Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira behind nginx HTTPS proxy - default page

Nicolas Fiastre
Nicolas Fiastre
Contributor
June 23, 2014

hello,

context: we already have a few Jira instances, all behind reverse proxies (Apache or Nginx), all HTTP protocol. We have now set up a new one behind an Nginx proxy with HTTPS/SSL.

Proxy listens on port 443 @ jira.mycompany.com, and forwards everything to Jira_server_IP:8080.
Tomcat Connector then forwards to 8443, hurray, it works, BUT..

the default page when typing https://jira.mycompany.comis https://jira.mycompany.com/secure/errors.jspstating :

JIRA Access Constraints

There are no problems accessing JIRA at present.

Back to JIRA

That's great, but I cannot find how to get rid of it. Users get it before logging in and right after, which is kind of annoying.

Has anyone be confronted to a similar scenario ? Is it normal behavior ?


thanks for any input !

Answer
Watch
Like # people like this
26608 views

3 answers

1 vote
Danilo Conrad
Danilo Conrad
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 24, 2014

Hi Nicolas,

We have a KB Article with instructions on how to integrate JIRA with nginx:

https://confluence.atlassian.com/display/JIRAKB/How+to+use+NGINX+to+proxy+requests+for+JIRA

Could you please check it and let us know if following the recommendations in there helped to resolve the issue?

Cheers,

Danilo

Reply
0 votes
Nicolas Fiastre
Nicolas Fiastre
Contributor
September 2, 2015

Hello Arun ; well, I ultimately redid all connectors. Commented out all existing entries, then created the following two:

<!-- standard connector -->
    <Connector port="8081"

                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"/>
<!-- Proxy Connector -->        
    <Connector 
        port="8080" 
        acceptCount="100" 
        connectionTimeout="20000" 
        disableUploadTimeout="true" 
        enableLookups="false" 
        maxHttpHeaderSize="8192" 
        maxThreads="150" 
        minSpareThreads="25" 
        protocol="HTTP/1.1" 
        redirectPort="8443"
        useBodyEncodingForURI="true" 
        scheme="https"
        proxyName="jira.mycompany.com" 
        proxyPort="443"/>



proxy is still redirecting to 8080, with a trailing slash for good measure (http://IP:8080/;)
Now works like a charm.

Guess Tomcat did not like port 8443, although I still fail to see why.

Reply
0 votes
Nicolas Fiastre
Nicolas Fiastre
Contributor
June 24, 2014

Hi,


thanks for the help !

I used this KB to set up the reverse proxy. Below the configs I use:

nginx:

proxy_cache_path /var/cache/nginx/jira23 levels=1:2 keys_zone=jira23-cache:50m max_size=50m inactive=1440m;

#SSL LISTENER
server {
        listen 443 ssl;
        server_name jira.mycompany.com;
        ssl_certificate     /etc/nginx/ssl/jira.crt;
        ssl_certificate_key /etc/nginx/ssl/jira.key;

        access_log /var/log/nginx/jira23/jira23.access.log;
        error_log /var/log/nginx/jira23/jira23.error.log;

        client_max_body_size 10M;

 ## Proxy settings
  proxy_max_temp_file_size    0;
  proxy_connect_timeout      900;
  proxy_send_timeout         900;
  proxy_read_timeout         900;
  proxy_buffer_size          4k;
  proxy_buffers              4 32k;
  proxy_busy_buffers_size    64k;
  proxy_temp_file_write_size 64k;
  proxy_intercept_errors     on;



proxy_cache jira23-cache;
proxy_cache_key "$scheme://$host$request_uri";
proxy_cache_min_uses 1;
proxy_cache_valid 1440m;
auth_basic off;

        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://myIP:8080;

                set $do_not_cache 0;
                if ($request_uri ~* ^(/secure/admin|/plugins|/secure/projects|/projects|/admin)) {
                        set $do_not_cache 1;
                }
                proxy_cache_bypass $do_not_cache;
        }

}

and jira :

<Connector port="8080"


                   maxThreads="150"

                   minSpareThreads="25"

                   connectionTimeout="20000"

                   enableLookups="false"

                   maxHttpHeaderSize="8192"

                   protocol="HTTP/1.1"

                   useBodyEncodingForURI="true"

                   redirectPort="8443"

                   acceptCount="100"

                   disableUploadTimeout="true"/>


       <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"

              	maxHttpHeaderSize="8192"
		SSLEnabled="true"

              	maxThreads="150"
		minSpareThreads="25"

              	enableLookups="false"
		disableUploadTimeout="true"

	        acceptCount="100"
		scheme="https"
		secure="true"

                clientAuth="false"
		sslProtocol="TLS"
		useBodyEncodingForURI="true"
		proxyName="jira.mycompany.com"
		proxyPort="443" />


website answers fine, but instead of landing on https://jira.mycompany.com/secure/Dashboard.jspalike all other instances I have (not HTTPS though), default page is https://jira.mycompany.com/secure/errors.jspwith the message in my first post.

View More Comments
Arun Kumar Paraman
Arun Kumar Paraman September 2, 2015

I have the same issue, login lands to the Errors.jsp page. Were you able to resolve this issue ?

Like Sajan Kumar Devarakonda likes this
Sajan Kumar Devarakonda
Sajan Kumar Devarakonda August 8, 2019

How did you resolve the issue?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events