Environment:

• CentOS 7.4 Server
  • Apache 2.4
    • mod_proxy
    • mod_proxy_ajp
    • mod_ssl
    • mod_rewrite
    • listen on 0.0.0.0:443
    • vhost.conf:
      • <IfDefine SSL>
        <IfDefine !NOSSL>
        
        
        <VirtualHost _default_:443>
        
                # JIRA Proxy Configuration:
                <Proxy *>
                        Require all granted
                </Proxy>
        
                SSLProxyEngine          On
                ProxyRequests           Off
                ProxyPreserveHost       On
                ProxyPass               /jira       ajp://127.0.0.1:8009/jira
                ProxyPassReverse        /jira       ajp://127.0.0.1:8009/jira
        
                #  General setup for the virtual host
                DocumentRoot "/srv/www/htdocs"
                ServerName external_server_name.fqdn:443
                ErrorLog /var/log/apache2/error_log
                TransferLog /var/log/apache2/access_log
        
                SSLEngine on
        
                SSLCertificateFile /etc/apache2/ssl.crt/external_server_name.crt
                SSLCertificateKeyFile /etc/apache2/ssl.key/external_server_name.key
        
                CustomLog /var/log/apache2/ssl_request_log   ssl_combined
        
        </VirtualHost>
        
        </IfDefine>
        </IfDefine>
  • Atlassian Jira Software 7.8.1
    • {install directory}/conf/server.xml (comments removed for brevity):
      • <?xml version="1.0" encoding="utf-8"?>
        <Server port="8005" shutdown="SHUTDOWN">
            <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
            <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
            <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
            <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
            <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
        
            <Service name="Catalina">
        
                <Connector port="8009" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/>
        
                <Engine name="Catalina" defaultHost="localhost">
                    <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
        
                        <Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
        
                            <Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
                                      factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
                            <Manager pathname=""/>
                            <JarScanner scanManifest="false"/>
                        </Context>
        
                    </Host>
        
                    <Valve className="org.apache.catalina.valves.AccessLogValve"
                           pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
        
                </Engine>
            </Service>
        </Server>
    • Base URL configured as: https://external_server_name.fqdn/jira

Issues:

• Successes:
  • Able to successfully log in to Jira and view Dashboards, etc.
  • Able to successfully elevate privileges to create new Projects.
  • Able to view System Configuration settings correctly.
  • Able to view User management and edit User Details.
• Failures:
  • If I then click on Groups, or Manage Groups button, Jira returns an error.
  • If I try to create new user via button, I get a 403 Access Forbidden error forcing me to log out and then back in.
  • Quick Searches also fail. (example: tags, usernames, groups, etc.)
  • I'm suspecting that somehow session information (atl_token) is not being passed to Jira via the URL as the URL in the above error contains something similar to:
    https://external_server_name.fqdn/jira/secure/admin/user/ViewGroup.jspa?atl_token=BBDW-YEPX-6IGV-IRVG%7C956bbd0a212055122a6483a72f5a77936b36c31c%7Clin&name=jira-software-users

I've reviewed all available KBs (keywords: apache, jira, confluence, ajp, reverse-proxy, etc.) and comments, but must be missing something.

Any ideas as to what I may have wrong or missing?