Jira behind nginx HTTPS proxy - default page

Nicolas Fiastre June 23, 2014

hello,

context: we already have a few Jira instances, all behind reverse proxies (Apache or Nginx), all HTTP protocol. We have now set up a new one behind an Nginx proxy with HTTPS/SSL.

Proxy listens on port 443 @ jira.mycompany.com, and forwards everything to Jira_server_IP:8080.
Tomcat Connector then forwards to 8443, hurray, it works, BUT..

the default page when typing https://jira.mycompany.comis https://jira.mycompany.com/secure/errors.jspstating :

JIRA Access Constraints

There are no problems accessing JIRA at present.

Back to JIRA

That's great, but I cannot find how to get rid of it. Users get it before logging in and right after, which is kind of annoying.

Has anyone be confronted to a similar scenario ? Is it normal behavior ?


thanks for any input !

3 answers

1 vote
Danilo Conrad
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 24, 2014

Hi Nicolas,

We have a KB Article with instructions on how to integrate JIRA with nginx:

https://confluence.atlassian.com/display/JIRAKB/How+to+use+NGINX+to+proxy+requests+for+JIRA

Could you please check it and let us know if following the recommendations in there helped to resolve the issue?

Cheers,

Danilo

0 votes
Nicolas Fiastre September 2, 2015

Hello Arun ; well, I ultimately redid all connectors. Commented out all existing entries, then created the following two:

<!-- standard connector -->
    <Connector port="8081"

                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"/>
<!-- Proxy Connector -->        
    <Connector 
        port="8080" 
        acceptCount="100" 
        connectionTimeout="20000" 
        disableUploadTimeout="true" 
        enableLookups="false" 
        maxHttpHeaderSize="8192" 
        maxThreads="150" 
        minSpareThreads="25" 
        protocol="HTTP/1.1" 
        redirectPort="8443"
        useBodyEncodingForURI="true" 
        scheme="https"
        proxyName="jira.mycompany.com" 
        proxyPort="443"/>



proxy is still redirecting to 8080, with a trailing slash for good measure (http://IP:8080/;)
Now works like a charm.

Guess Tomcat did not like port 8443, although I still fail to see why.

0 votes
Nicolas Fiastre June 24, 2014

Hi,


thanks for the help !

I used this KB to set up the reverse proxy. Below the configs I use:

nginx:

proxy_cache_path /var/cache/nginx/jira23 levels=1:2 keys_zone=jira23-cache:50m max_size=50m inactive=1440m;

#SSL LISTENER
server {
        listen 443 ssl;
        server_name jira.mycompany.com;
        ssl_certificate     /etc/nginx/ssl/jira.crt;
        ssl_certificate_key /etc/nginx/ssl/jira.key;

        access_log /var/log/nginx/jira23/jira23.access.log;
        error_log /var/log/nginx/jira23/jira23.error.log;

        client_max_body_size 10M;

 ## Proxy settings
  proxy_max_temp_file_size    0;
  proxy_connect_timeout      900;
  proxy_send_timeout         900;
  proxy_read_timeout         900;
  proxy_buffer_size          4k;
  proxy_buffers              4 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;
  proxy_intercept_errors     on;



proxy_cache jira23-cache;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache_min_uses 1;
proxy_cache_valid 1440m;
auth_basic off;

        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://myIP:8080;

                set $do_not_cache 0;
                if ($request_uri ~* ^(/secure/admin|/plugins|/secure/projects|/projects|/admin)) {
                        set $do_not_cache 1;
                }
                proxy_cache_bypass $do_not_cache;
        }

}

and jira :

<Connector port="8080"


                   maxThreads="150"

                   minSpareThreads="25"

                   connectionTimeout="20000"

                   enableLookups="false"

                   maxHttpHeaderSize="8192"

                   protocol="HTTP/1.1"

                   useBodyEncodingForURI="true"

                   redirectPort="8443"

                   acceptCount="100"

                   disableUploadTimeout="true"/>


       <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"

              	maxHttpHeaderSize="8192"
		SSLEnabled="true"

              	maxThreads="150"
		minSpareThreads="25"

              	enableLookups="false"
		disableUploadTimeout="true"

	        acceptCount="100"
		scheme="https"
		secure="true"

                clientAuth="false"
		sslProtocol="TLS"
		useBodyEncodingForURI="true"
		proxyName="jira.mycompany.com"
		proxyPort="443" />


website answers fine, but instead of landing on https://jira.mycompany.com/secure/Dashboard.jspalike all other instances I have (not HTTPS though), default page is https://jira.mycompany.com/secure/errors.jspwith the message in my first post.

Arun Kumar Paraman September 2, 2015

I have the same issue, login lands to the Errors.jsp page. Were you able to resolve this issue ?

Like Sajan Kumar Devarakonda likes this
Sajan Kumar Devarakonda August 8, 2019

How did you resolve the issue?

Suggest an answer

Log in or Sign up to answer