jira not working on port 80 on Ubuntu 18.04.3 (LTS) x64

I have allowed port 80 using "ufw allow 80" command. after running "ufw status" command I am seeing that port 80 is open for both ipv4 and ipv6

@mdesai  All the answers you seek is well explained here.

Changing Jira application TCP ports 

You should be Ok if you do it correct and firewall is not blocking anything   or Apparmour

I have followed this article only. I manually changed server.xml as given on that article and restarted jira service but it is still not taking port 80 into effect. May be its because of ubuntu, as given on the same article, that in ubuntu in order to bind port 80 you need to restart the service as root. so now question is how can I start my jira service as root? currently I start and stop my jira service using below commands

/etc/init.d/jira start

/etc/init.d/jira stop

is it ok to start and stop jira like that?

Below is screenshot of that line, in that article, which says running jira as root user 

Attaching here with server.xml file screenshot after changing port from 8080 to 80

Also attaching  result of running below command through putty

netstat -ntlp | grep LISTEN

(before changing port in server.xml)

(After changing port in server.xml from 8080 to 80)

@mdesaiThe question is did you change port  in the server.xml  you said you change it earlier. If the port is below 1024, then you will  need to start jira with  root user why? because port < 1024 are already used and grouped  over the internet and the root user will enforce the bind port 80  even though it is  widely used over the internet. But since you have change the port and remember, check all port by using the netstat -tulpen, to see all port in use, and choose port greater that 1024 so that you will not need to start jira  with  the user root.  Further more, you should check port,  by typing below on Ubuntu terminal  below commands to check  whether java is running on this port you have  changed. To  identify the java process id,  first  type

ps  aux | grep jira    " to  get the process id aka PID followed by the below "          

netstat - tulpen     "to see the TCP port java process is running on

Let me explain, starting jira as a service means that you have a dedicated user to  start jira (Just best  practice)  if you start jira  as root then you will  over write  all  files permission to  root, and you can no longer start  jira as  a service because the user jira will  not have the permission to  start  jira. You will have to  do

chown -R jira:jira  file_name  " i.e to  all files in jira_home and installation folder to  be able to run as a service".

I  Hope it is clear now, please give feed back .

Kind regards,

Moses.

@Moses Thomas 

here is what I am doing now step by step,

Step-1

I changed my server.xml file in /opt/atlassian/jira/conf directory and manually changed <Connector > port from 8080 to 80 and here is the resulting server.xml file

 Step 2

After that to restart jira service I ran below command to stop jira service

/etc/init.d/jira stop

Step 3

Then to start jira back again I ran below command

/etc/init.d/jira start

after that I am checking the url in browser but it displays below error

Step 4

As explained by you, I am running below commands after this to check which port java process is using 

ps aux | grep jira

Step 5

I ran below command right after that

Based on this can you tell me where am I doing wrong?  In last screenshot, why java service is running on port 8005?

Thank you so much for your prompt response.

Regards,

mdesai

@mdesai  As i have mentioned, please change port 80 to  a port not mentioned when you type  netstat -tulp   for  instance 8006.  That  java  process running at port 8005   is  for the whole Jira server,  now  the port 80   is for Tomcat  server connector  which is  embedded in JIRA, for  JIRA  to  run. And to make port 80 work you need to  run as root to force bind port 80.

So please change port  80 to 8006 and we will  be happy  as  long there is no fire wall blocking  TCP connect at 8006 :)

@Moses Thomas  Excellent explanation. I changed port from 80 to 8006 and it started working. Here is my server.xml file now.

Here is netstat -tulpen result

But this still does not solve my problem. The reason why I wanted to change my port to 80 was to access jira url without any port. Currently I am accessing my application using below url

http://[hostname].xyz:8006/secure/Dashboard.jspa

and what I want is to be able to access it using

http://[hostname].xyz/secure/Dashboard.jspa

so can you please tell me what should be my port number in <connector> tag and in <server> tag in my server.xml file specifically to achieve that? Sorry if my question was confusing.

Also, all these commands I am running by logging into putty using "root" user only. When you say "you need to  run as root to force bind port 80." what exactly do I need to do?

Can you give me command to run as root to force bind port 80? And I should only do that if I am changing my <connector> port from 8006 to 80. Correct?

Thanks again for your quick responses.

@Moses Thomas Thanks for clarification. That was really helpful.

I changed my port number from 80 to 8006 in <connector> tag in server.xml file and it is working fine now. Here is my server.xml file.

Here is netstat -tulpen result

But it did not solve my problem yet. The whole purpose of doing this is to be able to access jira using a url without port number. Currently I can access jira using below URL:

http://[myhostname].xyz:8006/secure/Dashboard.jspa

and what I want is to be able to access jira using below URL:

http://[myhostname].xyz/secure/Dashboard.jspa

So could you please tell me exactly which port number should I use in <server> tag and in <connector> tag in server.xml file to be able to access jira without any port number?

Also, All these commands I am running by logging into putty using "root" user only. 

so when you say "to make port 80 work you need to run as root to force bind port 80", what command should I run exactly for achieving that? And I should be only doing that if I change my <connector> port to 80 , correct? 

Thanks again for your all quick responses.

Regards,

mdesai

@mdesai 

OK now that JIRA is working great forget about running JIRA as root  to  enforce port 80 because you will just  get what we have achieved,  but the right way  to set up JIRA  been accessible through  http://[myhostname].com/jira on standard HTTP port 80 while JIRA itself listens on port 8006 with context path /jira. (to add context path see here Change the context path used to access Jira server )

You have to  run JIRA via  a reverse proxy  either by using apache or  Nginx,  and i choose  Nginx   because it has several advantages and easier to configure for me.

• Install Nginx  sever on your Ubuntu machine Official Debian/Ubuntu packages 
• Foll the instruction here it is very clear Configure Jira server to run behind a NGINX reverse proxy 
• Now in the documentation the other two ports are 8081, 8082 respectively in the connector configuration; you can use 8007 and 8008  or above as you like, the ports that are free >1024  and  you know that we can check this  by typing  netstat- tulpen  
•   The proxyName  is your host name because it is the same Ubuntu server where Nginx reverse proxy is installed and you need to  configure /etc/hostname  and /etc/hosts
• The server_name  is the same as proxyname  in the Nginx Configuration ; Server block should be inside /etc/nginx/conf.d/default.conf  but this  format is; if you install from official NGINX repo, and default HTTP Block should be inside /etc/nginx/nginx.conf,  if you will have problem configuring it i could send you what should be inside.

           more info here. How to Configure NGINX 

• You need only the Whole Configure connector steps  and Only step one in Nginx  configuration since you are not interested in SSL  but if  you also  want this  then do the remaining steps
• Restar Nginx,   restart and access JIRA  from http://[myhostname].com/jira

Kind regards,

Mo

Hi, @Moses Thomas  thank you so much for your help. Excellent explanation!

I followed all setps as mentioned and everything is working fine now using below url

http://[myhostname].xyz/jira/secure/Dashboard.jspa

Here is my /etc/nginx/conf.d/default.conf file

server {
listen www.[hostname].xyz:80;
server_name www.[hostname].xyz;
location /jira {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://[hostname].xyz:8080/jira;
client_max_body_size 10M;
}
}

and here is my jira config file /opt/atlassian/jira/conf/server.xml

but here are my queries now

1. I want to install https certificate from lets encrypt. I installed certbot for that and upon running certificate install command below is the error I am getting

Do I need to do something before running certificate install command for nginx? Do I need to change server block in /etc/nginx/conf.d/default.conf file?

2. I want to get rid of /jira from URL. Is it possible?

3. The URL

http://[myhostname].xyz:8080/jira/secure/Dashboard.jspa

also works. How can I stop that and just make jira accessible by below URL

http://[myhostname].xyz/secure/Dashboard.jspa   - (without /jira part)

Thanks again.

Regards,

M

@mdesai 

Answers to  Questions.

Do I need to do something before running certificate install command for nginx?

Ans: Yes   " Prerequisite"

• Own or control the registered domain name for the certificate. If you don’t have a registered domain name, you can use a domain name registrar, such as GODaddy or dnsexit 
• Create a DNS record that associates your domain name and your server’s public IP address

I want to get rid of /jira from URL. Is it possible ?

Ans: Yes

In the the server.xml  you need to change the context path look for this  line  
Current
<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly=true >

After change
<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly=true>

in the /etc/nginx/conf.d/default.conf  remove jira in the server block so you will have the below
  server {
listen www.[hostname].xyz:80;
server_name www.[hostname].xyz;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://[hostname].xyz:8080/;
client_max_body_size 10M;
}
}

Restart Nginx and JIRA successfully running via reverse proxy, access JIRA  via  https  link  and  the configure  the  BASE URL,  which will allow access this link only. i.e 

https://[myhostname].xyz/secure/Dashboard.jspa

You need to have the system administrator global permission in order to perform this function.

To configure the Base URL:

Choose > System. 
Choose General Configuration in the left-hand panel.
Choose Edit Settings.
Enter the new URL in the Base URL text box.
Choose Save.

Kind regards,

MO

Hi, @Moses Thomas 

Thank you so much once again for prompt response.

1) for installing https certificate

I am using certbot to install let's encrypt https certificate and domain registrar is godaddy. I own the domain name and I have created A record as well in my private cloud server control panel. Still I am getting this error while installing https cert and i guess let's encrypt does not support godaddy.

Let's say I will work around this then question is

"after installing https certificate, what kind of config changes do I need to do in

/opt/atlassian/jira/conf/server.xml  file and in /etc/nginx/conf.d/default.conf file "

can you just send me the lines to replace just like in above responses you sent and the file in which to do all these changes?

2) i got rid of /jira part from URL. Thank you so much for perfect explanation.

3)  I also have another domain which is pointing to my another application in https

https:[anotherapplication-hostname].dev with apache server.

can I create a subdomain lets say jira.[anotherapplication-hostname].dev and create A record there to point to my jira server IP address and do the rest https changes in config. will that work for me? 

Thanks a lot.

Regards,

M

@Moses Thomas ,

I guess since I am using nginx as reverse proxy server, the acme challenge is failing while creating and installing certificate using below command

sudo certbot --nginx -d [hostname].xyz -d www.[hostname].xyz

Below url is kind of example as to what is happening more or less ( our nginx is reverse proxy server)

https://community.letsencrypt.org/t/the-client-lacks-sufficient-authorization-404/5309

Can you please give me proper config changes in such a way that it will allow acme challenge to pass. The url it is trying to reach is as below

http://[hostname].xyz/.well-known/acme-challenge/RUGLFcgi4PvP63zu-gt5_kf_aG7_Pqax1yNK7UdfVtk

If I put a simple html file in above location then I can not access it in browser. it gives me 404.

http://[hostname].xyz/.well-known/acme-challenge/abc.html

I created /.well-known/acme-challenge/abc.html in /var/atlassian/application-data/jira/ folder and also in /var/www/html/ folders but I could not access abc.html using below url

http://[hostname].xyz/.well-known/acme-challenge/abc.html

So I guess we have to do some changes in config so that it allows access to 

http://[hostname].xyz/.well-known/acme-challenge/*

Let me know your thoughts. 

Regards,

M

@mdesai 

We are almost done, Regarding 1 point Before we continue with further configuration of nginx, let us fix problem with generating certificate using cerbort.

When you ping your domain by typing

ping domain_name   /On the terminal

Which IP address do you obtain? and make sure you are typing the correct domain name,

Now the "error" say make sure we are typing the domain correctly and the DNS A/AAAA records for the domain contain the right IP

This means A/AAAA records are IPV4/IPV6 addresses; the IP address you have obtained from ping is it the same as the IP address in the DNS ZONE

check the domain manager make sure they are the same, i suppose it should be A record IPv4(address)

You can also check cat /etc/resolv.conf to see the Domain name and IP adress and the A record(Domain's IP) is the same as host IP address

change default.conf  to

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /var/www/html;
    server_name  [hostname].xyz www.[hostname].xyz;
}

After verifying this then try to regenerate using 

sudo certbot --nginx -d [hostname].xyz -d www.[hostname].xyz

 

and check whether cerbort works  later we will modify  default.conf and nginx.conf    to suit our needs.

As for the point 3, Don't make life complex for now, since you have a domain running behind Apache reverse proxy on another host
let it be for now. Let configure nginx on the JIRA host; later you may want to use Nginx on both servers. At least you will have some experience later you have to learn Nginx to understand improved configuration which we will come to later.

Best regards,

Mo

Hi @Moses Thomas ,

Thanks for clarifying things.

Since I was kind of in hurry, here is what I tried and it worked 

https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx  

I followed all steps mentioned in default tab and it worked and 

Now I have successfully installed certificate and I can access jira as

https://www.[myhostname].live

(P.S. i have changed .xyz to .live)

Here is how my /etc/nginx/conf.d/default.config file looks now 

these changes in nginx config file are done by certbot only.

querries

1. what changes do I need to do in jira server.xml or in any other config file to make compatible for https?

2. On home page I see this error instead of https lock icon

3. If I log in then on some pages the error in point 2 goes away and it displays lock icon.

4. some links are giving me 404 after loggin in (e.g. if I click on issue then it gives 404)

http://[myhostname].live/browse/INT-6

I also don't know why those urls are still http

5. images are loading using http hence not loading 

I guess these all are related to jira config for https.

Please guide me on this.

Regards,

M

@mdesai  OK good  this is good i will send you two  final files. but please change  Base url   the link you use to access jira via https https://www.[myhostname].live 

You need to have the system administrator global permission in order to perform this function.

To configure the Base URL:

Choose > System. 
Choose General Configuration in the left-hand panel.
Choose Edit Settings.
Enter the new URL in the Base URL text box.
Choose Save.

After this  check to see if all links are ok

@mdesai 

Finnaly,  i have attached to files in form of code just create jira.conf and replace nginx.conf

Follow carefully.

1.Copy default.conf and paste it somewhere on a note pad

2. Stop jira and nginx server.

3. Remove default.conf or move it to /root just in case later to be deleted.

4. replace nginx.conf with the file i have attached.

5. change server_name, (ssl_certificate,ssl_certificate_key, ssl_dhparam) paths to be the same as default.conf i ask to copy some where safe.

Restart nginx, restart JIRA. You should be alrite.

nginx.conf

# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/


user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 2024;
}

http {
log_format main '$remote_addr - $upstream_http_x_ausername [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;


#include /etc/nginx/conf.d/*.conf;

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name enter_ser_vername;
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
rewrite ^ https://$server_name$request_uri? permanent;

}

# Settings for a TLS enabled server.

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name enter_server_name;

ssl_certificate "/etc/letsencrypt/live/example.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/example.com/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ' ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;

# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
add_header Strict-Transport-Security "max-age=63072000" always;

location / {
client_max_body_size 300m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
if ($request_uri ~* "(/.*)")
{
proxy_pass http://localhost:8080$1; break;
}
proxy_pass http://localhost:8080;
proxy_cookie_path / "/; Secure";
}

error_page 404 /404.html;
location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
}


}

}

Kind regards,

Mo

Hi @Moses Thomas 

Thanks again for your quick response.

Here is my /etc/nginx/conf.d/jira.conf file

Here is my /etc/nginx/nginx.conf file

After doing these changes I am not able to restart nginx. if I run the command

sudo nginx -t

it gives below output

P.S. I have removed /etc/nginx/conf.d/default.conf file and now inside /etc/nginx/conf.d directory, there is just one file jira.conf

Thanks again.

Regards,

M

@mdesai  Sorry my bad i have updated the nginx.conf  lots where missing when i modified/ copied. Check it again

nginx -t && nginx -s reload

restar nginx,   I hope it will work this time.

Hi @Moses Thomas 

Still the error as below:

Here is my /etc/nginx/conf.d/jira.conf file

Here is my /etc/nginx/nginx.conf file

Thanks & Regards,

-M

@mdesai  

The error  now is better :)  the user "nginx"   in the  nginx.conf   don't exist

just create it  with the user add command  in Linux and then  check again

useradd nginx

 

Hi @Moses Thomas 

ok. I created the user. so that error is gone but new one is coming up now as below

I have done below change

before:

listen 80 default_server;
listen [::]:80 default_server;

after:

listen www.[myhostname].live:80;
listen [::]:80 www.[myhostname].live;

there is something wrong in above 2 lines. I just made "listen" to be like my default.conf

let me know

Regards,

-M

@mdesai  Don't mixed it up, look at the  ngnix.conf  i have provided ,  it should be the same with yours.

The error says line 38  and  in your current file its not same with the one i presented  because if your have it like i have provided it can not say invalid parameter  since  the below is not present in line 38

listen [::]:80 www.xyz.live;

should be the below

listen [::]:80 default_server;

If  you ping  server name and  its working i.e it should be working without problems 

and please show me what you have in  cat /etc/hostname  and cat /etc/hosts

@Moses Thomas  ohh ok, my bad. I thought I am supposed to do below changes

6. change server_name, (ssl_certificate,ssl_certificate_key, ssl_dhparam) paths to be the same as default.conf i ask to copy some where safe.

7. Lastly change listen, server_name, proxy_pass to be the same as in the default .conf.

in jira.conf and nginx.conf files. Sorry i misunderstood.

Here is my /etc/nginx/nginx.conf file now (copied your nginx.conf file only )

The only changes I have done in your nginx.conf file are ssl_certificate, ssl_certificate_key, ssl_dhparam which you can see above on line 53,54 and 60

The test has been successful now.

Here is output of cat /etc/hostname  and cat /etc/hosts

Also, I am getting below issue in frontend

it seems like css files are not loading.

P.S. I have also changed the base url from backend to be https://www.[myhostnamr].live/

Kind regards,

-M

@mdesai

You did the right thing in the beginning but just needed to change one thing all i was saying all along is  to  copy  exactly  my  ngnix.conf 

In  ngnix.conf   change server_name, ssl_certificate,ssl_certificate_key, ssl_dhparam paths to be the same as default.conf i ask to copy some where safe.

Now we have it good except  for  server_name

Aww  we don't  need  jira.conf   this is needed in some kind of different configuration

sorry all they way i was in this different configuration  remove  jira.conf   not needed

Your server_name  is   jira-ubuntu-2,    so change  server_name in  nginx.conf    and comment out

#include /etc/nginx/conf.d/*.conf;

 and do  the test again.

Finally restart JIRA server  the restart nginx

@Moses Thomas 

ok. got it. but even after those changes there is still something wrong.

sudo nginx -t && nginx -s reload       runs successfully but when I visit the url

https://www.[myhostname].live

then it gives me 404 not found

and here is my jira.conf file now. Note that the server_name in jira.conf is

www.[hostname].live which it taken from my previous default.conf file.

Here is my nginx.conf file now. I have highlighted server_name variable value in it.

Regards,

-M

@mdesai  I guess  you did not read  my last comment

Aww  we don't  need  jira.conf   this is needed in some kind of different configuration

sorry all the way i was in this different configuration  remove  jira.conf   not needed

Your server_name  is   jira-ubuntu-2,    so change  server_name in  and comment out

#include /etc/nginx/conf.d/*.conf;

in nginx.conf   and do  the test again.

Finally restart JIRA server  the restart nginx

@Moses Thomas 

yes I forgot the include line to comment out. I did that and removed jir.conf file and restarted jira and nginx but it is still not working.

if I type url

https://www.[myhostname].live/

in chrome then it takes me to 

https://jira-ubuntu-2/startup.jsp?returnTo=%2Fdefault.jsp

here is nginx.conf

Regards,

-M

@mdesai 

In server_name change to  domain name  which is  your case

www.[hostname].xyz

Try please and give feed back ASAP lets finish this  issue today !

@Moses Thomas 

really appreciate that.

I changed the server_name to www.[hostname].live

it worked now. the only issue is css not loading

-M

@mdesai 

first try;

move   include /etc/nginx/mime.types;   to

location /{

}

@Moses Thomas 

ok..did it. still the same result. css is not loading.

@mdesai  I once had this problem before but i don't recall how i  solve it hmm

* Take include /etc/nginx/mime.types; back to where it was and then reorder these
to have the below and then try

default_type application/octet-stream;
include /etc/nginx/mime.types;

* If it does not work, check firewall and appamour make sure they are not block anything (you may disable temporarily and try)

* Clear web browser( so we can rule out cache issue)

* Press F12 on the web browser and on the console check errors found.

* Show also /var/log/nginx/error.log may be we could find some information there

* You may try to reboot the server ( "most likely useless)

@Moses Thomas 

I tried all suggestions but none of them worked. still the same issue

Here is F12 console errors:

and here are the error.log details:

2020/05/13 20:03:29 [notice] 14786#14786: signal process started
2020/05/13 20:06:34 [notice] 15263#15263: signal process started

2020/05/13 20:07:02 [error] 15287#15287: *1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 24.188.37.96, server: jira-ubuntu-2, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8080//", host: "www.[mydomainname].live"

2020/05/13 20:07:02 [error] 15287#15287: *1 open() "/usr/share/nginx/html/50x.html" failed (2: No such file or directory), client: 24.188.37.96, server: jira-ubuntu-2, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:8080//", host: "www.[mydomainname].live"

2020/05/13 20:07:03 [error] 15287#15287: *1 connect() failed (111: Connection refused) while connecting to upstream, client: 24.188.37.96, server: jira-ubuntu-2, request: "GET /favicon.ico HTTP/2.0", upstream: "http://127.0.0.1:8080//favicon.ico", host: "www.[mydomainname].live", referrer: "https://www.[mydomainname].live/"

2020/05/13 20:07:03 [error] 15287#15287: *1 open() "/usr/share/nginx/html/50x.html" failed (2: No such file or directory), client: 24.188.37.96, server: jira-ubuntu-2, request: "GET /favicon.ico HTTP/2.0", upstream: "http://127.0.0.1:8080//favicon.ico", host: "www.[mydomainname].live", referrer: "https://www.[mydomainname].live/"

2020/05/13 20:13:45 [notice] 15791#15791: signal process started

2020/05/13 20:20:10 [error] 16029#16029: *183 upstream prematurely closed connection while reading upstream, client: 24.188.37.96, server: www.[mydomainname].live, request: "GET /static-assets/metal-all.css HTTP/2.0", upstream: "http://127.0.0.1:8080//static-assets/metal-all.css", host: "www.[mydomainname].live", referrer: "https://www.[mydomainname].live/issues/"

2020/05/13 20:20:10 [error] 16029#16029: *183 upstream prematurely closed connection while reading upstream, client: 24.188.37.96, server: www.[mydomainname].live, request: "GET /static-assets/metal-all.js HTTP/2.0", upstream: "http://127.0.0.1:8080//static-assets/metal-all.js", host: "www.[mydomainname].live", referrer: "https://www.[mydomainname].live/issues/"

2020/05/13 20:50:51 [notice] 16365#16365: signal process started

2020/05/13 20:52:25 [error] 16386#16386: *1 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 24.188.37.96, server: www.[mydomainname].live, request: "GET /secure/BrowseProjects.jspa HTTP/2.0", upstream: "http://127.0.0.1:8080//secure/BrowseProjects.jspa", host: "www.[mydomainname].live", referrer: "https://www.[mydomainname].live/secure/Dashboard.jspa"

2020/05/13 20:52:25 [error] 16386#16386: *1 open() "/usr/share/nginx/html/50x.html" failed (2: No such file or directory), client: 24.188.37.96, server: www.[mydomainname].live, request: "GET /secure/BrowseProjects.jspa HTTP/2.0", upstream: "http://127.0.0.1:8080//secure/BrowseProjects.jspa", host: "www.[mydomainname].live", referrer: "https://www.[mydomainname].live/secure/Dashboard.jspa"

