Broken SSL

Hi @Dirk Ronsmans 

here is my server.xml file. can you tell me if something is getting in the way?

<?xml version="1.0" encoding="UTF-8"?>

<!--Licensed to the Apache Software Foundation (ASF) under one or morecontributor license agreements. See the NOTICE file distributed withthis work for additional information regarding copyright ownership.The ASF licenses this file to You under the Apache License, Version 2.0(the "License"); you may not use this file except in compliance withthe License. You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License. -->

-<Server shutdown="SHUTDOWN" port="8005">

<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>

<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>

<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>

<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

-<Service name="Catalina">

<!--==============================================================================================================DEFAULT - Direct connector with no proxy for unproxied access to Jira.If using a http/https proxy, comment out this connector.============================================================================================================== -->

<!-- Relaxing chars because of JRASERVER-67974 -->

<Connector port="8080" bindOnInit="false" disableUploadTimeout="true" acceptCount="100" redirectPort="8443" useBodyEncodingForURI="true" protocol="HTTP/1.1" maxHttpHeaderSize="8192" enableLookups="false" connectionTimeout="20000" minSpareThreads="25" maxThreads="150" relaxedQueryChars="[]|{}^\`"<>" relaxedPathChars="[]|"/>

<!--==============================================================================================================HTTP - Proxying Jira via Apache or Nginx over HTTPIf you're proxying traffic to Jira over HTTP, uncomment the below connector and comment out the others.Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.See the following for more information:Apache - https://confluence.atlassian.com/x/4xQLMnginx - https://confluence.atlassian.com/x/DAFmGQ============================================================================================================== -->

<!-- <Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"acceptCount="100" disableUploadTimeout="true" bindOnInit="false" scheme="http"proxyName="wfdservicedesk.goodrich.root.local" proxyPort="80"/> -->

<!--==============================================================================================================HTTPS - Proxying Jira via Apache or Nginx over HTTPSIf you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.See the following for more information:Apache - https://confluence.atlassian.com/x/PTT3MQnginx - https://confluence.atlassian.com/x/DAFmGQ============================================================================================================== -->

<Connector port="8080" bindOnInit="false" disableUploadTimeout="true" acceptCount="100" redirectPort="8443" useBodyEncodingForURI="true" protocol="HTTP/1.1" maxHttpHeaderSize="8192" enableLookups="false" connectionTimeout="20000" minSpareThreads="25" maxThreads="150" relaxedQueryChars="[]|{}^\`"<>" relaxedPathChars="[]|" proxyPort="443" proxyName="wfddevsd01.goodrich.root.local" scheme="https" secure="true"/>
-->
<!--==============================================================================================================AJP - Proxying Jira via Apache over HTTP or HTTPSIf you're proxying traffic to Jira using the AJP protocol, uncomment the following connector lineSee the following for more information:Apache - https://confluence.atlassian.com/x/QiJ9MQ============================================================================================================== -->

<!--<Connector port="8009" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3"/> -->

-<Engine name="Catalina" defaultHost="localhost">

-<Host name="localhost" autoDeploy="true" unpackWARs="true" appBase="webapps">

-<Context useHttpOnly="true" reloadable="false" docBase="${catalina.home}/atlassian-jira" path="">

<Resource name="UserTransaction" jotm.timeout="60" factory="org.objectweb.jotm.UserTransactionFactory" type="javax.transaction.UserTransaction" auth="Container"/>

<Manager pathname=""/>

<JarScanner scanManifest="false"/>

<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120"/>

</Context>

</Host>

<Valve className="org.apache.catalina.valves.AccessLogValve" pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/>

</Engine>

</Service>

</Server>

Hi Dirk.

I have the HTTPS - Proxying Jira via Apache or Nginx over HTTPS connector enabled. I dont see any others enabled

And I assume you also modified the connector to suit your domainname/ports?

You also only mention the customer portal, so I guess the rest (agent side) is ok?

yes I've modified it to reflect my domain name and ports. I would post the configuration here but every time i do the system strips it. I dont know what you mean by customer portal. 

okay I got it partially working by modifying the base url. but some functionality like the avatars and images to issues and the activity stream isnt working.

the customer portal is the portal where a customer would go to create a ticket :)

I still feel like your server.xml is failing somehow. Do you see anything in the atlassian-jira.log on your server? Something about the PKIX build path failing? (cause that would indicate SSL issues)

let me look. can you point me in the direction of where that log file would be? forgive me I'm relatively new to linux as well

Hey @Shannon Harvey ,

That server.xml seems to have 2 connectors enabled (if my eyes don't trick me).

You have the default one enabled (first one) and the HTTPS proxy one.

Can you disable the first one by adding <!-- at the beginning and --> at the end of the first one (line above it and line below it should be fine) and then restart your service.

As you have both a HTTP one and HTTPS one enabled JIRA tries the HTTP one by default and then it messes up as your scheme is https in JIRA.

@Dirk Ronsmans that was the solution, I disabled the HTTP connector and everything works as expected. 

Thank you,

Shannon

Thank you, can you point me to a specific part of the documentation i should be focusing on as I think I've already done all of this. Also we disabled the Base URL so i dont think that's required. 

You can have a look here to get more details about the server.xml configuration : https://confluence.atlassian.com/adminjiraserver073/integrating-jira-with-apache-using-ssl-861253896.html#IntegratingJIRAwithApacheusingSSL-Step1:ConfigureTomcat

I'm not sure what you're saying about disabling the Base URL : this is a parameter that is needed to get Jira working.