It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira behind Nginx as reverse proxy with SSL issue

Hello everyone,

I have 2 VMs. The first VM has Nginx and jira installed on the second VM.

I'm able to connect to the jira server when I use the jira VM IP like below: 

http://jira-server-ip:8080/jira/  # This one is for proxy with ssl.

http://jira-server-ip:8081/jira/  # This one is for proxy without ssl.

http://jira-server-ip:8082/jira/  # This one is for connecting without proxy.

 

However, when I try to use the "subdomain.domain.com" throw the Nginx reverse proxy, I always got 502 Bad Gateway message from Nginx.

Whatever if I use my local DNS or google DNS it is always the same.

Thank you in advance.

 

Best regards,

 

2 answers

1 accepted

1 vote
Answer accepted

If you are running selinux, make sure to run the following

setsebool -P httpd_can_network_connect 1

Otherwise nginx will not be allowed to make the connection to your jira server

@Andrew Laden  Thank you very much this solve weeks of struggling with this problem.

I will be grateful if you have any tips  for a this new issue : "gadget.common.error.500".

Are your certs signed using a public registrar or did you sign them internally? If you signed them internally (or self signed) you will need to import your signing certs into the cacerts file for the java installation specific to your jira.

There is a (very poorly documented) addon from atlassian labs that can help with this

https://marketplace.atlassian.com/apps/1211087/ssl-for-jira?hosting=server&tab=overview

or you can just run keytool manually

keytool -importcert -alias {commonname} -keystore {Keystorelocation} -file {Certfile}

The cert file should be a .cer file that your signing provider can generate or provide.

The common name is just for your referenecne.

The keystore location would be

$JIRA_HOME/jre/lib/security/cacerts

It will ask for a password. The default is "changeit"

1 vote
DPK J Community Leader Sep 16, 2019

@TDCan you share some more information, like Nginx virtual host (where you are adding subdomain configuration) file, and Jira's conf/server.xml file for details.

One thing you can check before moving forward is, try accessing Virtual Server 2 from Virtual Server 1 using IP address you are using in reverse proxy configuration.

  • You can try PING, or
  • accessing Jira page using wget, curl or any other utility.

@DPK J  Thank you very much for your quick response.  Actually @Andrew Laden  answer helps to solve the problem. Even that I got a new issue now with the "gadget.common.error.500".

DPK J Community Leader Sep 17, 2019

@TDhave you updated your Jira Base URL and have added settings for 'proxyName', 'proxyPort', and 'scheme' in your <JIRA_INSTALLATION>/server.xml file?

You can also look as this KB article by Atlassian - https://confluence.atlassian.com/jirakb/jira-activity-stream-gadget-throws-gadget-common-error-500-973485793.html

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Jira

Demo Den Ep. 7: New Jira Cloud Reports

Learn how to use two new reports for next-gen projects in Jira Cloud:  Cumulative flow diagram and Sprint burndown chart. Ivan Teong, Product Manager, Jira Software, demos the Cumulative ...

314 views 1 3
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you