server.xml file: https://gist.github.com/bearcatsandor/c056044ad9993d1bfcb8af8b283f666e
nginx vhost file: https://gist.github.com/bearcatsandor/c67848be559ef5267efb580ca826ce6f
ngnx main config:
https://gist.github.com/bearcatsandor/bc08522d81fcdf19037ffa2a3f278dd8
(gist links to reduce clutter)
I've been trying and giving up on https://confluence.atlassian.com/jirakb/configure-jira-server-to-run-behind-a-nginx-reverse-proxy-426115340.html for about year. I have certbot serving the certificates, but when i try to connect to https://agility.felinesoulsystems.net:8081/ I get "agility.felinesoulsystems.net sent an invalid response. ERR_SSL_PROTOCOL_ERROR"
As you can see, by the comments that Certbot liberally applies, Certbot made a lot of changes to my nginx server file, but I don't see any glaring errors in that.
There are two things that confuse me here:
1) On the atlassian page referenced above, it states that one should use the second nginx example for ssl, but it doesn't include any of the location directives. Why?
2) A similar question was asked and the accepted answer was:
In server.xml, you will need to include only the below parameter
scheme="https" proxyName="jira.example.com" proxyPort="443"
Does that mean that server.xml should only include that line, and tomcat/jira applies the rest of the xml recipies based on those parameters, or that it's the only thing in a particular section. If the latter, which section?
Thank you all in advance for any help given. I'm in a bit of a panic, as my university work goes full steam next week and i use Jira to track my life. I had Jira working just fine for localhost before all this, but i need to access it remotely via ssh. I'd love to have this worked out in the next 3 days.
Thank you again for the help. Atlassian has announced the discontinuation of their self-hosted server products, so I've moved to the cloud anyhow.
Hi @Bearcat M. Şándor !
Quick and easy answer - nginx isn't configured to point at Jira with your current setup. Remove line 3 from your nginx vhost file (don't redirect https requests in a circle) and add this:
## Proxy configuration
    location / {
  # By default, JIRA serves on 8080 but in your instance, you've got the HTTPS connector on 8081
        proxy_pass          http://localhost:8081;
        proxy_set_header    X-Forwarded-Host $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_redirect      off;
  # If you want to accept attachments larger than 10mb, update the following line
  client_max_body_size 10M;
        proxy_connect_timeout 30s;
  # The read timeout is the primary "how long will I see a white screen before I get an 500 error message from nginx" - see these values:
  # Application restart - set to 5s    (will show people an error message sooner instead of an eternally-loading whitescreen)
  # Normal operation - 60s
  # If you need to use the Integrity Checker - 500s       
        proxy_read_timeout 60s;
    }
You'll also want to ensure the base URL in Jira is configured to https://<yourdomain.com> - if it's not https in the protocol, Jira will write the internal links incorrectly. Reload nginx, and restart Jira for the changes to take effect.
For more context:
Give that a shot and let me know how things go!
Cheers,
Daniel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Wow! Thank you so much for the informative answer! I'll make the changes when I get home this afternoon and report.
The only thing that makes me apprehensive is changing the base URL in Jira. If there is an error there, I may not be able to get back in to fix it (though it's probably in my database somewhere)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
 
 
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.