Reversed proxy with HTTPS, Jira and Confluence

Hi!

We'll be start using Jira and Confluence in our organization. After testing different platforms, we've decided to run it on a Ubuntu system and it works really great. Both of the applications run on the same machine with an Apache Reversed Proxy with HTTPS.

I've tried the Application Link between the applications in HTTP, which works like a charm. When I'm enabling SSL on both virtual hosts in Apache, Jira won't find Confluence on the same hyperlink as before (except the https). "No response was received from the URL you entered - it may not be valid. Please fix the URL below, if needed, and click Continue."

I've tried to add the confluence domain to the nonProxy-addresses in the JVM configuration, but still no change. The server.xml's are both in HTTPS proxy mode. After hours spent on Google, I'm completely stuck.

Anyone got any suggestions?

Thanks in advance!

3 answers

1 accepted

Accepted Answer
0 votes

Finally, I found the missing link why it wasn't working. I forgot to include SSLCACertificateFile in the VirtualHost config for both Confluence and Jira. Now it's working like magic! Thanks @Timothy Chin@Timothy and @Jan-Peter Rusch for the SSLPoke tip - that made a lot of sense! :)

0 votes
Timothy Chin Community Champion Oct 06, 2018

What you can try first is to use SSLPoke and try to access the FQDN of the other application from the machine that is hosting the application.

If you're willing to share both your server.xml and your ssl config, we can try to spot any mistakes.

I used SSLPoke, but got a bunch of errors. I'm feeling a bit confused about the proxying - I've configured that both Confluence and Jira uses the standard HTTP ports between them and Apache, and Apache itself encrypts the communication between the clients and the server. Maybe that's wrong and that it should be encrypted already in Jira/Confluence?

The config files are shown below. I included both the Jira and Confluence config files and the Apache VirtualHost configurations.

Jira server.xml

<?xml version="1.0" encoding="utf-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

<Service name="Catalina">
<!--
==============================================================================================================
DEFAULT - Direct connector with no proxy for unproxied access to Jira.

If using a http/https proxy, comment out this connector.
==============================================================================================================


<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

-->
<!--
==============================================================================================================
HTTP - Proxying Jira via Apache or Nginx over HTTP

If you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->

<!--
<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"
proxyName="jira.rum.se" proxyPort="80"/>
-->

<!--
==============================================================================================================
HTTPS - Proxying Jira via Apache or Nginx over HTTPS

If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.

See the following for more information:

Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->


<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="jira.rum.se" proxyPort="443"/>


<!--
==============================================================================================================
AJP - Proxying Jira via Apache over HTTP or HTTPS

If you're proxying traffic to Jira using the AJP protocol, uncomment the following connector line
See the following for more information:

Apache - https://confluence.atlassian.com/x/QiJ9MQ
==============================================================================================================
-->

<!--
<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3" />
-->

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>

Confluence server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<!--
==============================================================================================================
DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.

If using a http/https proxy, comment out this connector.
==============================================================================================================
-->
<!--
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"/>
-->
<!--
==============================================================================================================
HTTP - Proxying Confluence via Apache or Nginx over HTTP

If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.
Make sure you provide the right information for proxyName and proxyPort.

For more information see:
Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/TgSvEg

==============================================================================================================
-->

<!--
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="http" proxyName="confluence.rum.se" proxyPort="80"/>

-->
<!--
==============================================================================================================
HTTPS - Direct connector with no proxy, for unproxied HTTPS access to Confluence.

For more info see https://confluence.atlassian.com/x/s3UC
==============================================================================================================
-->

<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->

<!--
==============================================================================================================
HTTPS - Proxying Confluence via Apache or Nginx over HTTPS

If you're proxying traffic to Confluence over HTTPS, uncomment the connector below and comment out the others.
Make sure you provide the right information for proxyName and proxyPort.

For more information see:
Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/cNIvMw
==============================================================================================================
-->


<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" proxyName="confluence.rum.se" proxyPort="443"/>


<Engine name="Standalone" defaultHost="localhost" debug="0">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>

Jira Apache VirtualHost config

<VirtualHost *:443>
ServerName jira.rum.se

SSLEngine on
SSLCertificateFile /etc/apache2/sslcerts/rum.se.crt
SSLCertificateKeyFile /etc/apache2/sslcerts/rum.se.key
ProxyRequests Off
ProxyVia Off

<Proxy *>
Require all granted
</Proxy>

ProxyPass / http://localhost:8080/ connectiontimeout=300 timeout=300
ProxyPassReverse / http://localhost:8080/
</VirtualHost>


<VirtualHost *:80>
ServerName jira.rum.se
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

 

Confluence Apache VirtualHost config

<VirtualHost *:443>
ServerName confluence.rum.se

SSLEngine on
SSLCertificateFile /etc/apache2/sslcerts/rum.se.crt
SSLCertificateKeyFile /etc/apache2/sslcerts/rum.se.key
ProxyRequests Off
ProxyVia Off

<Proxy *>
Require all granted
</Proxy>

ProxyPass / http://localhost:8090/ connectiontimeout=300 timeout=300
ProxyPassReverse / http://localhost:8090/
</VirtualHost>

<VirtualHost *:80>
ServerName confluence.rum.se
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

Hi Adrian,

your certificate seems to be a wildcard certificate. Is this correct?

Is the certificate accepted, when you access each of your servers alone be browse, or do you get any type of error. Are you sure you don't need an intermediate certificate? If you don't have a wildcard certificate, your setup will not work as certificates are bound to a host name (either confluence.rum.se or jira.rum.se). You cannot use the same certificate on both hostnames unless it's a wildcard cert.

Could you post screenshots of the certifcate path of both servers?

Best

JP

Hi again,

Confluence connects to Jira over the Base URL you have configured and the other way around. Configure the both independent of each other, like have them running on different servers. Then configure one of them with Apache HTTPD terminating the SSL & check if this works with this server. Then go on with the other one.

Best

JP

Hi!

We,re using a wildcard certificate and we aren't using it on this server alone. The certificate setup in Apache works great without errors in multiple web browsers.

Which certificate paths do you want to see? The Apache paths are shown in the previous post. The certificates aren't loaded in Jira or Confluence.

Thanks for the commitment JP! :)

Both installations are running independently on separate ports, but within the same server today. Both are also using their separate URL:s without problem and I can login to both of them without any problem. The problem occurs when I'm trying to make the Application Link between them and Jira can't find Confluence on the URL written (which works in the web browser). In addition, the Gadget feed URL doesn't work correctly either because it can't reach the installation itself. It feels like something goes wrong in the SSL proxying...

Hi

can both of the server be accessed by https via the Apache proxies on their own?

https://jira.rum.se and https://confluence.rum.se

both work?

Best

JP

Yes, both of them works.

Sorry,

our posts crossed ;-)

Do you get the same result, if you set up the app link starting with Jira as when you start from Confluence?

As SSL is working when you access the server on their own, it could be the proxy configuration in Apache.

Could you try:

 ProxyRequests Off
ProxyPreserveHost On

and leave away ProxyVia Off?

Best

JP

The settings above are now running, but unfortunately no change - both Jira and Confluence are accessible, but not between each other.

Regarding which application I launch the Application Link wizard, the result is always the same, no matter which application.

But the error only happens on the JIra server?

What's the errors from SSLPoke?

SSLPoke log:

 

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)

at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)

at sun.security.validator.Validator.validate(Validator.java:262)

at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)

at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)

at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)

at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)

at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)

at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)

at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:138)

at SSLPoke.main(SSLPoke.java:31)

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)

at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)

at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)

Is DNS setup correctly on the server? jira.rum.se & confluence.rum.se are resolved to the server external IP? On what * IPs is Apache listening?

Timothy Chin Community Champion Oct 06, 2018

I would suggest that you resolve the error shown by SSLPoke. That error means that the JVM (hopefully the same JVM that Jira and Confluence uses) cannot accept the cert produced by the domain. For the intercommunication between Jira and Confluence (i.e. application links), it is the JVMs that talk to one another.

The fix would be to add the server certificates into your key/truststore of the JVM. 

Hi Adrian,

I have a similar setup like you except that Jira is running on a dedicated server. Confluence & Apache HTTPD 2.4.x on the other machine. SSL terminating at the Apache HTTPD. Are you using the proxy-http module or are you going with mod_ajp? 

You must use the Base URL configured in the Confluence / Jira general admin page to get this running.

I would delete all application links between the two servers & do a restart afterwards, to get a clean start.

Do you setup the application link by starting with Jira or Confluence? The setup process will always bring you to the other server by calling the entered (Base) url of the other server. 

Are both servers using the same user base?

You might want to crosscheck some settings with my working config related to the port & ssl settings (Please adapt the path, server & other individual settings):

ssl.conf / vhost.conf depending on your config:

<VirtualHost IP_OF-YOUR_SERVER:443>
# Protocols h2 http/1.1
DocumentRoot "YOUR DOC ROOT"
ServerName yourserver.yourdomain.org
ServerAdmin admin@.yourdomain.org
ErrorLog /var/log/apache/ssl_error.log
TransferLog /var/log/apache/ssl_access.log
LogLevel warn
SSLEngine On
SSLHonorCipherOrder On
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK

SSLCertificateFile /etc/apache2/conf/ssl/yourserver.yourdomain.org.crt
SSLCertificateKeyFile /etc/apache2/conf/ssl/yourserver.yourdomain.org.key
# Depends on your certificate
SSLCACertificateFile /etc/apache2/conf/ssl/wildcard.intermediate.crt

Header set Strict-Transport-Security "max-age=16070400; includeSubDomains"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

BrowserMatch "MSIE [1-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [6-9]" ssl-unclean-shutdown

