Jira over HTTPS not starting

Hi I just followed a tutorial:

https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

 

Also paid special attention to "

org.apache.coyote.http11.Http11NioProtocol

" parameter I noticed there was a bug in previous versions, but no luck , when I start Jira and try to access in the browser I get nothing, unable to connect seems Jira is not starting properly, I checked common errors but none of them appear in Catalina.out

 

Is there anybody with the same issue that may help?

Jira version 7.6.2 x64 on CentOS 7x64 minimal updated

Server Hardware: 10 cores, 16GB RAM, 100GB HDD

3 answers

1 accepted

Once I fixed the SSL chain issue, warning just disappear, it worked like a charm, thank you very much.

@Gonchik Tsymzhitov I guess your answer fixed this, thank you very much.

Hi! 

Could you provide the connector settings? 

And any exceptions or errors in catalina.out? 

 

 

Cheers,

Gonchik Tsymzhitov

Added following text to 

/opt/atlassian/jira/atlassian-jira/WEB-INF/web.xml

 

<security-constraint>

        <web-resource-collection>

                <web-resource-name>all-except-attachments</web-resource-name>

                <url-pattern>*.jsp</url-pattern>

                <url-pattern>*.jspa</url-pattern>

                <url-pattern>/browse/*</url-pattern>

                <url-pattern>/issues/*</url-pattern>

        </web-resource-collection>

        <user-data-constraint>

                <transport-guarantee>CONFIDENTIAL</transport-guarantee>

        </user-data-constraint>

</security-constraint>

 

 

Also edited server.xml

<Connector port="8080"

                   maxThreads="150"

                   minSpareThreads="25"

                   connectionTimeout="20000"

 

                   enableLookups="false"

                   maxHttpHeaderSize="8192"

                   protocol="HTTP/1.1"

                   useBodyEncodingForURI="true"

                   redirectPort="8443"

                   acceptCount="100"

                   disableUploadTimeout="true"

                   bindOnInit="false"/>

 

 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

              maxHttpHeaderSize="8192" SSLEnabled="true"

              maxThreads="150" minSpareThreads="25"

              enableLookups="false" disableUploadTimeout="true"

              acceptCount="100" scheme="https" secure="true"

              sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3"

              clientAuth="false" sslProtocol="TLSv1,TLSv1.1,TLSv1.2,TLSv1.3" useBodyEncodingForURI="true"

              keyAlias="jira" keystoreFile="/var/atlassian/application-data/jira/jira.jks" keystorePass="changeit" keystoreType="JKS"/>

When I try to open http://mywebsite:8080 it redirects to https://mywbsite:8443 but screen is empty and keep loading , timeout at the end. Firewall is down. 

Just as additional comment, this is a fresh installation, I never completed DB configuration, I wanted to do it through HTTPS but I am stocked here no Jira website loaded...

Well Now I tried a clean full installation but this time I first completed DB and first run with Jira then added SSL now it seems to works, but now I have a new question...

SSL certificate is considering as self signed and I did imported root and CA and also domain crt from vendor how can I update self cert and make it use vendor crt so no warning comes out?

Hmm I created a new keystone new cert everything from clean seems now SSL detects a valid crt.

After checking full website I noticed in troubleshooting and support tools the following alert: 

Warning Supported Platforms

Warning Gadget feed URL

I updated base URL to https://domain:8443 but I still have that warning, any advise how to fix it and show it green/ok?

Gonchik Tsymzhitov Community Champion Jan 08, 2018

Well, Do you have reverse proxy? 

Could you check chain in your certificate? 

For example:

https://whatsmychaincert.com/?community.atlassian.com

Hi, no reverse proxy.

there is something miss configured in the chain , I’ll fix the chain.

any idea about gadged warning?

i disabled ssl and used standard port 8080 and the warning still there.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,761 views 18 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you