Jira Apache ajp proxy redirect to https Edited

Hi,

I have just finished configuring the apache AJP with an ssl certificate. I would now like to use Apache's rewrite/redirect engine to redirect our landing page to https. I have tried using the following:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

and also

Redirect permanent / https://help.example.org/

I've set my Jira base URL to https://help.example.org

My virtual hosts look like this

<VirtualHost *:80>

ServerName help.example.org
ProxyRequests Off
ProxyVia Off

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / ajp://help.example.org:8009/ retry=0
ProxyPassReverse / http://help.example.org:8009/

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Redirect permanent / https://help.example.org/


<VirtualHost _default_:443>

	ServerName help.example.org
 	ProxyRequests Off	
	ProxyVia Off
	
	 <Proxy *>
      Order deny,allow
       Allow from all
  </Proxy>
	SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3
	SSLCertificateFile "conf/ssl.crt/jira3.crt"
	#SSLCertificateFile "conf/ssl.crt/intermed.crt"
	SSLCertificateKeyFile "conf/ssl.key/jira.key"
	SSLCertificateChainFile "conf/ssl.crt/example_.pem"
	SSLProtocol all -SSLv2 
	SSLEngine on
        SSLProxyEngine on
	SSLVerifyClient optional
	SSLVerifyDepth 2
   	ProxyPreserveHost on	
	ProxyRequests           Off
	ProxyPreserveHost       On
	ProxyPass               /       ajp://help.example:8009/ retry=0
	ProxyPassReverse        /       http://help.exampleorg:8009/
	


</VirtualHost>

I have noticed that upon browsing to http://help.example.org automatically redierects to http://help.example.org/secure/dashboard.jspa . I think this is my problem, because my rewrite code is targeting a landing page of .org/ instead of secure/dashboard.jspa

I have tried a number of possible Rewrite Engine solutions and have not had any luck. Has anyone successfully set up a login page redirect?

 Thanks,

Jared

2 answers

1 accepted

1 vote

Hi Jared,

You should only use your Port 80 VirtualHost to forward requests to HTTPS. This way it forces all users to use HTTPS, and your JIRA base url must also be set to your HTTPS url.  I also added a port 8080 virtualhost to make sure old links are preserved and forwarded to the new URL when I moved from HTTP to HTTPS.

Here's some examples that worked for me:

httpd.conf (port 80 and 8080)

<VirtualHost *:80>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jirahostname.domain.com%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:8080>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://jirahostname.domain.com%{REQUEST_URI}
</VirtualHost>

ssl.conf (port 443)

<VirtualHost _default_:443>
ServerName jirahostname.domain.com:443

SSLCertificateFile /path/to/certfile
SSLCertificateKeyFile /path/to/keyfile
SSLCertificateChainFile /path/to/chainfile

<Proxy *>
Order deny,allow
Allow from all
</Proxy>

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / ajp://127.0.0.1:8009/
ProxyPassReverse / ajp://127.0.0.1:8009/
ProxyTimeout 600
RemoteIPHeader X-Forwarded-For

</VirtualHost>

 

Hi Josh,

Thanks so much for the response! I've just adjusted my vhost config and rebooted apache but still no luck. Thank you for the suggestion on using the *80 vhost just to forward, it makes sense.  

would you be able to show me what your tomcat connectors look like? Also, when I run config.bat the profile is set to https only, and the https port is listed as 8080, what should my config.bat's fields look like?

Having just (partially) sucessfully set this config up, I am still a bit undereducated on the subject, and still not fully confident that ive done it correctly. Thank you for any assistance you can provide.

Hi Jared,

I think you mean to look for /installdir/conf/server.xml? This is where the tomcat connectors are set up.

All I did for AJP was to uncomment the example listed there. I also have another connector where I use port 8081 as a back-door where I can get to JIRA bypassing the proxy if the need should arise.

Make sure your connector tags are not surrounded by <!-- and -->

 

server.xml:

        <Connector port="8081"

                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"

                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   bindOnInit="false"/>

              <Connector port="8009" redirectPort="8443" enableLookups="false" protocol="AJP/1.3" URIEncoding="UTF-8"/>

 

Josh Steckler Community Champion May 04, 2017

Also, I copied only some parts of my apache ssl.conf vhost, you should still use the SSLProtocol and SSLCipherSuite directives that I omitted.

Jared, I think this is standard behavior. It`s tomcat that redirects you to /secure/dashboard.jspa. 

Lars

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Published yesterday in Off-topic

Get to know our Atlassian User Group Leaders from Bengaluru, India

Meet @Dinesh Dhinakaran, @Vishnu Vasudeva, @Rajeev Verma, and Jamshid Nalakath: Our extraordinary AUG leaders from Bengaluru, India. These four work together to strengthen the bonds of their local co...

137 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you