Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

"Configuring Apache Reverse Proxy Using the AJP Protocol, " not working

ODED Transformational Technologies
ODED Transformational Technologies March 5, 2018

Dear Team,

I am trying to create SSL for the Atlassian applications through apache.

I have followed all the steps which were mentioned in the KB article

https://confluence.atlassian.com/adminjiraserver074/configuring-apache-reverse-proxy-using-the-ajp-protocol-881684070.html

still, it's not working.

when I use HTTPS to the URL its not loading.

Please advise me 

 

Many Thanks

IT- Admin

Answer
Watch
Like Be the first to like this
2727 views

4 answers

0 votes
JP _AC Bielefeld Leader_
JP _AC Bielefeld Leader_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 4, 2018

For convenience I post a stripped down configuration of our server:

First two files are Apache HTTPD configuration with mod_ajp. Third file is server.xml. We terminate SSL at the Apache HTTPD.

Jira is run on two ports: 8080 &8009

### File conf/extra/httpd-jk.conf

# Worker config
JkWorkersFile conf/extra/workers.properties
# Logging
JkLogFile logs/mod_jk.log
JkLogLevel warn
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
#JkRequestLogFormat "%w %V %T"
# JkOptions indicates to send SSL KEY SIZE
JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories +RejectUnsafeURI
JkEnvVar httpd yourservername
# Mount on all vhost and ssl
JkMountCopy All
# redirect tomcat errors to apache httpd

JkMount /jira jira;use_server_errors=500
JkMount /jira/* jira;use_server_errors=500

# Modul (Admin)
JkMount /jk-manage/* jk-manage
JkMount /jk-manage jk-manage

# Enable the JK manager access from localhost only
<Location /jk-manage >
 JkMount jk-manage
 Require ip 192.168
 Require ip 127
</Location>


### File conf/extra/workers.properties

# Global Settings
worker.maintain=30

# Default Settings

worker.basic.type=ajp13
worker.basic.socket_keepalive=true
worker.basic.ping_mode=A
worker.basic.ping_timeout=10000
worker.basic.connection_pool_timeout=120
worker.basic.recovery_options=7
worker.basic.lbfactor=1
worker.basic.max_packet_size=65536

worker.list=jira
worker.jira.host=ip.of.jira.server
worker.jira.port=8009
worker.jira.socket_timeout=300
worker.jira.socket_connect_timeout=300000
worker.jira.reference=worker.basic

# JK Manage Application

worker.list=jk-manage
worker.jk-manage.type=status


### server.xml

<?xml version="1.0" encoding="utf-8"?>
 
<Server port="8005" shutdown="SHUTDOWN">
 <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
 <!--APR library loader. Documentation at /docs/apr.html -->
 <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
 <!-- Prevent memory leaks due to use of particular java/javax APIs-->
 <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
 <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
 <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

 <Service name="Catalina">

 <Connector port="8080"

 maxThreads="150"
 minSpareThreads="25"
 connectionTimeout="20000"

 enableLookups="false"
 maxHttpHeaderSize="8192"
 protocol="HTTP/1.1"
 useBodyEncodingForURI="true"
 redirectPort="8443"
 acceptCount="100"
 disableUploadTimeout="true"
 bindOnInit="false"/>
 
 <Connector port="8009"
 minSpareThreads="10"
 maxThreads="200"
 address="your.jira.server.ip" 
 protocol="AJP/1.3"
 redirectPort="8444" 
 enableLookups="false"
 URIEncoding="UTF-8"
 maxPostSize="-1"
 packetSize="65536"/> 

 <Engine name="Catalina" defaultHost="your.server.name" jvmRoute="jira">
 
 <Host name="your.server.name" appBase="webapps" unpackWARs="true" autoDeploy="true">

 <Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

 <Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
 factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
 <Manager pathname=""/>
 <JarScanner scanManifest="false"/>
 
 </Context>

 </Host>

 <Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false"
 pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>

 </Engine>
 </Service>
</Server>
Reply
0 votes
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 3, 2018

@Patrick Kyne The serverl.xml has a line on ajp connectivity and the specific ajp port - uncomment it to enable it.

And on your apache ssl config file - add your ajp configurations specifying ajp port as it is in server.xml.

View More Comments
Patrick Kyne
Patrick Kyne April 4, 2018

I believe so and have my current configs here:

https://community.atlassian.com/t5/Jira-questions/Jira-Software-7-8-1-w-Apache-2-4-Reverse-Proxy-Errors/qaq-p/762699

Do they appear correct to you, or am I missing something?

Like
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 4, 2018

@Patrick Kyne Have you tried ;

 ProxyPass               /     ajp://127.0.0.1:8009/      instead ?

Like
Patrick Kyne
Patrick Kyne April 4, 2018

I have not tried that because I access Jira via a URL like https://myhost.mydomain.fqdn/jira

and believe the ProxyPass would need to be

ProxyPass  /jira ajp://127.0.0.1:8009/jira

Are you suggesting I add an additional ProxyPass line?

Like
Reply
0 votes
JanR
JanR March 16, 2018

You have to configure the connector to listen on the AJP port 8009. Are you using the mod_proxy or mod_ajp module on the Apache server?

I can asure you that Confluence, Jira, Bitbucket & Fisheye are working behind a single Apache server terminating SSL using AJP protocol.

View More Comments
Patrick Kyne
Patrick Kyne April 3, 2018

I also am having issues with the ajp protocol using mod_ajp in Apache 2.4 connecting to Jira 7.8.1 on the same linux host as Apache.

Would you be so kind as to post the requisite sections of a working vhost.conf and your server.xml files (obfuscated as necessary).

Thank you,

Patrick

Like
Patrick Kyne
Patrick Kyne April 4, 2018

I believe so and have my current configs here:

https://community.atlassian.com/t5/Jira-questions/Jira-Software-7-8-1-w-Apache-2-4-Reverse-Proxy-Errors/qaq-p/762699

Do they appear correct to you, or am I missing something?

Like
JP _AC Bielefeld Leader_
JP _AC Bielefeld Leader_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 4, 2018

We‘re using mod_ajp not mod_proxy_ajp, so I can‘t give you any advice on that config.

Like
Reply
0 votes
KellyW
KellyW
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 5, 2018

Hi Shirish,

 

Just a thought... did you add the following to the Tomcat connector:

scheme="https" proxyName="xx.xxx.xxx" proxyPort="443"

What's the error your are getting upon accessing the HTTPS link?

 

Regards,

Kelly 

View More Comments
ODED Transformational Technologies
ODED Transformational Technologies March 5, 2018

Dear @KellyW

Thanks for your reply

Please find the below screenshot

Tomcat Connector.JPG

When I access HTTPS

I am getting 

This site can’t be reached

Please advise me

 

Many Thanks

IT-Admin

Like
KellyW
KellyW
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
March 7, 2018

Hi Shirish,

 

JIRA application sits behind a reverse proxy may not know the URL scheme, hostname or port to connect to Tomcat.

 

Please ensure that the server can resolve the hostname 'ariadne.swiss'.

 

Regards,

Kelly

Like
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 7, 2018

Are your ProxyPass  and  ProxyPassReverse configured well to point to AJP Host and Port ?

Like
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 7, 2018

These should be mentioned in your SSL Config file - corresponding to what is on your server.xml file.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events