Hi, I have been running a handful of Atlassian apps with Apache as a reverse proxy, so internally we can access these sites using "http://jira"
This works fine but I would like to have SSL for extra security. I have setup a test bed and have successfully managed to load the jira site using a wildcard cert I created from a internal CA and loaded in to the httpd.conf
However, when Jira loads, I get a message down the bottom stating "We've detected a potential problem with JIRA's Dashboard configuration that your administrator can correct. Click here to learn more"
I have clicked on the link and believe I have all the recommendations covered, but I am not able to get rid of this message. I understand it is most likley that the Jira app is not recognising the https scheme, but I am at a bit of a loss now how I can get rid of this message.
Any help would be appreciated. Let me know if you need any kind of logs to help.
Thanks in advance.
I have a feeling that you're going to get those errors until you're using a trusted CA signed cert and a fully qualified domain name.
Jira can't talk to itself on an untrusted cert. You may have luck adding the local CA cert into your jre cacerts keystore but I always go with 3rd party trusted certs, even for non-production instances.
Also it may help to post your config from apache ssl.conf
I cannot get a trusted CA signed cert as we have a internal .local domain.
This is why i used OpenSSL to create my own CA and certs.
If this is not going to work, are there any suggestions for running atlassian applications using SSL internally with these private domains?
Here is the config from my httpd.conf file
##
## Virtual Hosts
##
NameVirtualHost *:80
# Jiratest
<VirtualHost *:80>
ServerName jiratest
Redirect "/" "https://jiratest"
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jiratest.domainname.local:8081/
ProxyPassReverse / http://jiratest.domainname.local:8081/
ProxyHTMLURLMap http://jiratest.domainname.local:8081/ /
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
ServerName jiratest
SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jiratest.domainname.local:8081/
ProxyPassReverse / http://jiratest.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Port 80 virtualhost:
I'm not quite sure what ProxyHTMLURLMap is being used for. You shouldn't need the Proxy directives at all here. I'm also not sure your redirect directive is covering all the bases. Here is what I use to redirect users to https, making sure it takes care of the whole query string:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jiratest.domainname.local%{REQUEST_URI}
Port 443:
Make your servername directive use the full (local) domain name:
ServerName jiratest.domainname.local
I assume you've also covered changing the Base URL in Jira's configuration. As long as a DNS lookup of jiratest.domainname.local resolves to your server, you should also put that in your Jira's server.xml connector object proxyName attribute.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Great! If you wouldn't mind hitting the Accept as Solution button I'd appreciate it.
I have found that the ServerName directive is much more important than Atlassian documentation says.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Whilst this is working for Jira, now that I have added confluence to the httpd config, when i try to either hit \\jiratest or \\conftest both are now resolving to the test confluence site.
I basically just copied the jira config for Jiratest and amended them for Conftest..
Any help would be appreciated.
##
## Virtual Hosts
##
NameVirtualHost *:80
# Conftest
<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# Jiratest
<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
NameVirtualHost *:443
# Conftest_SSL
<VirtualHost *:443>
ServerName conftest.domainname.local
SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://confdev.domainname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# Jiratest_SSL
<VirtualHost *:443>
ServerName jiratest.domainname.local
SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jiradev.domainname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Whilst this is working for Jira, now that I have added confluence to the httpd config, when i try to either hit \\jiratest or \\conftest both are now resolving to the test confluence site.
I basically just copied the jira config for Jiratest and amended them for Conftest..
Any help would be appreciated.
##
## Virtual Hosts
##
NameVirtualHost *:80
# Conftest
<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# Jiratest
<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
NameVirtualHost *:443
# Conftest_SSL
<VirtualHost *:443>
ServerName conftest.domainname.local
SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://confdev.domainname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# Jiratest_SSL
<VirtualHost *:443>
ServerName jiratest.domainname.local
SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jiradev.domainname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Now that I have added the confluence config to the httpd conf file, it is now playing up a bit again.
If i either go to https://jiratest or https://conftest, it resolves to the confluence site.
Any help would be appreciated, as I have not used RewriteEngine before:
##
## Virtual Hosts
##
NameVirtualHost *:80
# Conftest
<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# Jiratest
<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
NameVirtualHost *:443
# Conftest_SSL
<VirtualHost *:443>
ServerName conftest.domainname.local
SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://confdev.domanname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# Jiratest_SSL
<VirtualHost *:443>
ServerName jiratest.domainname.local
SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://jiradev.domanname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Are these separate servers or are you running both Jira and Confluence together?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you're only running one instance of apache, something like this may work:
<VirtualHost *:80>
RewriteCond %{HTTP_HOST} (jiradev) [NC]
RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI} [NE]
RewriteCond %{HTTP_HOST} (confdev) [NC]
RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI} [NE]
</VirtualHost>
<VirtualHost jiradev.domainname.local:443>
#your config here
</VirtualHost>
<VirtualHost confdev.domainname.local:443>
#your config here
</VirtualHost>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Simon,
In your server.xml under Connector. Add
proxyName="jira" proxyPort="443" scheme="https"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You'll have to restart Jira.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Apologies. I should be more specific. I have been administering Atlassian apps for some time now, so I do know that any changes need a restart for changes to occur.
That said, I had restarted the service. I have restarted again just to be sure. Same thing. The login page loads, but with that message down the bottom.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.