Jira 5.2.6 produces non-ssl links though configured correctly with apache SSL and mod_proxy

David Heidt February 18, 2013

My Jira installation produces non-ssl links and I don't know how to solve it:

I followed these steps exactly: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL

The Jira Base Url is configured as SSL (https://jira.example.com/) and jira is installed from the installer-package on an Ubuntu 10.04 x64 (Package version: atlassian-jira-5.2.6-x64.bin)

I reconized, Jira is producing non-ssl links. This causes apache to perform a redirect on almost every request, which makes a plain ssl usage completely useless.

Please have a look at this curl command, especially the Location header:

curl -I "https://jira.example.com/secure/MyJiraHome.jspa"
HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Feb 2013 08:46:37 GMT
Server: Apache-Coyote/1.1
X-AREQUESTID: 586x235x1
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-AUSERNAME: anonymous
X-Content-Type-Options: nosniff
Location: http://jira.example.com/secure/Dashboard.jspa
Content-Type: text/html;charset=UTF-8
Set-Cookie: atlassian.xsrf.token=B93W-MDAQ-IETE-MZQV|fbb10c5d10002d9f9c7bd5d75dffd507318a00c0|lout; Path=/
Set-Cookie: JSESSIONID=34EFA5B7EABBC54BFECB696B289D070F; Path=/; HttpOnly
Via: 1.1 jira.example.com
Vary: Accept-Encoding

Any Idea how to solve this (upgrade-safe ftw)?

btw: confluence works like a charm, with the same proxy config

Best regards,

David

2 answers

1 accepted

3 votes
Answer accepted
David Heidt February 18, 2013

Ok, this is how I managed to solve it:

edit /opt/atlassian/jira/conf/server.xml

and add these lines to the connector on port 8080:

proxyPort="443"
scheme="https"

stop and start jira and all is full SSL.

However, accessing jira without SSL won't work anymore.

1 vote
Dave C
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 19, 2013

Thanks for updating the Answer with your fix - to serve HTTPs through a proxy (offloading at Apache), the Tomcat connector needs to be configured as a proxy connector which you've done.

If you'd like to have JIRA available on both HTTP and HTTPS (not sure why, you wan't to do this, though), you can:

  1. Set up Apache to forward 443 to the 8080 proxy connector in the HTTPS VirtualHost.
  2. Forward port 80 to another, separate non-proxy (standard) connector on 8081 (as in https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL#IntegratingJIRAwithApacheusingSSL-Step1:ConfigureTomcat) through a separate HTTP VirtualHost.

That way you have JIRA running on two connectors, one is a proxy and the other is a standard HTTP/1.1. Alternatively, you could forward 443 to an AJP connector as in https://confluence.atlassian.com/display/JIRA/Configuring+Apache+Reverse+Proxy+Using+the+AJP+Protocol

Suggest an answer

Log in or Sign up to answer