Our JIRA 7.1.6 instance runs over HTTP within our firewall, as do our other Atlassian apps (Confluence, FishEye/Crucible, Crowd, Bamboo). We have several requests to open up the firewall to allow JIRA to integrate with a cloud-based app (the Aha! roadmap app). My question: Can we configure JIRA to run over HTTPS for users outside our firewall (i.e. cloud services such as Aha!), while still running JIRA over HTTP for our internal users and all of its integrations to our other internal apps?
It's possible (you can set up two listeners for Tomcat in server.xml) but this will present some issues when JIRA is generating links - like sending email notifications. Whatever you set as the base URL (either http://jira.yourcompany.com or https://jira.yourcompany.com) is what JIRA is going to generate links for. The email links would then essentially be "broken" for people not on whichever end you configure as your base URL.
I would actually suggest going all HTTPS (even internally) and updating your base URL to https://. If you can set your SSL terminator (Apache or nginx) to use http2, you'll probably even see a performance bump over HTTP.
Thanks, Daniel. We have to conduct an analysis to scope the impact of switching to HTTPS by our internal users and integration points. For expediency, we may end up doing this in two phases (phase 1: supporting HTTP and HTTPS for JIRA only, HTTP elsewhere; then phase 2: all in on HTTPS, once we upgrade our existing Apache reverse proxy).
I appreciate your insights and suggestions!
Atlassian Summit is an excellent opportunity for in-person support, training, and networking.Learn more
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG