Setting up application links between 2 jira instances that are sitting behind a reverse proxy.

Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 5, 2012

Hi,

I've got 2 instances of Jira running behind a reverse proxy -- https terminates at the proxy level:

https --> proxy --> http -->tomcat

When I try to create application links between the 2 jira instances, I get :

"Application 'foo' seems to be offline. Click Here to Relocate."

In the logs, I see:

Could not reach provider foo; it will be omitted from the stream. The connection will be retried in 5 minutes.

I had read some people mention that you need to import the ssl root cert into the java keystore. I imported the ssl root cert from the proxy server into the keystores of both my java instances. Restarted services... still experiencing the problem.

I also tried adding the the proxy ip and application server ip for the inbound application links.

Am I missing something here? Any tips would be great -- the stuff I've seen online seems fragmentary. Seems clear that the proxy is making it hard for the 2 instances to see each other...

4 answers

1 accepted

0 votes
Answer accepted
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 11, 2012

To fix this, I ended up adding an entry to the /etc/hosts file on both tomcat boxes, so that the externally facing ip *name* resolved to the proxy's internal IP. That way, the tomcats could resolve the external ip name that was being passed through the reverse proxy.

0 votes
Jessica Mulein June 6, 2013

I am also hitting this problem. I have confluence, stash, and jira all going through mod_proxy on apache and all 3 work individually and link but all think they're offline.

0 votes
Jimmy Shen November 8, 2012

I also meet such problem. the single instance can be accessed through https, but the two instances can't connect via applicaiton links. and the self-signed certificate of two instances has been put in each keystore.

0 votes
Septa Cahyadiputra
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 5, 2012

Hi Bryan,

Just narrowing down the issue, have you set the URL redirection for both instance on each instance server.xml as describe here. Application links need those configuration to be set to understand the proxy redirection.

Hope it helps.

Cheers,
Septa Cahyadiputra

Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 6, 2012

Ijira connector:

 <Service name="Catalina">

        <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
              secure="true" scheme="https" proxyName="server.foo.com" proxyPort="443"

/>


ijira context:

   <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

                <Context path="/ijira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

 



ejira connector:
  <Service name="Catalina">

        <Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
             secure="true" scheme="https" proxyName="monitor.qpass.com" proxyPort="443"
/>


ejira context:

 <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

                <Context path="/ejira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

The proxy works in terms of accessing/using either Jira instance -- but the application links don't work -- the jiras can't see
eachother.

Any tips?
Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 6, 2012
Hi,

Here is some of my config info (obfuscated server names). As you can see, I am making use of mod_rewrite,
and the 2 jira instances (ijira, ejira) are just 2 subdomains:



<VirtualHost *:443> ServerName server.foo.com RewriteEngine on # RewriteRule ^/$ https://%{HTTP_HOST}/zabbix/ [R,L] RewriteRule ^/zabbix$ https://%{HTTP_HOST}/zabbix/ [R,L] RewriteRule ^/(zabbix/.*)$ http://foo-prod-foozbx.db.foo.net/$1?%{QUERY_STRING} [P,L] # RewriteRule ^/(zabbix/.*)$ http://foo-prod-fooapp-4.bar1.foo.net/$1?%{QUERY_STRING} [P,L] RewriteRule ^/(xy.*)$ http://foo-prod-fooapp-6.bar1.foo.net/$1?%{QUERY_STRING} [P,L] RewriteRule ^/ijira$ https://%{HTTP_HOST}/ijira/ [R,L] RewriteRule ^/(ijir.*)$ http://jira-1.bar1.foo.net:8080/$1?%{QUERY_STRING} [P,L] RewriteRule ^/ejira$ https://%{HTTP_HOST}/ejira/ [R,L] RewriteRule ^/(ejir.*)$ http://jira-2.bar1.foo.net:8080/$1?%{QUERY_STRING} [P,L] RewriteRule ^ /etc/httpd/conf.d/empty.html [L] </VirtualHost>


 

Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 16, 2012

Hi,

Here's what I have in my apache (v2.2) vhosts:

NameVirtualHost *:80
&lt;VirtualHost *:80&gt;
  ServerName redirect.to.https.myserver.com
  RewriteEngine on
  # redirect requests with arguments with the arguments
  RewriteCond %{QUERY_STRING} !^$
  RewriteRule ^/(.*)$   https://%{HTTP_HOST}/$1?%{QUERY_STRING} [R,L]
  # all others redirect without the argument
  RewriteRule ^/(.*)$   https://%{HTTP_HOST}/$1                 [R,L]
&lt;/VirtualHost&gt;


&lt;VirtualHost *:443&gt;
  ServerName monitor.myserver.com
  RewriteEngine on
  RewriteRule ^/zabbix$         https://%{HTTP_HOST}/zabbix/                                    [R,L]
  RewriteRule ^/(zabbix/.*)$    http://myserver-prod-monzbx.db.myserver.net/$1?%{QUERY_STRING}        [P,L]
  RewriteRule ^/(xy.*)$         http://myserver-prod-monapp-6.sea1.myserver.net/$1?%{QUERY_STRING}    [P,L]
  RewriteRule ^/ejira$          http://%{HTTP_HOST}/ejira/                                     [R,L]
  RewriteRule ^/(ejir.*)$       http://jc-vmtomcat-2.sea1.myserver.net:8080/$1?%{QUERY_STRING}     [P,L]
  RewriteRule ^/ijira$          http://%{HTTP_HOST}/ijira/                                     [R,L]
  RewriteRule ^/(ijir.*)$       http://jc-vmtomcat-1.sea1.myserver.net:8080/$1?%{QUERY_STRING}     [P,L]
  RewriteRule ^                 /etc/httpd/conf.d/empty.html                                    [L]
&lt;/VirtualHost&gt;

Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 16, 2012
And here is what I have in tomcat server.xml

 &lt;Connector port="8080"

                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   secure="true"
                   scheme="https"
                   proxyName="monitor.myserver.com"
                   proxyPort="443"

/&gt;

Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 16, 2012

To summarize:

1. reverse proxy is already serving some other apps -- I am adding 2 jira instances (ejira and ijira to it).

2. Above configuration allows me to access and use both instances of jira just fine.. however....

3. I am unable to create application links between the 2 jira instances.

I don't know if issue is that I am trying to use mod_rewrite instead of mod_proxy... etc. I need to use the mod_rewrite for the other apps that are already using the reverse proxy. I've read that mod_rewrite can overwrite mod_proxy... I'm wondering if this is some sort of collision?

Or, if I am overlooking something, that is entirely possible. I am kind of an apache noob.

Thanks for any help.. this has been stumping me for weeks!

Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 17, 2012

One additional question. Could this maybe be a firewall issue? I had a proxy working fine, (including application links), but once I moved to a proxy in the DMZ, I started having issues with the application links. Are there specific ports on the internal tomcat instances that host ejira and ijira that the proxy needs to be able to access? Looks like right now the proxy can talk to both jiras on 8080. Do I need 8443 as well?

Bryan Karsh
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 18, 2012

Found something -- nslookup is showing me that the 2 tomcat hosts can't see eachother. Seems like this may be a DNS issue. Once I have the resolved, I will retest.

Suggest an answer

Log in or Sign up to answer