Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira with https using apache

ITDesk
ITDesk January 17, 2018

Hi, I have been running a handful of Atlassian apps with Apache as a reverse proxy, so internally we can access these sites using "http://jira"

This works fine but I would like to have SSL for extra security. I have setup a test bed and have successfully managed to load the jira site using a wildcard cert I created from a internal CA and loaded in to the httpd.conf

However, when Jira loads, I get a message down the bottom stating "We've detected a potential problem with JIRA's Dashboard configuration that your administrator can correct. Click here to learn more"

I have clicked on the link and believe I have all the recommendations covered, but I am not able to get rid of this message. I understand it is most likley that the Jira app is not recognising the https scheme, but I am at a bit of a loss now how I can get rid of this message.

Any help would be appreciated. Let me know if you need any kind of logs to help.

Thanks in advance.

Answer
Watch
Like Be the first to like this
1364 views

2 answers

1 vote
josh
josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 17, 2018

I have a feeling that you're going to get those errors until you're using a trusted CA signed cert and a fully qualified domain name.

Jira can't talk to itself on an untrusted cert. You may have luck adding the local CA cert into your jre cacerts keystore but I always go with 3rd party trusted certs, even for non-production instances.

Also it may help to post your config from apache ssl.conf

View More Comments
ITDesk
ITDesk January 17, 2018

I cannot get a trusted CA signed cert as we have a internal .local domain. 

This is why i used OpenSSL to create my own CA and certs.

If this is not going to work, are there any suggestions for running atlassian applications using SSL internally with these private domains? 

Here is the config from my httpd.conf file

##
## Virtual Hosts
##

NameVirtualHost *:80

# Jiratest

<VirtualHost *:80>
ServerName jiratest
Redirect "/" "https://jiratest"

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiratest.domainname.local:8081/
ProxyPassReverse / http://jiratest.domainname.local:8081/
ProxyHTMLURLMap http://jiratest.domainname.local:8081/ /
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

<VirtualHost *:443>
ServerName jiratest

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiratest.domainname.local:8081/
ProxyPassReverse / http://jiratest.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Like
josh
josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 17, 2018

Port 80 virtualhost:

I'm not quite sure what ProxyHTMLURLMap is being used for. You shouldn't need the Proxy directives at all here. I'm also not sure your redirect directive is covering all the bases. Here is what I use to redirect users to https, making sure it takes care of the whole query string:

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiratest.domainname.local%{REQUEST_URI}

 

Port 443:

Make your servername directive use the full (local) domain name:

ServerName jiratest.domainname.local

 

I assume you've also covered changing the Base URL in Jira's configuration. As long as a DNS lookup of jiratest.domainname.local resolves to your server, you should also put that in your Jira's server.xml connector object proxyName attribute.

Like
ITDesk
ITDesk January 18, 2018

Got it, Thanks Josh!

I made all the changes you mentioned and now the notification is gone.

Onward now to the rest of the Atlassian apps.

Like
josh
josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 18, 2018

Great! If you wouldn't mind hitting the Accept as Solution button I'd appreciate it.

I have found that the ServerName directive is much more important than Atlassian documentation says.

Like
ITDesk
ITDesk January 19, 2018

Whilst this is working for Jira, now that I have added confluence to the httpd config, when i try to either hit \\jiratest or \\conftest both are now resolving to the test confluence site.

I basically just copied the jira config for Jiratest and amended them for Conftest..

Any help would be appreciated.

##
## Virtual Hosts
##

NameVirtualHost *:80

# Conftest

<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

# Jiratest

<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

# Conftest_SSL

<VirtualHost *:443>
ServerName conftest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://confdev.domainname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>


# Jiratest_SSL

<VirtualHost *:443>
ServerName jiratest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiradev.domainname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Like
ITDesk
ITDesk January 19, 2018

Whilst this is working for Jira, now that I have added confluence to the httpd config, when i try to either hit \\jiratest or \\conftest both are now resolving to the test confluence site.

I basically just copied the jira config for Jiratest and amended them for Conftest..

Any help would be appreciated.

##
## Virtual Hosts
##

NameVirtualHost *:80

# Conftest

<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

# Jiratest

<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

# Conftest_SSL

<VirtualHost *:443>
ServerName conftest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://confdev.domainname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>


# Jiratest_SSL

<VirtualHost *:443>
ServerName jiratest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiradev.domainname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Like
ITDesk
ITDesk January 19, 2018

Now that I have added the confluence config to the httpd conf file, it is now playing up a bit again.

If i either go to https://jiratest or https://conftest, it resolves to the confluence site.

Any help would be appreciated, as I have not used RewriteEngine before:

##
## Virtual Hosts
##

NameVirtualHost *:80

# Conftest

<VirtualHost *:80>
ServerName conftest.domainname.local
Redirect "/" "https://conftest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

# Jiratest

<VirtualHost *:80>
ServerName jiratest.domainname.local
Redirect "/" "https://jiratest"

RewriteEngine On
RewriteCond %{HTTPS} off

RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI}

<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

NameVirtualHost *:443

# Conftest_SSL

<VirtualHost *:443>
ServerName conftest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://confdev.domanname.local:8090/
ProxyPassReverse / http://confdev.domainname.local:8090/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>


# Jiratest_SSL

<VirtualHost *:443>
ServerName jiratest.domainname.local

SSLEngine On
SSLCertificateFile conf/ssl/certs/wildcard.pem
SSLCertificateKeyFile conf/ssl/certs/wildcard.key

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://jiradev.domanname.local:8081/
ProxyPassReverse / http://jiradev.domainname.local:8081/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>

Like
josh
josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 19, 2018

Are these separate servers or are you running both Jira and Confluence together?

Like
ITDesk
ITDesk January 22, 2018

Separate web servers for each Atlassian application.

Another server which runs apache.

Like
josh
josh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 22, 2018

If you're only running one instance of apache, something like this may work:

<VirtualHost *:80>

RewriteCond %{HTTP_HOST} (jiradev) [NC]
RewriteRule (.*) https://jiradev.domainname.local%{REQUEST_URI} [NE]

RewriteCond %{HTTP_HOST} (confdev) [NC]
RewriteRule (.*) https://confdev.domainname.local%{REQUEST_URI} [NE]

</VirtualHost>

<VirtualHost jiradev.domainname.local:443>

#your config here

</VirtualHost>

<VirtualHost confdev.domainname.local:443>

#your config here

</VirtualHost>
Like
Reply
0 votes
edwin
edwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 17, 2018

Hi Simon,

In your server.xml under Connector. Add

proxyName="jira" proxyPort="443" scheme="https"
View More Comments
ITDesk
ITDesk January 17, 2018

Thanks for the reply.

I have entered that, same message still appears.

Like
edwin
edwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 17, 2018

You'll have to restart Jira.

Like
ITDesk
ITDesk January 17, 2018

Apologies. I should be more specific. I have been administering Atlassian apps for some time now, so I do know that any changes need a restart for changes to occur.

That said, I had restarted the service. I have restarted again just to be sure. Same thing. The login page loads, but with that message down the bottom.

Like
ITDesk
ITDesk January 19, 2018

see below

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events