Setting up application links between 2 jira instances that are sitting behind a reverse proxy.

Hi,

I've got 2 instances of Jira running behind a reverse proxy -- https terminates at the proxy level:

https --> proxy --> http -->tomcat

When I try to create application links between the 2 jira instances, I get :

"Application 'foo' seems to be offline. Click Here to Relocate."

In the logs, I see:

Could not reach provider foo; it will be omitted from the stream. The connection will be retried in 5 minutes.

I had read some people mention that you need to import the ssl root cert into the java keystore. I imported the ssl root cert from the proxy server into the keystores of both my java instances. Restarted services... still experiencing the problem.

I also tried adding the the proxy ip and application server ip for the inbound application links.

Am I missing something here? Any tips would be great -- the stuff I've seen online seems fragmentary. Seems clear that the proxy is making it hard for the 2 instances to see each other...

4 answers

1 accepted

To fix this, I ended up adding an entry to the /etc/hosts file on both tomcat boxes, so that the externally facing ip *name* resolved to the proxy's internal IP. That way, the tomcats could resolve the external ip name that was being passed through the reverse proxy.

Hi Bryan,

Just narrowing down the issue, have you set the URL redirection for both instance on each instance server.xml as describe here. Application links need those configuration to be set to understand the proxy redirection.

Hope it helps.

Cheers,
Septa Cahyadiputra

Ijira connector:

 <Service name="Catalina">

        <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
              secure="true" scheme="https" proxyName="server.foo.com" proxyPort="443"

/>


ijira context:

   <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

                <Context path="/ijira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

 



ejira connector:
  <Service name="Catalina">

        <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
             secure="true" scheme="https" proxyName="monitor.qpass.com" proxyPort="443"
/>


ejira context:

 <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

                <Context path="/ejira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

The proxy works in terms of accessing/using either Jira instance -- but the application links don't work -- the jiras can't see
eachother.

Any tips?
Hi,

Here is some of my config info (obfuscated server names). As you can see, I am making use of mod_rewrite,
and the 2 jira instances (ijira, ejira) are just 2 subdomains:



<VirtualHost *:443> ServerName server.foo.com RewriteEngine on # RewriteRule ^/$ https://%{HTTP_HOST}/zabbix/ [R,L] RewriteRule ^/zabbix$ https://%{HTTP_HOST}/zabbix/ [R,L] RewriteRule ^/(zabbix/.*)$ http://foo-prod-foozbx.db.foo.net/$1?%{QUERY_STRING} [P,L] # RewriteRule ^/(zabbix/.*)$ http://foo-prod-fooapp-4.bar1.foo.net/$1?%{QUERY_STRING} [P,L] RewriteRule ^/(xy.*)$ http://foo-prod-fooapp-6.bar1.foo.net/$1?%{QUERY_STRING} [P,L] RewriteRule ^/ijira$ https://%{HTTP_HOST}/ijira/ [R,L] RewriteRule ^/(ijir.*)$ http://jira-1.bar1.foo.net:8080/$1?%{QUERY_STRING} [P,L] RewriteRule ^/ejira$ https://%{HTTP_HOST}/ejira/ [R,L] RewriteRule ^/(ejir.*)$ http://jira-2.bar1.foo.net:8080/$1?%{QUERY_STRING} [P,L] RewriteRule ^ /etc/httpd/conf.d/empty.html [L] </VirtualHost>


 

Hi,

Here's what I have in my apache (v2.2) vhosts:

NameVirtualHost *:80
&lt;VirtualHost *:80&gt;
  ServerName redirect.to.https.myserver.com
  RewriteEngine on
  # redirect requests with arguments with the arguments
  RewriteCond %{QUERY_STRING} !^$
  RewriteRule ^/(.*)$   https://%{HTTP_HOST}/$1?%{QUERY_STRING} [R,L]
  # all others redirect without the argument
  RewriteRule ^/(.*)$   https://%{HTTP_HOST}/$1                 [R,L]
&lt;/VirtualHost&gt;


&lt;VirtualHost *:443&gt;
  ServerName monitor.myserver.com
  RewriteEngine on
  RewriteRule ^/zabbix$         https://%{HTTP_HOST}/zabbix/                                    [R,L]
  RewriteRule ^/(zabbix/.*)$    http://myserver-prod-monzbx.db.myserver.net/$1?%{QUERY_STRING}        [P,L]
  RewriteRule ^/(xy.*)$         http://myserver-prod-monapp-6.sea1.myserver.net/$1?%{QUERY_STRING}    [P,L]
  RewriteRule ^/ejira$          http://%{HTTP_HOST}/ejira/                                     [R,L]
  RewriteRule ^/(ejir.*)$       http://jc-vmtomcat-2.sea1.myserver.net:8080/$1?%{QUERY_STRING}     [P,L]
  RewriteRule ^/ijira$          http://%{HTTP_HOST}/ijira/                                     [R,L]
  RewriteRule ^/(ijir.*)$       http://jc-vmtomcat-1.sea1.myserver.net:8080/$1?%{QUERY_STRING}     [P,L]
  RewriteRule ^                 /etc/httpd/conf.d/empty.html                                    [L]
&lt;/VirtualHost&gt;

And here is what I have in tomcat server.xml

 &lt;Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   secure="true"
                   scheme="https"
                   proxyName="monitor.myserver.com"
                   proxyPort="443"

/&gt;

To summarize:

1. reverse proxy is already serving some other apps -- I am adding 2 jira instances (ejira and ijira to it).

2. Above configuration allows me to access and use both instances of jira just fine.. however....

3. I am unable to create application links between the 2 jira instances.

I don't know if issue is that I am trying to use mod_rewrite instead of mod_proxy... etc. I need to use the mod_rewrite for the other apps that are already using the reverse proxy. I've read that mod_rewrite can overwrite mod_proxy... I'm wondering if this is some sort of collision?

Or, if I am overlooking something, that is entirely possible. I am kind of an apache noob.

Thanks for any help.. this has been stumping me for weeks!

One additional question. Could this maybe be a firewall issue? I had a proxy working fine, (including application links), but once I moved to a proxy in the DMZ, I started having issues with the application links. Are there specific ports on the internal tomcat instances that host ejira and ijira that the proxy needs to be able to access? Looks like right now the proxy can talk to both jiras on 8080. Do I need 8443 as well?

Found something -- nslookup is showing me that the 2 tomcat hosts can't see eachother. Seems like this may be a DNS issue. Once I have the resolved, I will retest.

I also meet such problem. the single instance can be accessed through https, but the two instances can't connect via applicaiton links. and the self-signed certificate of two instances has been put in each keystore.

I am also hitting this problem. I have confluence, stash, and jira all going through mod_proxy on apache and all 3 work individually and link but all think they're offline.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

2,760 views 11 18
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot