Jira with https using apache

Hi, I have been running a handful of Atlassian apps with Apache as a reverse proxy, so internally we can access these sites using "http://jira"

This works fine but I would like to have SSL for extra security. I have setup a test bed and have successfully managed to load the jira site using a wildcard cert I created from a internal CA and loaded in to the httpd.conf

However, when Jira loads, I get a message down the bottom stating "We've detected a potential problem with JIRA's Dashboard configuration that your administrator can correct. Click here to learn more"

I have clicked on the link and believe I have all the recommendations covered, but I am not able to get rid of this message. I understand it is most likley that the Jira app is not recognising the https scheme, but I am at a bit of a loss now how I can get rid of this message.

Any help would be appreciated. Let me know if you need any kind of logs to help.

Thanks in advance.

2 answers

1 votes
Josh Steckler Community Champion Jan 17, 2018

I have a feeling that you're going to get those errors until you're using a trusted CA signed cert and a fully qualified domain name.

Jira can't talk to itself on an untrusted cert. You may have luck adding the local CA cert into your jre cacerts keystore but I always go with 3rd party trusted certs, even for non-production instances.

Also it may help to post your config from apache ssl.conf

I cannot get a trusted CA signed cert as we have a internal .local domain. 

This is why i used OpenSSL to create my own CA and certs.

If this is not going to work, are there any suggestions for running atlassian applications using SSL internally with these private domains? 

Here is the config from my httpd.conf file

##
## Virtual Hosts
##

NameVirtualHost *:80

# Jiratest

<VirtualHost *:80>
ServerName jiratest
Redirect "/" "https://jiratest"

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiratest.domainname.local:8081/
ProxyPassReverse / http://jiratest.domainname.local:8081/
ProxyHTMLURLMap http://jiratest.domainname.local:8081/ /
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

<VirtualHost *:443>
ServerName jiratest

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiratest.domainname.local:8081/
ProxyPassReverse / http://jiratest.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Josh Steckler Community Champion Jan 17, 2018

Port 80 virtualhost:

I'm not quite sure what ProxyHTMLURLMap is being used for. You shouldn't need the Proxy directives at all here. I'm also not sure your redirect directive is covering all the bases. Here is what I use to redirect users to https, making sure it takes care of the whole query string:

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiratest.domainname.local%{REQUEST_URI}

 

Port 443:

Make your servername directive use the full (local) domain name:

ServerName jiratest.domainname.local

 

I assume you've also covered changing the Base URL in Jira's configuration. As long as a DNS lookup of jiratest.domainname.local resolves to your server, you should also put that in your Jira's server.xml connector object proxyName attribute.

Got it, Thanks Josh!

I made all the changes you mentioned and now the notification is gone.

Onward now to the rest of the Atlassian apps.

Josh Steckler Community Champion Jan 18, 2018

Great! If you wouldn't mind hitting the Accept as Solution button I'd appreciate it.

I have found that the ServerName directive is much more important than Atlassian documentation says.

Whilst this is working for Jira, now that I have added confluence to the httpd config, when i try to either hit \\jiratest or \\conftest both are now resolving to the test confluence site.

I basically just copied the jira config for Jiratest and amended them for Conftest..

Any help would be appreciated.

##
## Virtual Hosts
##

NameVirtualHost *:80

# Conftest

<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

# Jiratest

<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

# Conftest_SSL

<VirtualHost *:443>
ServerName conftest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://confdev.domainname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>


# Jiratest_SSL

<VirtualHost *:443>
ServerName jiratest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiradev.domainname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Whilst this is working for Jira, now that I have added confluence to the httpd config, when i try to either hit \\jiratest or \\conftest both are now resolving to the test confluence site.

I basically just copied the jira config for Jiratest and amended them for Conftest..

Any help would be appreciated.

##
## Virtual Hosts
##

NameVirtualHost *:80

# Conftest

<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

# Jiratest

<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

# Conftest_SSL

<VirtualHost *:443>
ServerName conftest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://confdev.domainname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>


# Jiratest_SSL

<VirtualHost *:443>
ServerName jiratest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiradev.domainname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Now that I have added the confluence config to the httpd conf file, it is now playing up a bit again.

If i either go to https://jiratest or https://conftest, it resolves to the confluence site.

Any help would be appreciated, as I have not used RewriteEngine before:

##
## Virtual Hosts
##

NameVirtualHost *:80

# Conftest

<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

# Jiratest

<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

# Conftest_SSL

<VirtualHost *:443>
ServerName conftest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://confdev.domanname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>


# Jiratest_SSL

<VirtualHost *:443>
ServerName jiratest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiradev.domanname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Josh Steckler Community Champion Jan 19, 2018

Are these separate servers or are you running both Jira and Confluence together?

Separate web servers for each Atlassian application.

Another server which runs apache.

Josh Steckler Community Champion Jan 22, 2018

If you're only running one instance of apache, something like this may work:

<VirtualHost *:80>

RewriteCond %{HTTP_HOST} (jiradev) [NC]
RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI} [NE]

RewriteCond %{HTTP_HOST} (confdev) [NC]
RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI} [NE]

</VirtualHost>

<VirtualHost jiradev.domainname.local:443>

#your config here

</VirtualHost>

<VirtualHost confdev.domainname.local:443>

#your config here

</VirtualHost>

Hi Simon,

In your server.xml under Connector. Add

proxyName="jira" proxyPort="443" scheme="https"

Thanks for the reply.

I have entered that, same message still appears.

You'll have to restart Jira.

Apologies. I should be more specific. I have been administering Atlassian apps for some time now, so I do know that any changes need a restart for changes to occur.

That said, I had restarted the service. I have restarted again just to be sure. Same thing. The login page loads, but with that message down the bottom.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,100 views 13 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot