Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Did support for Apache AJP/1.3 proxy support get dropped with version 8.11.0 of Jira ?

Theodore Knab
Theodore Knab September 4, 2020

It appears the Apache AJP/1.3 proxy stops working with the 8.11.0 Jira Software upgrade on Centos7. Anyone else have this issue ? 

I ran the following upgrades successfully prior to 8.11.0.

* Jira updates 8.8.1 to 8.10.0 - no issues

* Jira upgrade 8.10.0 to 8.10.1 - no issues

* Jira upgrade from 8.10.1 or 8.10.0 to 8.11.0 - Proxy dies. 

 

Here was the Apache error I saw: 

[Fri Aug 28 08:40:21.976570 2020] [proxy_ajp:error] [pid 124553:tid 140387455579904] [client 10.128.144.8:59481] AH00896: failed to make connection to backend: localhost, referer: https://jira-dev.example.net/secure/Dashboard.jspa
[Fri Aug 28 08:52:21.639798 2020] [proxy:error] [pid 124553:tid 140387455579904] (111)Connection refused: AH00957: AJP: attempt to connect to 127.0.0.1:8009 (localhost) failed

Jira still works on port 8080, but the AJP proxy just died.

As a work around, I had to switch to a different proxy to get Apache to work with Jira.

Here is how I did that if anyone is interested.

https://github.com/zeekus/textfiles/blob/master/jira_proxy_change.md

Answer
Watch
Like Bob Griffin likes this
4438 views

1 answer

1 accepted

1 vote
Answer accepted
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 4, 2020

Hi Theodore, thanks for sharing the steps you took to switch proxy connectors!

While 8.11.0 contains a patched version of Tomcat (the underlying Java application server), versions of Jira prior to that relied on Tomcat versions that were affected by CVE-2020-1938 (known as "ghostcat") that could affect AJP connections. For those versions of Jira, we recommended avoiding AJP connections to mitigate the CVE.

Moreover, we've mostly seen that the NIO connector provides the same or better performance than the AJP connector, and can be more flexible as you can swap out Apache for nginx or another proxy if you wish.

Thanks for the post, as I'm sure the discussion will help others who may be thinking about changing connectors.

Cheers,
Daniel

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security