RewriteEngine On
#LogLevel notice rewrite:trace8
RewriteCond %{REQUEST_URI} !^/confluence [NC]
RewriteCond %{REQUEST_URI} !^/confluence/.* [NC]
RewriteCond %{REQUEST_URI} !^/synchrony [NC]
RewriteCond %{REQUEST_URI} !^/synchrony/.* [NC]
RewriteCond %{REQUEST_URI} !^/jira [NC]
RewriteCond %{REQUEST_URI} !^/jira/.* [NC]
RewriteRule ^(.*)$ https://yourserver.yourdomain.org/confluence [R=301,L]

# Atlassian Proxy Configuration:
ProxyRequests Off
ProxyPreserveHost On
#SSLProxyEngine Off

<Proxy *>
Require all granted
</Proxy>

ProxyPass /synchrony http://yourserver.yourdomain.org:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://yourserver.yourdomain.org:8091%{REQUEST_URI} [P]
</Location>

RemoteIPHeader X-Forwarded-For

</VirtualHost>


mod_jk.conf:

# Worker config
JkWorkersFile conf/workers.properties
# Logging
JkLogFile /var/log/apache/mod_jk.log
JkLogLevel warn
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
# JkOptions indicates to send SSL KEY SIZE
JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories +RejectUnsafeURI
JkEnvVar httpd YOURSERVER
# Mount on all vhost and ssl
JkMountCopy All
# node0
# redirect tomcat errors to apache httpd
JkMount /confluence confluence;use_server_errors=500
JkMount /confluence/* confluence;use_server_errors=500

JkMount /jira jira;use_server_errors=500
JkMount /jira/* jira;use_server_errors=500

# Modul (Admin)
JkMount /jk-manage/* jk-manage
JkMount /jk-manage jk-manage

# Enable the JK manager access from localhost/net only
<Location /jk-manage >
JkMount jk-manage
Require ip 192.168
Require ip 127
</Location>


workers.properties:

# Global Settings
worker.maintain=30

# Default Settings

worker.basic.type=ajp13
worker.basic.socket_keepalive=true
worker.basic.ping_mode=A
worker.basic.ping_timeout=10000
worker.basic.connection_pool_size=250
worker.basic.connection_pool_timeout=120
worker.basic.recovery_options=7
worker.basic.lbfactor=1
worker.basic.max_packet_size=65536

worker.list=confluence
worker.confluence.host=YOUR_SERVER_IP
# Confluence AJP PORT
worker.confluence.port=8009
worker.confluence.socket_timeout=300
worker.confluence.socket_connect_timeout=300000
worker.confluence.reference=worker.basic

worker.list=jira
worker.jira.host=YOUR_SERVER_IP
# Jira AJP PORT
worker.jira.port=8010
worker.jira.socket_timeout=300
worker.jira.socket_connect_timeout=300000
worker.jira.reference=worker.basic

# JK Manage Application

worker.list=jk-manage
worker.jk-manage.type=status


Confluence server.xml

<Server port="8000" shutdown="SHUTDOWN">
<Service name="Tomcat-Standalone">
<!-- You can use this one for testing direct access to Confluence without SSL -->
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8080"
address="YOURSERVERIP"
enableLookups="false"
redirectPort="8443"
acceptCount="10"
minSpareThreads="10"
maxThreads="150"
connectionTimeout="20000"
URIEncoding="UTF-8"
disableUploadTimeout="true"
proxyName="yourserver.yourdomain.org"
proxyPort="443"
scheme="https"/>

<!-- This is the Tomcat AJP Port -->
<Connector port="8009"
minSpareThreads="10"
maxThreads="250"
connectionTimeout="120000"
address="YOURSERVERIP"
protocol="AJP/1.3"
redirectPort="8444"
enableLookups="false"
URIEncoding="UTF-8"
maxPostSize="-1"
packetSize="65536"/>

<Engine name="Standalone" defaultHost="yourserver.yourdomain.org" jvmRoute="node0">

<Host name="yourserver.yourdomain.org" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">

<Context path="/confluence" docBase="../confluence" reloadable="false" useHttpOnly="true">
<Manager pathname="" />
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
</Context>
</Host>

</Engine>
</Service>
</Server>


Jira server.xml

<Server port="8005" shutdown="SHUTDOWN_SBJIRASRV1">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiRegistryPortPlatform="16969" rmiServerPortPlatform="6969" />

<Service name="Catalina">
<!-- You can use this one for testing direct access to Jira without SSL -->
<Connector port="8082"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"/>

<Connector port="8010"
minSpareThreads="10"
maxThreads="200"
address="YOURSERVERIP"
protocol="AJP/1.3"
redirectPort="8444"
enableLookups="false"
URIEncoding="UTF-8"
maxPostSize="-1"
packetSize="65536"/>

<Engine name="Catalina" defaultHost="yourserver.yourdomain.org" jvmRoute="jira">

<Host name="yourserver.yourdomain.org" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>
</Engine>
</Service>
</Server>

Confluence Base URL:

https://yourserver.yourdomain.org/confluence

Jira Base URL:

https://yourserver.yourdomain.org/jira

Hope this helps or leads you in the right direction...

Best

JP

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

21,332 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you