Jira behind nginx HTTPS proxy - default page

hello,

context: we already have a few Jira instances, all behind reverse proxies (Apache or Nginx), all HTTP protocol. We have now set up a new one behind an Nginx proxy with HTTPS/SSL.

Proxy listens on port 443 @ jira.mycompany.com, and forwards everything to Jira_server_IP:8080.
Tomcat Connector then forwards to 8443, hurray, it works, BUT..

the default page when typing https://jira.mycompany.comis https://jira.mycompany.com/secure/errors.jspstating :

JIRA Access Constraints

There are no problems accessing JIRA at present.

Back to JIRA

That's great, but I cannot find how to get rid of it. Users get it before logging in and right after, which is kind of annoying.

Has anyone be confronted to a similar scenario ? Is it normal behavior ?


thanks for any input !

3 answers

1 vote

Hi Nicolas,

We have a KB Article with instructions on how to integrate JIRA with nginx:

https://confluence.atlassian.com/display/JIRAKB/How+to+use+NGINX+to+proxy+requests+for+JIRA

Could you please check it and let us know if following the recommendations in there helped to resolve the issue?

Cheers,

Danilo

Hi,


thanks for the help !

I used this KB to set up the reverse proxy. Below the configs I use:

nginx:

proxy_cache_path /var/cache/nginx/jira23 levels=1:2 keys_zone=jira23-cache:50m max_size=50m inactive=1440m;

#SSL LISTENER
server {
        listen 443 ssl;
        server_name jira.mycompany.com;
        ssl_certificate     /etc/nginx/ssl/jira.crt;
        ssl_certificate_key /etc/nginx/ssl/jira.key;

        access_log /var/log/nginx/jira23/jira23.access.log;
        error_log /var/log/nginx/jira23/jira23.error.log;

        client_max_body_size 10M;

 ## Proxy settings
  proxy_max_temp_file_size    0;
  proxy_connect_timeout      900;
  proxy_send_timeout         900;
  proxy_read_timeout         900;
  proxy_buffer_size          4k;
  proxy_buffers              4 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;
  proxy_intercept_errors     on;



proxy_cache jira23-cache;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache_min_uses 1;
proxy_cache_valid 1440m;
auth_basic off;

        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://myIP:8080;

                set $do_not_cache 0;
                if ($request_uri ~* ^(/secure/admin|/plugins|/secure/projects|/projects|/admin)) {
                        set $do_not_cache 1;
                }
                proxy_cache_bypass $do_not_cache;
        }

}

and jira :

<Connector port="8080"


                   maxThreads="150"

                   minSpareThreads="25"

                   connectionTimeout="20000"

                   enableLookups="false"

                   maxHttpHeaderSize="8192"

                   protocol="HTTP/1.1"

                   useBodyEncodingForURI="true"

                   redirectPort="8443"

                   acceptCount="100"

                   disableUploadTimeout="true"/>


       <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"

              	maxHttpHeaderSize="8192"
		SSLEnabled="true"

              	maxThreads="150"
		minSpareThreads="25"

              	enableLookups="false"
		disableUploadTimeout="true"

	        acceptCount="100"
		scheme="https"
		secure="true"

                clientAuth="false"
		sslProtocol="TLS"
		useBodyEncodingForURI="true"
		proxyName="jira.mycompany.com"
		proxyPort="443" />


website answers fine, but instead of landing on https://jira.mycompany.com/secure/Dashboard.jspalike all other instances I have (not HTTPS though), default page is https://jira.mycompany.com/secure/errors.jspwith the message in my first post.

I have the same issue, login lands to the Errors.jsp page. Were you able to resolve this issue ?

Hello Arun ; well, I ultimately redid all connectors. Commented out all existing entries, then created the following two:

<!-- standard connector -->
    <Connector port="8081"

                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"/>
<!-- Proxy Connector -->        
    <Connector 
        port="8080" 
        acceptCount="100" 
        connectionTimeout="20000" 
        disableUploadTimeout="true" 
        enableLookups="false" 
        maxHttpHeaderSize="8192" 
        maxThreads="150" 
        minSpareThreads="25" 
        protocol="HTTP/1.1" 
        redirectPort="8443"
        useBodyEncodingForURI="true" 
        scheme="https"
        proxyName="jira.mycompany.com" 
        proxyPort="443"/>



proxy is still redirecting to 8080, with a trailing slash for good measure (http://IP:8080/;)
Now works like a charm.

Guess Tomcat did not like port 8443, although I still fail to see why.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

78 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you