed to solve it:

edit /opt/atlassian/jira/conf/server.xml

and add these lines to the connector on port 8080:

proxyPort="443"
scheme="https"

stop and start jira and all is full SSL.

However, accessing jira without SSL won't work anymore.

1 vote
David Currie Atlassian Team Feb 19, 2013

Thanks for updating the Answer with your fix - to serve HTTPs through a proxy (offloading at Apache), the Tomcat connector needs to be configured as a proxy connector which you've done.

If you'd like to have JIRA available on both HTTP and HTTPS (not sure why, you wan't to do this, though), you can:

  1. Set up Apache to forward 443 to the 8080 proxy connector in the HTTPS VirtualHost.
  2. Forward port 80 to another, separate non-proxy (standard) connector on 8081 (as in https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Step1:ConfigureTomcat) through a separate HTTP VirtualHost.

That way you have JIRA running on two connectors, one is a proxy and the other is a standard HTTP/1.1. Alternatively, you could forward 443 to an AJP connector as in https://confluence.atlassian.com/display/JIRA/Configuring+Apache+Reverse+Proxy+Using+the+AJP+Protocol

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,950 views 19 22
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you