Jira ports redirecting

Vitaliy October 10, 2017

Hi all!
I have some issue about port redirecting with our jira. Wen yuo going to http://jira.mydomain.com it will redirect you to https://jira.mydomain.com and its nice. But if you will go to jira.mydomain.com:8080 you will get connection over 8080 port without redirecting to https. I am new in atlassian product so I ask for advice.
Our Vhosts:

VirtualHost *:443>
ServerName jira.mydomain.com
ProxyRequests Off
ProxyPreserveHost Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
RemoteIPHeader X-Forwarded-For
SSLEngine On
SSLCertificateFile /data/ssl/jira.mydomain.com--2017.09.15--crt.txt
SSLCertificateKeyFile /data/ssl/jira.mydomain.com--2017.09.15--key.txt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>

<VirtualHost *:80>
ServerName jira.mydomain.com
Redirect Permanent / https://jira.mydomain.com/
RemoteIPHeader X-Forwarded-For
</VirtualHost>

Here is server.xml I suppose problem is here

<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"

scheme="https"
proxyName="jira.mydomain.com"
proxyPort="443"
secure="false"
/>

 

2 answers

1 accepted

1 vote
Answer accepted
Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 16, 2017

Hi! 

 

For history I changed added again my comment with right answer.

 

I have tried on VM this command for external interface.

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80

 

 

Cheers, 

Gonchik Tsymzhitov

Suresh August 2, 2018

Hi Gonchik,
We too have same issue, but the above command need to run every time after sever restart to take effect.
Do we have any permanent solution?

Regards,

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 3, 2018

The standard way to do it is with the commands iptables-save and iptables-restore in the shutdown and startup scripts for the machine, but the package iptables-persistent is a nice wrapper that saves you having to do most of the config for them. 

Suresh August 3, 2018

Thank you, Nic.

Is there any alternate solution to redirect to https for the above, instead of changing itables.

0 votes
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 10, 2017

Try copying the "Virtualhost *:80" to a second one.  Same content, but "Virtualhost *:8080"

Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 10, 2017

Hi! 

As I understand you are provide very good idea.

if you have issue about port conflicting. Hence you need to set for localhost tomcat connector

<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"

address="127.0.0.1"

scheme="https"
proxyName="jira.mydomain.com"
proxyPort="443"
secure="false"
/>

 and for external ip address for apache2

<VirtualHost EXTERNAL_IP:8080>
ServerName jira.mydomain.com
Redirect Permanent / https://jira.mydomain.com/
RemoteIPHeader X-Forwarded-For
</VirtualHost>

Hence It will works. 

 

Cheers, 

Gonchik Tsymzhitov

Vitaliy October 11, 2017

Thanks for your help!

But ... it didn't help me (

If I in server.xml set address="127.0.0.1"

http://jira.mydomain.com:8080 telling me that "This site can’t be reached"

And without address only with added Virtualhost 8080

http://jira.mydomain.com:8080 still not redirect me to https, and i don`t understand why 

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 11, 2017

Try removing the address line from your server.xml, you don't need it.

Vitaliy October 12, 2017

I tried this one. In this case redirect just not working.

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 12, 2017

Remove the 8080 from your urls to check that the Jira is running behind the proxy ok first.

Vitaliy October 12, 2017

Without 8080 everything is OK. 

http://jira.mydomain.com redirecting to https

https://jira.mydomain.com opening normally 

Vitaliy October 13, 2017

But http://jira.mydomain.com:8080 still not redirect to https

Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 13, 2017

Hi! 

 

I have tried on VM this command for external interface.

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 443

 

I hope this way will help for you. 

 

Cheers, 

Gonchik Tsymzhitov

Vitaliy October 16, 2017

Thanks man! It`s working now ))
But you must redirect 8080 not to 443 or jira will not like it and will show you "Bad request" because you using http and jira need https on 443. So just redirect 8080 to 80 then apache do his work and you will get redirect from 8080 to 443.

Gonchik Tsymzhitov
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
October 16, 2017

You are welcome:)

Suresh May 23, 2019

Hi @Gonchik Tsymzhitov @Nic Brough -Adaptavist- 

As per our IT policy they side : we have disabled IPtables in all the linux server as part of chef,
Now, after the below run not working. we are unable to redirect.

sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 8080 -j REDIRECT --to-port 80

I have also added below code to the httpd.conf, as per Nic suggestion, But jira is still able to access through http://10.230.40.80:8080.


<VirtualHost *:8080>
ServerName jirasandbox.gtnexus.info
Redirect / https://jirasandbox.nexus.info/
</VirtualHost>

httpd.conf

Please suggest us any alternative approach. Below is my configuration.


#Redirect http to https ##
RewriteEngine On
RewriteRule /(.*) https://jirasandbox.nexus.info/$1

<VirtualHost *:443>
ServerName jirasandbox.nexus.info
ProxyRequests Off

RewriteCond %{HTTPS} ^on
RewriteCond %{HTTP_HOST} !^jirasandbox\.nexus\.info [NC]
RewriteRule ^/(.*) https://jirasandbox.nexus.info/$1 [R,L]

ProxyPassMatch /(.*) http://jirasandbox.nexus.info:8080/$1
ProxyPassReverse / http://jirasanbox.nexus.info:8080/
ProxyRemote * http://jirasandbox.nexus.info:8080/

SSLEngine On
SSLCertificateFile /opt/nexus/application-data/certs/jirasandbox_nexus_info_cert.cer
SSLCertificateKeyFile /opt/nexus/application-data/certs/jirasandbox_nexus_info.key
SSLCertificateChainFile /opt/nexus/application-data/certs/jirasandbox_nexus_info_interm.cer

</VirtualHost>

<VirtualHost *:80>
ServerName jirasandbox.nexus.info
Redirect / https://jirasandbox.nexus.info/
</VirtualHost>


Server.xml

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="jirasandbox.nexus.info"
proxyPort="443"
scheme="https"/>


Regards,
Suresh

Suggest an answer

Log in or Sign up to answer