My Jira installation produces non-ssl links and I don't know how to solve it:
I followed these steps exactly: https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL
The Jira Base Url is configured as SSL (https://jira.example.com/) and jira is installed from the installer-package on an Ubuntu 10.04 x64 (Package version: atlassian-jira-5.2.6-x64.bin)
I reconized, Jira is producing non-ssl links. This causes apache to perform a redirect on almost every request, which makes a plain ssl usage completely useless.
Please have a look at this curl command, especially the Location header:
curl -I "https://jira.example.com/secure/MyJiraHome.jspa" HTTP/1.1 302 Moved Temporarily Date: Tue, 19 Feb 2013 08:46:37 GMT Server: Apache-Coyote/1.1 X-AREQUESTID: 586x235x1 Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT X-AUSERNAME: anonymous X-Content-Type-Options: nosniff Location: http://jira.example.com/secure/Dashboard.jspa Content-Type: text/html;charset=UTF-8 Set-Cookie: atlassian.xsrf.token=B93W-MDAQ-IETE-MZQV|fbb10c5d10002d9f9c7bd5d75dffd507318a00c0|lout; Path=/ Set-Cookie: JSESSIONID=34EFA5B7EABBC54BFECB696B289D070F; Path=/; HttpOnly Via: 1.1 jira.example.com Vary: Accept-Encoding
Any Idea how to solve this (upgrade-safe ftw)?
btw: confluence works like a charm, with the same proxy config
Best regards,
David
Ok, this is how I managed to solve it:
edit /opt/atlassian/jira/conf/server.xml
and add these lines to the connector on port 8080:
proxyPort="443" scheme="https"
stop and start jira and all is full SSL.
However, accessing jira without SSL won't work anymore.
Thanks for updating the Answer with your fix - to serve HTTPs through a proxy (offloading at Apache), the Tomcat connector needs to be configured as a proxy connector which you've done.
If you'd like to have JIRA available on both HTTP and HTTPS (not sure why, you wan't to do this, though), you can:
That way you have JIRA running on two connectors, one is a proxy and the other is a standard HTTP/1.1. Alternatively, you could forward 443 to an AJP connector as in https://confluence.atlassian.com/display/JIRA/Configuring+Apache+Reverse+Proxy+Using+the+AJP+Protocol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.