SSL mismatch on jira

Hi - Anyone has been able to configure HTTPS on jira and offloading the SSL encryption and decryption at the load balancer level? Im having some 80 & 433 mismatch errors when using HTTPS on jira. 

Error from the catalina.out log:

"com.atlassian.gadgets.dashboard.internal.diagnostics.UrlPortMismatchException: Detected URL port, '80', does not match expected port, '443'" 

 

Config on the server.xml file:

 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="false"
clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"/>

<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"

scheme="https"
proxyName="jira-test.fwmrm.net"
proxyport="443" />

 

 

2 answers

0 vote
Peter DeWitt Community Champion Sep 27, 2017

Alex, I run my Atlassian apps in this configuration.  Check out these articles by Atlassian:

https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html

https://confluence.atlassian.com/adminjiraserver071/integrating-jira-with-apache-using-ssl-802593043.html

These are what I have used to get things up and running.

 

-pd

0 vote

Hi Alex!

Thank you for including the details from your server.xml file - definitely necessary for troubleshooting SSL errors.

I think part of your problem might be having the internal SSL connector added - that's the 8443 connector, the first block in your paste. Deleting everything above <Service name="Catalina"> might actually clear things up for you. (reminder that you need to restart JIRA after making changes to server.xml)

Also double-check that you have the right URL (with an https in the front) in the base URL field in the General Configuration screen in JIRA itself. Gadgets especially will tend to fail noisily if this isn't set correctly.

As an aside, I maintain a reference implementation for nginx that might be useful if you need a "working" configuration to look at.

Cheers,
Daniel

P.S. If you feel like this answer helped, please hit the checkmark to the left to mark it as answered. This helps us focus our efforts on unsolved questions. Thanks!

Thanks Daniel - I removed as per your suggestions but it still fails. Is there any special header that i need to add to my configuration?

This is the error:

2017-09-27 20:38:37,899 http-nio-8080-exec-22 ERROR jsoto 1238x50x5 fjyfu7 172.16.192.253,127.0.0.1 /plugins/servlet/gadgets/dashboard-diagnostics [c.a.g.d.internal.diagnostics.DiagnosticsServlet] DIAGNOSTICS: FAILED
com.atlassian.gadgets.dashboard.internal.diagnostics.UrlPortMismatchException: Detected URL port, '80', does not match expected port, '443'
at com.atlassian.gadgets.dashboard.internal.diagnostics.Diagnostics.checkExpectedPort(Diagnostics.java:71)
at com.atlassian.gadgets.dashboard.internal.diagnostics.Diagnostics.check(Diagnostics.java:33)
at com.atlassian.gadgets.dashboard.internal.diagnostics.DiagnosticsServlet.executeDiagnostics(DiagnosticsServlet.java:82)
at com.atlassian.gadgets.dashboard.internal.diagnostics.DiagnosticsServlet.doPost(DiagnosticsServlet.java:58)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:45)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
... 17 filtered
at com.develocenter.jira.extschemes.web.filter.DisableNewEntitiesFilter.doFilter(DisableNewEntitiesFilter.java:55)
... 3 filtered
at com.develocenter.jira.linkscheme.labs.JIRALinkFilter.doFilter(JIRALinkFilter.java:76)
... 91 filtered
at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:70)
... 86 filtered
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
2017-09-27 20:38:37,990 http-nio-8080-exec-3 WARN jsoto 1238x51x1 fjyfu7 172.16.192.253,127.0.0.1 /rest/webResources/1.0/resources [c.a.p.r.c.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request: https://jira-test.fwmrm.net:80/rest/webResources/1.0/resources , origin: https://jira-test.fwmrm.net , referrer: https://jira-test.fwmrm.net/secure/Dashboard.jspa , credentials in request: true , allowed via CORS: false

Daniel Eads Community Champion Oct 02, 2017

Hm - maybe check your load balancer now to see if port 80 traffic is being rewritten/redirected up to port 443.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

73 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you