Reputation: 41
JIRA Server with SSL Behind Apache Reverse Proxy Not Working
I'm trying to get JIRA setup behind an Apache reverse proxy where the connection to Apache is via SSL and then the connection between Apache and JIRA is http.
i.e. Internet/Network <=https=> Apache <=http=> JIRASERVER
I'm using a self certified certificate created as described here Both Apache and JIRA are running on the same Windows 2008 R2 server. I've followed the instructions from Atlassian but it just doesn't seem to work, I've been looking around all over the Internet and not found a solution for my issue.
I can setup Apache without SSL and that seems to work fine
Config 1
Internet/Network <=http=> Apache <=http=> JIRASERVER
JIRA Setup Files
server.xml
<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true"
enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
proxyName="JIRASERVERNAME" proxyPort="80"/>
Apache Setup File
httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
ServerName JIRASERVERNAME
Include conf/extra/httpd-vhosts.conf
httpd-vhosts.conf
<VirtualHost *>
ServerName JIRASERVERNAME
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://JIRASERVERNAME:8080/
ProxyPassReverse / http://JIRASERVERNAME:8080/
</VirtualHost>
Type JIRASERVERNAME in a browser URL directs to JIRASERVERNAME/secure/Dashboard.jspa and works fine.
Config 2
However when I try and enable the SSL by changing the files as shown below (i.e. remove the setup for non-SSL and just use SSL) I get no response and am confused as to what's wrong.
JIRA Setup Files
server.xml
<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/>
Apache Setup Files
httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
ServerName JIRASERVERNAME
Include conf/extra/httpd-vhosts.conf
httpd-vhosts.conf
<VirtualHost *:443>
ServerName JIRASERVERNAME
SSLEngine On
SSLCertificateFile "C:\Program Files\Atlassian\JIRA\jre\server.crt"
SSLCertificateKeyFile "C:\Program Files\Atlassian\JIRA\jre\server.key"
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://JIRASERVERNAME:8080/
ProxyPassReverse / http://JIRASERVERNAME:8080/
</VirtualHost>
<VirtualHost *:80>
ServerName JIRASERVERNAME
Redirect / https://JIRASERVERNAME/
</VirtualHost>
Typing in JIRASERVERNAME redirects to the secure URL https://JIRASERVERNAME
But I get the response in Chrome "This web page is not available"
Can anyone help point out what I've done wrong please, I'd be very grateful
Upvotes: 0
Views: 3901
Answers (1)
Reputation: 41
I got it working, it was mainly because Apache wasn't listening on port 443, and I fixed this by including httpd-ssl.conf and then defining my VirtualHost in there.
So this is what I've ended up with
JIRA Setup Files
server.xml
<Service name="Catalina">
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false"
maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/>
Apache Setup File
httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
ServerName JIRASERVERNAME
Include conf/extra/httpd-vhosts.conf
Include conf/extra/httpd-ssl.conf
httpd-vhosts.conf
<VirtualHost *:80>
ServerName JIRASERVERNAME
Redirect / https://JIRASERVERNAME/
</VirtualHost>
httpd-ssl.conf
Listen 443 #This was already defined in here
<VirtualHost *:443>
ServerName JIRASERVERNAME
SSLEngine On
SSLCertificateFile "C:\Program Files\Atlassian\JIRA\jre\server.crt"
SSLCertificateKeyFile "C:\Program Files\Atlassian\JIRA\jre\server.key"
SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://JIRASERVERNAME:8080/
ProxyPassReverse / http://JIRASERVERNAME:8080/
</VirtualHost>
I also commented out any lines that were superseded by my VirtualHost config.
Upvotes: 2
Related Questions
- 404 error while connecting to Jira server using java
- Running jira behind an apache: what is the proxyName configuration for?
- Getting a blank file when accessing JIRA on SSL
- Proxying Jira with Apache results in broken Pages
- Tomcat behind an apache proxy error on path
- Unable to connect to JIRA over HTTPS server using the Perl JIRA::Client::Automated
- Apache Reverse Proxy With SSL
- Jira behind Apache https proxy redirect
- Jira behind Apache SSL proxy on CentOS
- Jira Rest Java Client: missing ApacheHttpClientConfig from Jersey