Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira, https and Apache.

kevinp
kevinp
Contributor
June 14, 2011

I'm trying to terminate an ssl connection at apache, and proxy that back down to jira. Yay. There's even a blurb about what to do in the docs: http://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache However the documentation is pretty thin.

I've tried the following configurations to no avail. When hitting domain.com:8080 I am presented with jira! when I hit https://domain.com the request times out.

Configuration 1:

(ubuntu 10.04 lts server)

/etc/apache/sites-enabled/jira-mod_proxy

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/ssl_access.log combined
        SSLEngine on
    SSLProxyEngine On
 
        <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 
    ProxyPass / http://localhost:8080/</pre<>>

    ProxyPassReverse / http://localhost:8080/</pre<>>

</VirtualHost>


</IfModule>


 


 


Configuration 2: same file


NameVirtualHost *:443
<VirtualHost *:443>
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    SSLEngine On
    SSLProxyEngine On
    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>


 


Thoughts?
Answer
Watch
Like Mo Beigi likes this
1639 views

3 answers

2 votes
justindowning
justindowning
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 14, 2011

I use Ubuntu 10.04 with JIRA+Apache+SSL as well. However, instead of mod_proxy, I use mod_jk. It's a bit difficult to add markup to answers here, so I explain my answer futher in my blog: http://justinit.wordpress.com/2011/06/15/jira-with-apache2-and-ssl/

View More Comments
Michael Brinson
Michael Brinson August 8, 2011

Kind of sparse explanation, but I'm trying to implement what you have Justin. Could you possibly ad in a little more verbiage to make your explanation more readable? (on your blog post, I mean)

Like
Michael Brinson
Michael Brinson August 9, 2011

I set my environment up following Justin's code outline and it is working, but I already had it working via the mod_proxy method. The resaon I tried Justin's method was to see if I could get application links working between Jira and Confluence. Unfortunately it's still the same using the mmod_jk method.

Justin - Have you got it working so that Jira and Confluence can talk to each other with application links while also terminating SSL to apache in the front?

Like
justindowning
justindowning
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 9, 2011

I, too, have both apps on the same physical host. They still use the Trusted Applications method as opposed to Application Link. Both are using the https address for connecting in this way. If I remember correctly, the order of operations here is important. I would go back and read the docs on this process (perhaps even the Here Be Dragons tutorial -- I found it helpful for this piece).

Like
Reply
0 votes
Martin Cooper3
Martin Cooper
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 28, 2011

This works for me with Jira 4.3.2 on Ubuntu 11

In your apache conf make sure that the Listen 443 directive exists and the NameVirtualHost *:433 (on ubuntu this is in the separate /etc/apache2/ports.conf file)

<VirtualHost *:443>
<Proxy *>
Order deny,allow
Allow from ALL
</Proxy>
ProxyRequests OFF
ProxyPreserveHost ON
ServerName sandpit
 
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
ProxyPass /jira http://localhost:8085/jira
ProxyPassReverse /jira http://localhost:8085/jira
</VirtualHost>

(Note the servername in the virtual host needs to match the common name in your selfsigned cert else will generate warnings in the log)

Then in your Jira server.xml (INSTALL/conf/server.xml)

Add the following to the connector section:

scheme="https"
proxyName="localhost"
proxyPort="443"

The proxyname needs to match your proxy server hostname

You may also need the context setting to /jira in the server.xml as well so would be accessing on https://domain.com/jira

If using application links at all then you will probably need to import the certificate into the java keystore as well - that is documented here:

http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services

View More Comments
Roman Serazhiev
Roman Serazhiev November 27, 2013

Awesome! Helped me. Thanks

Like
Reply
0 votes
Jason Jason16
Jason Jason
Contributor
June 15, 2011

Turn off the "SSLProxyEngine" since your not proxying in SSL, your terminating SSL at apache.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events