2020/05/13 21:30:57 [notice] 17008#17008: signal process started

2020/05/13 21:32:30 [error] 17245#17245: *1 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 24.188.37.96, server: www.[mydomainname].live, request: "GET /secure/Dashboard.jspa HTTP/2.0", upstream: "http://127.0.0.1:8080//secure/Dashboard.jspa", host: "www.[mydomainname].live"

2020/05/13 21:32:30 [error] 17245#17245: *1 open() "/usr/share/nginx/html/50x.html" failed (2: No such file or directory), client: 24.188.37.96, server: www.[mydomainname].live, request: "GET /secure/Dashboard.jspa HTTP/2.0", upstream: "http://127.0.0.1:8080//secure/Dashboard.jspa", host: "www.[mydomainname].live"

2020/05/13 21:36:05 [error] 17245#17245: *109 upstream prematurely closed connection while reading upstream, client: 66.249.64.92, server: www.[mydomainname].live, request: "GET /robots.txt HTTP/1.1", upstream: "http://127.0.0.1:8080//robots.txt", host: "www.[mydomainname].live"

2020/05/13 21:42:30 [notice] 1425#1425: signal process started

I have also rebooted the server but it didn't work either.

Regards,

-M

@mdesai 

Let keep  the fight till the end

change back the order  as below

include /etc/nginx/mime.types;
default_type application/octet-stream;

comment out the below   "i am suspecting this guy here"  we don't need strict check

add_header Strict-Transport-Security "max-age=63072000" always;

and  change the below to  "on"

ssl_prefer_server_ciphers off;

And try i hope it works  other wise i  have to  heavily cross check this configuration may be we will need to have a  call or something.

@Moses Thomas 

ok. I really appreciate your efforts! You are the best support I have ever had. Thanks!

I tried it but it still did not work. Below are the changes done in nginx.conf

Regards,

-M

@mdesai  

After reading the  X-Content-Type-Options    it  seem we need to add point2  in  the server block in  nginx.conf  change back   to

Point1

add_header Strict-Transport-Security "max-age=63072000" always;

Point 2

add_header X-Content-Type-Options "nosniff" always;

 And verify  and restart nginx,  and check browser  with firefox, chrome ,opera

@Moses Thomas 

Still isn't working. same error in all browsers

P.S. there are 2 server blocks and I have added point 2 on second server block.

Correct me if I am doing something wrong.

Regards,

-M

@mdesai 

This is interesting!

Exactly you are doing it correctly,  what error to  you get from other browser when you use F12 ?

@Moses Thomas 

opera

edge

@Moses Thomas 

if possible, should we schedule a zoom meeting or something to expedite this?

Regards,

-M

@mdesai  Yes i was gonna propose that I think that Zoom is Ok  so  that we can look into.

@Moses Thomas  Can we do it today? give me your email here so I will send you invite, cool?

@mdesaiYou can invite me at the mail xyz@gmail.con 

once invited just let me so that i could remove this mail here.

@Moses Thomas 

You should have received a zoom invite on that email. Let me know if you haven't

we can start the meeting whenever you are ready. Now you have my email address as well.

Looking forward to talk to you.

Regards,

-Mihir

@mdesai  OK we can start Now

Kind regards,

Moses

@Moses Thomas 

ok I have started the meeting there.

@mdesai  @Moses Thomas Since you closed this issue after your Zoom meeting, can you provide some closure in terms of configuration? I read through all of your communication and wanted to replicate, but there isn't final version I could try and then work my way to solution. I will try to work on something via official docs, but hopefully you guys can help me with sharing what was in the end working solution. I have same idea, Jira opening on port 80 and having ssl certificate to work on port https port 443.

TIA

Hi Bibek, Thanks for quick response. Actually I ran "ufw status" command and it is clearly showing that port 80 is allowed for ipv4 and ipv6 both. In many forums I went through, I found that after doing any changes in server.xml file on ubuntu., you have to restart jira service as root user. At the same time they have mentioned that running any service with root user on ubuntu is not safe. so what should be done in this case. any idea?