Jira behind Nginx as reverse proxy with SSL issue

TD September 16, 2019

Hello everyone,

I have 2 VMs. The first VM has Nginx and jira installed on the second VM.

I'm able to connect to the jira server when I use the jira VM IP like below: 

http://jira-server-ip:8080/jira/  # This one is for proxy with ssl.

http://jira-server-ip:8081/jira/  # This one is for proxy without ssl.

http://jira-server-ip:8082/jira/  # This one is for connecting without proxy.

 

However, when I try to use the "subdomain.domain.com" throw the Nginx reverse proxy, I always got 502 Bad Gateway message from Nginx.

Whatever if I use my local DNS or google DNS it is always the same.

Thank you in advance.

 

Best regards,

 

2 answers

1 accepted

1 vote
Answer accepted
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 17, 2019

If you are running selinux, make sure to run the following

setsebool -P httpd_can_network_connect 1

Otherwise nginx will not be allowed to make the connection to your jira server

TD September 17, 2019

@Andrew Laden  Thank you very much this solve weeks of struggling with this problem.

I will be grateful if you have any tips  for a this new issue : "gadget.common.error.500".

Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
September 18, 2019

Are your certs signed using a public registrar or did you sign them internally? If you signed them internally (or self signed) you will need to import your signing certs into the cacerts file for the java installation specific to your jira.

There is a (very poorly documented) addon from atlassian labs that can help with this

https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server&tab=overview

or you can just run keytool manually

keytool -importcert -alias {commonname} -keystore {Keystorelocation} -file {Certfile}

The cert file should be a .cer file that your signing provider can generate or provide.

The common name is just for your referenecne.

The keystore location would be

$JIRA_HOME/jre/lib/security/cacerts

It will ask for a password. The default is "changeit"

1 vote
DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 16, 2019

@TDCan you share some more information, like Nginx virtual host (where you are adding subdomain configuration) file, and Jira's conf/server.xml file for details.

One thing you can check before moving forward is, try accessing Virtual Server 2 from Virtual Server 1 using IP address you are using in reverse proxy configuration.

  • You can try PING, or
  • accessing Jira page using wget, curl or any other utility.
TD September 17, 2019

@DPKJ  Thank you very much for your quick response.  Actually @Andrew Laden  answer helps to solve the problem. Even that I got a new issue now with the "gadget.common.error.500".

DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
September 17, 2019

@TDhave you updated your Jira Base URL and have added settings for 'proxyName', 'proxyPort', and 'scheme' in your <JIRA_INSTALLATION>/server.xml file?

You can also look as this KB article by Atlassian - https://confluence.atlassian.com/jirakb/jira-activity-stream-gadget-throws-gadget-common-error-500-973485793.html

Suggest an answer

Log in or Sign up to answer