nginx serving jira and stash

Hi guys,

I run jira and stash on the same server and use nginx as a proxy for SSL support. Every instance for itself works perfectly, but when I try to link jira with stash via "Application Link" I get an error: The host doesn't respond. Change the URL or click Next to confirm.

Parsing through the web browsers error log I found that the problem seems to be that nginx doesn t support http OPTIONS. Which seems to break this specific feature.

I googled and I found this work around:

error_page 405 =200 @405;
location @405 {
root /;
proxy_pass http://127.0.0.1:8080;
}

Which didn t help in my case. So I wonder what would be the proper way to make jira and stash work completly behind nginx?

Thanks!

Kind regards,
Daniel

PS: here is the complete config file:

server {

    listen       80;
    server_name  jira.gosi.at;

    rewrite      ^ https://$server_name$request_uri? permanent;

}

server {

    listen       443 ssl;
    server_name  jira.gosi.at;

    ssl_certificate  ssl/gosi.pem;
    ssl_certificate_key  ssl/gosi.key;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8080;
        port_in_redirect off;
        proxy_redirect http://127.0.0.1:8080/ http://jira.gosi.at/;
        proxy_redirect https://127.0.0.1:8080/ https://jira.gosi.at/;
    }

    error_page 405 =200 @405;
    location @405 {
        root /;
        proxy_pass http://127.0.0.1:8080;
    }

}

4 answers

0 vote
Eddie Webb Community Champion Aug 05, 2013

I am not sure that fix will work as you hope.

Have you tried the resolutions to enabled

if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'YOURDOMAIN';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';

Thanks for your input, I change the config to this:

server {

    listen       80;
    server_name  git.gosi.at;

    rewrite      ^ https://$server_name$request_uri? permanent;

}

server {

    listen       443 default ssl;
    server_name  git.gosi.at;

    ssl_certificate  ssl/gosi.pem;
    ssl_certificate_key  ssl/gosi.key;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:7990;
        port_in_redirect off;
        proxy_redirect http://127.0.0.1:7990/ http://git.gosi.at/;
        proxy_redirect https://127.0.0.1:7990/ https://git.gosi.at/;

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' 'git-rso.rapidsoft.de';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        }
    }
}

For both the Stash and Jira config, sadly this didn t help.

Eddie Webb Community Champion Aug 07, 2013

Just for sureness, change the

add_header 'Access-Control-Allow-Origin' 'git-rso.rapidsoft.de';

to

add_header 'Access-Control-Allow-Origin' '*';

Hi there,
thanks for that, well I have two Installations. One is my play field and the other one the production setup.
If you could please remove the posting with git-rso, that would be great.

I played around with the config a lot and copy pasted one version which was not the latest I tested, I actually it was like this:
server {
 
    listen       80;
    server_name  git.gosi.at;
 
    rewrite      ^ https://$server_name$request_uri? permanent;
 
}
 
server {
 
    listen       443 default ssl;
    server_name  git.gosi.at;
 
    ssl_certificate  ssl/gosi.pem;
    ssl_certificate_key  ssl/gosi.key;
 
    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:7990;
        port_in_redirect off;
        proxy_redirect http://127.0.0.1:7990/ http://git.gosi.at/;
        proxy_redirect https://127.0.0.1:7990/ https://git.gosi.at/;
 
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' 'git.gosi.at';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        }
    }
}

That didn t work. When I get back in the office, I will try with * as well!

I've had similar troubles with nginx as well and ended up resolving it by using apache/mod_ssl/mod_rewrite I think nginx does not rewrite headers properly in some cases, but I never was inclined to troubleshoot it to find out for sure.

If you use self-signed certificates or certificates issued by your own CA you have to trust them within the JRE running the Atlassian product(s).

Just take a look at:

https://confluence.atlassian.com/display/DOC/Connecting+to+LDAP+or+JIRA+or+Other+Services+via+SSL

Any other sugestions on this one? I am having the same occurence.

Suggest an answer

Log in or Join to answer
Community showcase
Sarah Schuster
Posted Jan 29, 2018 in Jira

What are common themes you've seen across successful & failed Jira Software implementations?

Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...

3,322 views 14 20
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot