Jira behind nginx HTTPS proxy - default page

hello,

context: we already have a few Jira instances, all behind reverse proxies (Apache or Nginx), all HTTP protocol. We have now set up a new one behind an Nginx proxy with HTTPS/SSL.

Proxy listens on port 443 @ jira.mycompany.com, and forwards everything to Jira_server_IP:8080.
Tomcat Connector then forwards to 8443, hurray, it works, BUT..

the default page when typing https://jira.mycompany.comis https://jira.mycompany.com/secure/errors.jspstating :

JIRA Access Constraints

There are no problems accessing JIRA at present.

Back to JIRA

That's great, but I cannot find how to get rid of it. Users get it before logging in and right after, which is kind of annoying.

Has anyone be confronted to a similar scenario ? Is it normal behavior ?


thanks for any input !

3 answers

1 votes

Hi Nicolas,

We have a KB Article with instructions on how to integrate JIRA with nginx:

https://confluence.atlassian.com/display/JIRAKB/How+to+use+NGINX+to+proxy+requests+for+JIRA

Could you please check it and let us know if following the recommendations in there helped to resolve the issue?

Cheers,

Danilo

Hi,


thanks for the help !

I used this KB to set up the reverse proxy. Below the configs I use:

nginx:

proxy_cache_path /var/cache/nginx/jira23 levels=1:2 keys_zone=jira23-cache:50m max_size=50m inactive=1440m;

#SSL LISTENER
server {
        listen 443 ssl;
        server_name jira.mycompany.com;
        ssl_certificate     /etc/nginx/ssl/jira.crt;
        ssl_certificate_key /etc/nginx/ssl/jira.key;

        access_log /var/log/nginx/jira23/jira23.access.log;
        error_log /var/log/nginx/jira23/jira23.error.log;

        client_max_body_size 10M;

 ## Proxy settings
  proxy_max_temp_file_size    0;
  proxy_connect_timeout      900;
  proxy_send_timeout         900;
  proxy_read_timeout         900;
  proxy_buffer_size          4k;
  proxy_buffers              4 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;
  proxy_intercept_errors     on;



proxy_cache jira23-cache;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache_min_uses 1;
proxy_cache_valid 1440m;
auth_basic off;

        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://myIP:8080;

                set $do_not_cache 0;
                if ($request_uri ~* ^(/secure/admin|/plugins|/secure/projects|/projects|/admin)) {
                        set $do_not_cache 1;
                }
                proxy_cache_bypass $do_not_cache;
        }

}

and jira :

<Connector port="8080"


                   maxThreads="150"

                   minSpareThreads="25"

                   connectionTimeout="20000"

                   enableLookups="false"

                   maxHttpHeaderSize="8192"

                   protocol="HTTP/1.1"

                   useBodyEncodingForURI="true"

                   redirectPort="8443"

                   acceptCount="100"

                   disableUploadTimeout="true"/>


       <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"

              	maxHttpHeaderSize="8192"
		SSLEnabled="true"

              	maxThreads="150"
		minSpareThreads="25"

              	enableLookups="false"
		disableUploadTimeout="true"

	        acceptCount="100"
		scheme="https"
		secure="true"

                clientAuth="false"
		sslProtocol="TLS"
		useBodyEncodingForURI="true"
		proxyName="jira.mycompany.com"
		proxyPort="443" />


website answers fine, but instead of landing on https://jira.mycompany.com/secure/Dashboard.jspalike all other instances I have (not HTTPS though), default page is https://jira.mycompany.com/secure/errors.jspwith the message in my first post.

I have the same issue, login lands to the Errors.jsp page. Were you able to resolve this issue ?

Hello Arun ; well, I ultimately redid all connectors. Commented out all existing entries, then created the following two:

<!-- standard connector -->
    <Connector port="8081"

                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"/>
<!-- Proxy Connector -->        
    <Connector 
        port="8080" 
        acceptCount="100" 
        connectionTimeout="20000" 
        disableUploadTimeout="true" 
        enableLookups="false" 
        maxHttpHeaderSize="8192" 
        maxThreads="150" 
        minSpareThreads="25" 
        protocol="HTTP/1.1" 
        redirectPort="8443"
        useBodyEncodingForURI="true" 
        scheme="https"
        proxyName="jira.mycompany.com" 
        proxyPort="443"/>



proxy is still redirecting to 8080, with a trailing slash for good measure (http://IP:8080/;)
Now works like a charm.

Guess Tomcat did not like port 8443, although I still fail to see why.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,914 views 12 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot