Setting up application links between 2 jira instances that are sitting behind a reverse proxy.

Hi,

I've got 2 instances of Jira running behind a reverse proxy -- https terminates at the proxy level:

https --> proxy --> http -->tomcat

When I try to create application links between the 2 jira instances, I get :

"Application 'foo' seems to be offline. Click Here to Relocate."

In the logs, I see:

Could not reach provider foo; it will be omitted from the stream. The connection will be retried in 5 minutes.

I had read some people mention that you need to import the ssl root cert into the java keystore. I imported the ssl root cert from the proxy server into the keystores of both my java instances. Restarted services... still experiencing the problem.

I also tried adding the the proxy ip and application server ip for the inbound application links.

Am I missing something here? Any tips would be great -- the stuff I've seen online seems fragmentary. Seems clear that the proxy is making it hard for the 2 instances to see each other...

4 answers

1 accepted

To fix this, I ended up adding an entry to the /etc/hosts file on both tomcat boxes, so that the externally facing ip *name* resolved to the proxy's internal IP. That way, the tomcats could resolve the external ip name that was being passed through the reverse proxy.

Hi Bryan,

Just narrowing down the issue, have you set the URL redirection for both instance on each instance server.xml as describe here. Application links need those configuration to be set to understand the proxy redirection.

Hope it helps.

Cheers,
Septa Cahyadiputra

Ijira connector:

 <Service name="Catalina">

        <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
              secure="true" scheme="https" proxyName="server.foo.com" proxyPort="443"

/>


ijira context:

   <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

                <Context path="/ijira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

 



ejira connector:
  <Service name="Catalina">

        <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
             secure="true" scheme="https" proxyName="monitor.qpass.com" proxyPort="443"
/>


ejira context:

 <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

                <Context path="/ejira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

The proxy works in terms of accessing/using either Jira instance -- but the application links don't work -- the jiras can't see
eachother.

Any tips?
Hi,

Here is some of my config info (obfuscated server names). As you can see, I am making use of mod_rewrite,
and the 2 jira instances (ijira, ejira) are just 2 subdomains:



<VirtualHost *:443> ServerName server.foo.com RewriteEngine on # RewriteRule ^/$ https://%{HTTP_HOST}/zabbix/ [R,L] RewriteRule ^/zabbix$ https://%{HTTP_HOST}/zabbix/ [R,L] RewriteRule ^/(zabbix/.*)$ http://foo-prod-foozbx.db.foo.net/$1?%{QUERY_STRING} [P,L] # RewriteRule ^/(zabbix/.*)$ http://foo-prod-fooapp-4.bar1.foo.net/$1?%{QUERY_STRING} [P,L] RewriteRule ^/(xy.*)$ http://foo-prod-fooapp-6.bar1.foo.net/$1?%{QUERY_STRING} [P,L] RewriteRule ^/ijira$ https://%{HTTP_HOST}/ijira/ [R,L] RewriteRule ^/(ijir.*)$ http://jira-1.bar1.foo.net:8080/$1?%{QUERY_STRING} [P,L] RewriteRule ^/ejira$ https://%{HTTP_HOST}/ejira/ [R,L] RewriteRule ^/(ejir.*)$ http://jira-2.bar1.foo.net:8080/$1?%{QUERY_STRING} [P,L] RewriteRule ^ /etc/httpd/conf.d/empty.html [L] </VirtualHost>


 

Hi,

Here's what I have in my apache (v2.2) vhosts:

NameVirtualHost *:80
&lt;VirtualHost *:80&gt;
  ServerName redirect.to.https.myserver.com
  RewriteEngine on
  # redirect requests with arguments with the arguments
  RewriteCond %{QUERY_STRING} !^$
  RewriteRule ^/(.*)$   https://%{HTTP_HOST}/$1?%{QUERY_STRING} [R,L]
  # all others redirect without the argument
  RewriteRule ^/(.*)$   https://%{HTTP_HOST}/$1                 [R,L]
&lt;/VirtualHost&gt;


&lt;VirtualHost *:443&gt;
  ServerName monitor.myserver.com
  RewriteEngine on
  RewriteRule ^/zabbix$         https://%{HTTP_HOST}/zabbix/                                    [R,L]
  RewriteRule ^/(zabbix/.*)$    http://myserver-prod-monzbx.db.myserver.net/$1?%{QUERY_STRING}        [P,L]
  RewriteRule ^/(xy.*)$         http://myserver-prod-monapp-6.sea1.myserver.net/$1?%{QUERY_STRING}    [P,L]
  RewriteRule ^/ejira$          http://%{HTTP_HOST}/ejira/                                     [R,L]
  RewriteRule ^/(ejir.*)$       http://jc-vmtomcat-2.sea1.myserver.net:8080/$1?%{QUERY_STRING}     [P,L]
  RewriteRule ^/ijira$          http://%{HTTP_HOST}/ijira/                                     [R,L]
  RewriteRule ^/(ijir.*)$       http://jc-vmtomcat-1.sea1.myserver.net:8080/$1?%{QUERY_STRING}     [P,L]
  RewriteRule ^                 /etc/httpd/conf.d/empty.html                                    [L]
&lt;/VirtualHost&gt;

And here is what I have in tomcat server.xml

 &lt;Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   secure="true"
                   scheme="https"
                   proxyName="monitor.myserver.com"
                   proxyPort="443"

/&gt;

To summarize:

1. reverse proxy is already serving some other apps -- I am adding 2 jira instances (ejira and ijira to it).

2. Above configuration allows me to access and use both instances of jira just fine.. however....

3. I am unable to create application links between the 2 jira instances.

I don't know if issue is that I am trying to use mod_rewrite instead of mod_proxy... etc. I need to use the mod_rewrite for the other apps that are already using the reverse proxy. I've read that mod_rewrite can overwrite mod_proxy... I'm wondering if this is some sort of collision?

Or, if I am overlooking something, that is entirely possible. I am kind of an apache noob.

Thanks for any help.. this has been stumping me for weeks!

One additional question. Could this maybe be a firewall issue? I had a proxy working fine, (including application links), but once I moved to a proxy in the DMZ, I started having issues with the application links. Are there specific ports on the internal tomcat instances that host ejira and ijira that the proxy needs to be able to access? Looks like right now the proxy can talk to both jiras on 8080. Do I need 8443 as well?

Found something -- nslookup is showing me that the 2 tomcat hosts can't see eachother. Seems like this may be a DNS issue. Once I have the resolved, I will retest.

I also meet such problem. the single instance can be accessed through https, but the two instances can't connect via applicaiton links. and the self-signed certificate of two instances has been put in each keystore.

I am also hitting this problem. I have confluence, stash, and jira all going through mod_proxy on apache and all 3 work individually and link but all think they're offline.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published Thursday in Jira

5 ways you can make the most of Jira Software and Bitbucket Cloud

As part of the Bitbucket product team I'm always interested in better understanding what kind of impact the use of our tools have on the way you work. In a recent study we conducted of software devel...

64 views 0 5
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you