Reputation: 41
I'm trying to get JIRA setup behind an Apache reverse proxy where the connection to Apache is via SSL and then the connection between Apache and JIRA is http.
i.e. Internet/Network <=https=> Apache <=http=> JIRASERVER
I'm using a self certified certificate created as described here Both Apache and JIRA are running on the same Windows 2008 R2 server. I've followed the instructions from Atlassian but it just doesn't seem to work, I've been looking around all over the Internet and not found a solution for my issue.
I can setup Apache without SSL and that seems to work fine
Config 1
Internet/Network <=http=> Apache <=http=> JIRASERVER
JIRA Setup Files
server.xml
<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"
enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
proxyName="JIRASERVERNAME" proxyPort="80"/>
Apache Setup File
httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ServerName JIRASERVERNAME
Include conf/extra/httpd-vhosts.conf
httpd-vhosts.conf
<VirtualHost *>
ServerName JIRASERVERNAME
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://JIRASERVERNAME:8080/
ProxyPassReverse / http://JIRASERVERNAME:8080/
</VirtualHost>
Type JIRASERVERNAME in a browser URL directs to JIRASERVERNAME/secure/Dashboard.jspa and works fine.
Config 2
However when I try and enable the SSL by changing the files as shown below (i.e. remove the setup for non-SSL and just use SSL) I get no response and am confused as to what's wrong.
JIRA Setup Files
server.xml
<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/>
Apache Setup Files
httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
ServerName JIRASERVERNAME
Include conf/extra/httpd-vhosts.conf
httpd-vhosts.conf
<VirtualHost *:443>
ServerName JIRASERVERNAME
SSLEngine On
SSLCertificateFile "C:\Program Files\Atlassian\JIRA\jre\server.crt"
SSLCertificateKeyFile "C:\Program Files\Atlassian\JIRA\jre\server.key"
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://JIRASERVERNAME:8080/
ProxyPassReverse / http://JIRASERVERNAME:8080/
</VirtualHost>
<VirtualHost *:80>
ServerName JIRASERVERNAME
Redirect / https://JIRASERVERNAME/
</VirtualHost>
Typing in JIRASERVERNAME redirects to the secure URL https://JIRASERVERNAME
But I get the response in Chrome "This web page is not available"
Can anyone help point out what I've done wrong please, I'd be very grateful
Upvotes: 0
Views: 3901
Reputation: 41
I got it working, it was mainly because Apache wasn't listening on port 443, and I fixed this by including httpd-ssl.conf and then defining my VirtualHost in there.
So this is what I've ended up with
JIRA Setup Files
server.xml
<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/>
Apache Setup File
httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
ServerName JIRASERVERNAME
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf
httpd-vhosts.conf
<VirtualHost *:80>
ServerName JIRASERVERNAME
Redirect / https://JIRASERVERNAME/
</VirtualHost>
httpd-ssl.conf
Listen 443 #This was already defined in here
<VirtualHost *:443>
ServerName JIRASERVERNAME
SSLEngine On
SSLCertificateFile "C:\Program Files\Atlassian\JIRA\jre\server.crt"
SSLCertificateKeyFile "C:\Program Files\Atlassian\JIRA\jre\server.key"
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://JIRASERVERNAME:8080/
ProxyPassReverse / http://JIRASERVERNAME:8080/
</VirtualHost>
I also commented out any lines that were superseded by my VirtualHost config.
Upvotes: 2