Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

nginx serving jira and stash

Daniel Urstöger
Daniel Urstöger August 5, 2013

Hi guys,

I run jira and stash on the same server and use nginx as a proxy for SSL support. Every instance for itself works perfectly, but when I try to link jira with stash via "Application Link" I get an error: The host doesn't respond. Change the URL or click Next to confirm.

Parsing through the web browsers error log I found that the problem seems to be that nginx doesn t support http OPTIONS. Which seems to break this specific feature.

I googled and I found this work around:

error_page 405 =200 @405;
location @405 {
root /;
proxy_pass http://127.0.0.1:8080;
 }

Which didn t help in my case. So I wonder what would be the proper way to make jira and stash work completly behind nginx?

Thanks!

Kind regards,
Daniel

PS: here is the complete config file:

server {

    listen       80;
    server_name  jira.gosi.at;

    rewrite      ^ https://$server_name$request_uri? permanent;

}

server {

    listen       443 ssl;
    server_name  jira.gosi.at;

    ssl_certificate  ssl/gosi.pem;
    ssl_certificate_key  ssl/gosi.key;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8080;
        port_in_redirect off;
        proxy_redirect http://127.0.0.1:8080/ http://jira.gosi.at/;
        proxy_redirect https://127.0.0.1:8080/ https://jira.gosi.at/;
    }

    error_page 405 =200 @405;
    location @405 {
        root /;
        proxy_pass http://127.0.0.1:8080;
    }

}

Answer
Watch
Like Be the first to like this
721 views

4 answers

0 votes
mfentross
mfentross July 9, 2014

Any other sugestions on this one? I am having the same occurence.

Reply
0 votes
Sebastian Knoche
Sebastian Knoche October 20, 2013

If you use self-signed certificates or certificates issued by your own CA you have to trust them within the JRE running the Atlassian product(s).

Just take a look at:

https://confluence.atlassian.com/display/DOC/Connecting+to+LDAP+or+JIRA+or+Other+Services+via+SSL

Reply
0 votes
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 7, 2013

I've had similar troubles with nginx as well and ended up resolving it by using apache/mod_ssl/mod_rewrite I think nginx does not rewrite headers properly in some cases, but I never was inclined to troubleshoot it to find out for sure.

Reply
0 votes
EddieW
EddieW
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 5, 2013

I am not sure that fix will work as you hope.

Have you tried the resolutions to enabled

if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' 'YOURDOMAIN';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
View More Comments
Daniel Urstöger
Daniel Urstöger August 5, 2013

Thanks for your input, I change the config to this:

server {

    listen       80;
    server_name  git.gosi.at;

    rewrite      ^ https://$server_name$request_uri? permanent;

}

server {

    listen       443 default ssl;
    server_name  git.gosi.at;

    ssl_certificate  ssl/gosi.pem;
    ssl_certificate_key  ssl/gosi.key;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:7990;
        port_in_redirect off;
        proxy_redirect http://127.0.0.1:7990/ http://git.gosi.at/;
        proxy_redirect https://127.0.0.1:7990/ https://git.gosi.at/;

        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' 'git-rso.rapidsoft.de';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        }
    }
}

For both the Stash and Jira config, sadly this didn t help.

Like
EddieW
EddieW
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 7, 2013

Just for sureness, change the

add_header 'Access-Control-Allow-Origin' 'git-rso.rapidsoft.de';

to

add_header 'Access-Control-Allow-Origin' '*';

Like
Daniel Urstöger
Daniel Urstöger August 7, 2013
Hi there,
thanks for that, well I have two Installations. One is my play field and the other one the production setup.
If you could please remove the posting with git-rso, that would be great.

I played around with the config a lot and copy pasted one version which was not the latest I tested, I actually it was like this:
server {
 
    listen       80;
    server_name  git.gosi.at;
 
    rewrite      ^ https://$server_name$request_uri? permanent;
 
}
 
server {
 
    listen       443 default ssl;
    server_name  git.gosi.at;
 
    ssl_certificate  ssl/gosi.pem;
    ssl_certificate_key  ssl/gosi.key;
 
    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:7990;
        port_in_redirect off;
        proxy_redirect http://127.0.0.1:7990/ http://git.gosi.at/;
        proxy_redirect https://127.0.0.1:7990/ https://git.gosi.at/;
 
        if ($request_method = 'OPTIONS') {
            add_header 'Access-Control-Allow-Origin' 'git.gosi.at';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
        }
    }
}

That didn t work. When I get back in the office, I will try with * as well!
Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events