Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira over SSL icon issue

Dzintars
Dzintars November 22, 2017

Hi,

We are small team and using Jira to manage some projects. and i am not expert in server administration and i have no able to get some.
My setup is Ubuntu 16.04 LTS + Webmin + Virtualmin + Apache
Jira is running on custom port 9090
Jira is accessed by sub-domain https://jira.domain.com
SSL is enabled and running well. Signed by Let's Encrypt
I use Proxying from jira.domain.com to http://domain.com:9090
BaseURL in Jira config is updated to https://jira.domain.com

It works. It redirects and SSL is fully (green bar) applied on login page.

But problem is that after login all icons are not loaded and SSL also is not fully applied (gray SSL icon). It runs over SSL, but icons are loaded under http and NOT rendered on screen.

Exactly the same setup for Confluence is working perfect without any problems.
I tried many instructions from Atlassian homepage, but no luck.
https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html

In this one i am not sure i need some KeyStore or... i dont know what the heck is that... as i already has SSL certificates applied in my sub-domains directory. And this works for Confluence.
BTW - by following this instruction i f***d up my Webmin SSL certificates and currently are forced to use non-ssl access to Webmin. I will fix this later.

In result, i just want to fix those icons to be loaded under SSL.

Answer
Watch
Like papaex likes this
3384 views

2 answers

1 accepted

0 votes
Answer accepted
Dzintars
Dzintars December 2, 2017

So, at the end i fixed Atlassian issue on my own.

This and this links helped me at most.

View More Comments
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 2, 2017

The first of those links parrots the "use apache in front of Atlassian doc".

Like
Reply
0 votes
Boris Berenberg - Atlas Authority
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 22, 2017

I would confirm that you properly set your proxy settings in the server.xml file, and updated the base URL in Jira.

View More Comments
Dzintars
Dzintars November 22, 2017

I created .pfx file from my existing certificate and included those two connectors in /opt/atlassian/jira/conf/server.xml file. I used single quotes because my keystore pass contain doubleqoutes.

No any changes at all. Jira Startup page and login page is loading fine under SSL (green bar). After i log in - all icons are lost and SSL is "downgraded" to gray ssl mode.

 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxHttpHeaderSize="8192" SSLEnabled="true"
 maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="true"
 keystoreFile="/opt/atlassian/jira/jira.pfx" keystorePass='<my_keystorepass>' keyAlias="1" keystoreType="PKCS12"
 clientAuth="false" connectionTimeout="20000" sslProtocol="TLS" useBodyEncodingForURI="true"/>
 
 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxHttpHeaderSize="8192" SSLEnabled="true"
 maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="true"
 keystoreFile="/opt/atlassian/jira/jira.pfx" keystorePass='<my_keystorepass>' keyAlias="1" keystoreType="PKCS12"
 clientAuth="false" connectionTimeout="20000" sslProtocol="TLS" useBodyEncodingForURI="true"/>

And currently when i log out from Jira i get funny warning message:
JIRA's base URL is set to https://jira.domain.com but you are accessing JIRA from https://jira.domain.com.
Update JIRA's base URL

Crazy... i spend whole day today without any luck. In my opinion this should be done by 1-2-3 clicks from admin panel in 21st century.

Like
Dzintars
Dzintars November 22, 2017

And when i go to board settings or All projects or Issues settings pages... i see those icons for every project, issue type and so on.

Mby i need somehow to update existing projects?

I did re-indexing and so on.

User avatars are lost. I cant set user avatars. I see only placeholders.

Like
Dzintars
Dzintars November 22, 2017

useravatar; story.svg and projectavatar files are not loaded under https. They still are loaded as http:// but my base_url is fine. I can see it in console.

Like
Dzintars
Dzintars November 22, 2017

/var/atlassian/application-data/jira/log/atlassian-jira.log:2017-11-22 21:24:31,206 http-nio-9090-exec-8 WARN dzintars 1284x76x2 wztaq3 192.168.1.1,0:0:0:0:0:0:0:1 /rest/webResources/1.0/resources [c.a.p.r.c.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: http://localhost:9090/rest/webResources/1.0/resources , origin: null , referrer: https://jira.domain.com/secure/admin/ViewApplicationProperties.jspa , credentials in request: true , allowed via CORS: false

Like
Boris Berenberg - Atlas Authority
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 23, 2017

As I said, you missed all the proxy parms in the server.xml file. Re-read the Tomcat portion of https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html and set the proxyPort, proxyName, and scheme parameters.

Like
Dzintars
Dzintars November 23, 2017

I already did that. No results. Dont think there is problem in my config because only some part of Jira resources are not served under SSL. Majority of files and also some icons/images are served under SSL.

Like
Boris Berenberg - Atlas Authority
Boris Berenberg - Atlas Authority
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 24, 2017

Can you share your updated connectors and proxy config?

Like
Dzintars
Dzintars November 28, 2017

Connectors in /opt/tomcat/conf/server.xml (custom 9090 and 9091 used)

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9090" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true" 
 scheme="https" proxyName="jira.my_domain.com" proxyPort="443"/>

<!-- Standard HTTP Connector -->
 <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="9091" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"/>
 Connectors in /opt/atlassian/jira/conf/server.xml

 <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxHttpHeaderSize="8192" SSLEnabled="true"
 maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="true"
 keystoreFile="/opt/atlassian/jira/jira.pfx" keystorePass='24"redLine"04' keyAlias="1" keystoreType="PKCS12"
 clientAuth="false" connectionTimeout="20000" sslProtocol="TLS" useBodyEncodingForURI="true"/>
 
 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxHttpHeaderSize="8192" SSLEnabled="true"
 maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="true"
 keystoreFile="/opt/atlassian/jira/jira.pfx" keystorePass='24"redLine"04' keyAlias="1" keystoreType="PKCS12"
 clientAuth="false" connectionTimeout="20000" sslProtocol="TLS" useBodyEncodingForURI="true"/>

 Proxy config

 RewriteEngine on
 RedirectMatch ^/(?!.well-known)(.*)$ https://jira.my-domain.com/$1
 
 ProxyPassMatch ^/(.*.php(/.*)?)$ unix:/var/php-fpm/151069358620892.sock|fcgi://localhost/home/my_domain/domains/jira.my_domain.com/public_html/$1
 
 # JIRA is running on port 9090/8443 local on xxname, so we could just proxy it here in Apach$
 
 SSLProxyEngine on
 
 ProxyPass / http://localhost:9090/
 ProxyPassReverse / http://localhost:9090/
 
 <Proxy *>
 allow from all
 </Proxy>
 
 SSLEngine on
 SSLCertificateFile /home/my_domain/domains/jira.my_domain.com/ssl.cert
 SSLCertificateKeyFile /home/my_domain/domains/jira.my_domain.com/ssl.key
 SSLProtocol +TLSv1.2
Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events