Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Proxying Jira with (HTTPS) does only server landing page

Peter Pan
Peter Pan June 19, 2018

Hello everybody,

I have just read a lot about the topic how to proxy HTTPS connections for jira by nginx and I already tried severl configurations and howtos, but none of it worked well or solved my problem.

Last howto I tried was this one by https://community.atlassian.com/t5/Jira-questions/nginx-and-JIRA-issue/qaq-p/686177 Daniel, but it does not solve my problem.

 

So what is the problem?

I configured Jira and I installed nginx as the HTTPS proxy and when I open https://jira.mydomain.de I get redirected to the jira landing page and everything is fine. But when I try to log in no further page will be loaded, so I just get blank white pages with no content ...

I also looked into the nginx access.log that contains the following:

192.168.1.75 - - [19/Jun/2018:14:52:08 +0200] "GET /s/d41d8cd98f00b204e9800998ecf8427e-T/-w6b5iw/710002/42459d577c434b971cf7bb38eef82ae2/57311abb261742443345698cfbb4007d/_/download/contextbatch/js/browser-metrics-plugin.contrib,-_super,-atl.dashboard,-atl.general/batch.js?agile_global_admin_condition=true&baseurl-check-resources=true&healthcheck-resources=true&is-server-instance=true&is-system-admin=true&jag=true&jaguser=true&nps-acknowledged=true&nps-not-opted-out=true&spectrum=true HTTP/2.0" 200 7588 "https://jira.mydomain.de/secure/Dashboard.jspa" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
192.168.1.75 - - [19/Jun/2018:14:52:08 +0200] "POST /rest/webResources/1.0/resources HTTP/2.0" 200 417 "https://jira.mydomain.de/secure/Dashboard.jspa" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"
192.168.1.75 - - [19/Jun/2018:14:53:03 +0200] "GET /secure/Dashboard.jspa HTTP/2.0" 200 5620 "https://jira.mydomain.de/secure/Dashboard.jspa" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36"

Another look into jira access.log shows this:

127.0.0.1 892x49x3 - [19/Jun/2018:14:52:08 +0200] "GET /s/af4d52f1c922cbb0d6a260a133223e1e-CDN/-w6b5iw/710002/42459d577c434b971cf7bb38eef82ae2/f50921851e0d2f1a62c3a92e8b4bb42e/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&baseurl-check-resources=true&healthcheck-resources=true&is-server-instance=true&is-system-admin=true&jag=true&jaguser=true&nps-acknowledged=true&nps-not-opted-out=true&spectrum=true HTTP/1.0" 200 98378 5100 "https://jira.mydomain.de/secure/Dashboard.jspa" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "17sr3x2"
127.0.0.1 892x65x2 user.name [19/Jun/2018:14:52:08 +0200] "POST /rest/webResources/1.0/resources HTTP/1.0" 200 474 25 "https://jira.mydomain.de/secure/Dashboard.jspa" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "17sr3x2"
127.0.0.1 892x66x2 - [19/Jun/2018:14:52:08 +0200] "GET /s/d41d8cd98f00b204e9800998ecf8427e-T/-w6b5iw/710002/42459d577c434b971cf7bb38eef82ae2/57311abb261742443345698cfbb4007d/_/download/contextbatch/js/browser-metrics-plugin.contrib,-_super,-atl.dashboard,-atl.general/batch.js?agile_global_admin_condition=true&baseurl-check-resources=true&healthcheck-resources=true&is-server-instance=true&is-system-admin=true&jag=true&jaguser=true&nps-acknowledged=true&nps-not-opted-out=true&spectrum=true HTTP/1.0" 200 7181 8 "https://jira.mydomain.de/secure/Dashboard.jspa" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "17sr3x2"
127.0.0.1 892x67x3 user.name [19/Jun/2018:14:52:08 +0200] "POST /rest/webResources/1.0/resources HTTP/1.0" 200 70 31 "https://jira.mydomain.de/secure/Dashboard.jspa" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36" "17sr3x2"

So these are the logs, but how is the configuration?

Tomcat's server.xml contains this connector only:

 <Connector port="8080"
            address="localhost"
            maxThreads="150"
            minSpareThreads="25"
            connectionTimeout="20000"
            enableLookups="false"
            maxHttpHeaderSize="8192"
            protocol="HTTP/1.1"
            useBodyEncodingForURI="true"
            redirectPort="8443"
            acceptCount="100"
            disableUploadTimeout="true"
            bindOnInit="false"
            scheme="https"
            proxyName="jira.mydomain.de"
            proxyPort="443"
 />

I already tried with different connectors, even a configuration found in a description, containing three different connectors, one for standard, one for HTTP proxy and one for the HTTPS proxy. But the all beahve nearly the same ...

And Nginx's default configuration for available sites contains this:

upstream jira {
  server localhost:8080 fail_timeout=0;
}

server {
  listen 443 ssl http2;
  server_name localhost;

  ssl_certificate /etc/ssl/certs/jira-selfsigned.crt;
  ssl_certificate_key /etc/ssl/private/jira-selfsigned.key;

  location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
    proxy_connect_timeout 30s;

    proxy_pass http://localhost:8080;

    client_max_body_size 50M;
  }
}

server {
  listen 80 default_server;
  server_name jira.mydomain.de;

  return 301 https://$server_name$request_uri;
}

 

So everybody ... where is my configuration fault? Is there any? What is wrong?

I do not know any answers anymore, as I already tried several different configuration examples that work with oder within other peoples environment.

I also had a look to very general descriptions for proxying any Tomcat application with Nginx HTTPS proxy, but did not get a working solution anyway ...

 

Please help!

Thanks a lot!

Alex

Answer
Watch
Like Be the first to like this
1290 views

2 answers

1 accepted

0 votes
Answer accepted
Peter Pan
Peter Pan June 20, 2018

Hi Morosystems Support and thank you for your reply!


I already tried Nginx configurations that do not lste to localhost but the real FQDn but that didn't matter anyhow and always behaved the same.

But I solved the problem!! :D
It was a problem with SSL certificate trust in JAVA!
First I replaced the self-signed certificate that was quickly added for first configuration of the test-machine by our wildcard certificate and after that I had to add this certificate to the JAVA key store with the following command:

<JAVA_PATH>/bin/keytool -import -alias jira.mydomain.de -keystore <JAVA_PATH>/lib/security/cacerts -file public.crt

This causes tomcat to trust the certificate and nearly everything works fine from this point.
I hope this solution is helpful to others as well!

Reply
0 votes
MoroSystems Support
MoroSystems Support
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 20, 2018

Hi Alex,

Why are you listening server_name localhost in 443?

Can you try this configuration?

You should create a folder for index /var/www/jira.mydomain.de.

server {
 listen 80;
 server_name jira.mydomain.de;
 return 301 https://$host$request_uri;
}

server {
 listen 443 ssl http2;
 server_name jira.mydomain.de;


 ssl on;
 ssl_certificate /etc/ssl/certs/jira-selfsigned.crt;
 ssl_certificate_key /etc/ssl/private/jira-selfsigned.key;

 root /var/www/jira.mydomain.de;
 index index.html index.jsp;



 location / {
 client_max_body_size 50M;
 proxy_pass http://localhost:8080;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header Host $http_host;
 }

}

 

Have a nice day

Morosystems Support

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security