Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Link application f5 BigIP Jira & Confluence SSL https

I want to link my jira (VM1) application to confluence (VM2). My SSL certs are stored in F5 (big-ip) which is used as a reverse proxy.

Clients conntect via https on port 443. The reverse proxy (192.168.178.1) F5 will then forward to request (jira-test.net or confluence-test.net) using SNI to the SAML AUTH -> tothe backendIP. If the client would like to connect to jira or confluence will be solved with SNI.

If I try to curl or link the application within webinterface from VM1 or VM2, I get HTTP 302 message from F5 telling me that the access policy is not okay "DENY". I can follow the curl with: curl -L and end up getting this: /my.logout.php3?errorcode=19' and then http 200 with some f5 errorpage. But the SSL cert handshake is ok.

Since the VM1&2 are in DMZ I would like to link the applications. I can access from external address both services.

Can anybody tell me what setting is required in the f5 BigIP to be able to link my application? I tried different access policys with "ip subnet match" pointing to the BackendIP's from VM1&2, but still no change. Are there any other settings I could try?

Any help is appreciated.

1 answer

0 votes
Thomas Deiler Community Leader Apr 23, 2021

Dear @Kris ,

this requiremnent was raised a couple of years ago. Have a look at the answer from Dan.

So long

Thomas

Thank you for your answer @Thomas Deiler 

we already setup all the proposed jira/conf server.xml settings and client login is working via ssl cert.

The problem is the f5 bigip proxy config, I'm not sure how to configure this proxy to be able to link my applications (jira and confluence). 

For now, I'm getting redirected to /mypolicy site when trying to link confluence application to jira. We tried different settings within the APM - Access Policy Manager, but nothing seems to work. Any access from within DMZ to f5 is routed directly to 302 errorpage... .

Thomas Deiler Community Leader Apr 27, 2021

Dear @Kris ,

to be honest, f5 is the Bugatti under the commercial firewalls. To fully understand this piece of metal you need trainings and loads of time. Or an expensive expert.

Please understand that this community cannot jump inside this gap. There is a chance that an expert is reading over this article, but I doubt.

So I recommend https://serverfault.com/ . There are some experts, that probably know what to do.

Sorry for not being more helpful

Thomas

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you