Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Where is the error in my jira proxy to nginx for Certbot ssl ?

Bearcat M_ Şándor
Bearcat M_ Şándor
Contributor
August 20, 2020

server.xml file: https://gist.github.com/bearcatsandor/c056044ad9993d1bfcb8af8b283f666e

nginx vhost file: https://gist.github.com/bearcatsandor/c67848be559ef5267efb580ca826ce6f

ngnx main config: 

https://gist.github.com/bearcatsandor/bc08522d81fcdf19037ffa2a3f278dd8

(gist links to reduce clutter)

 I've been trying and giving up on https://confluence.atlassian.com/jirakb/configure-jira-server-to-run-behind-a-nginx-reverse-proxy-426115340.html for about year.  I have certbot serving the certificates, but when i try to connect to  https://agility.felinesoulsystems.net:8081/  I get "agility.felinesoulsystems.net sent an invalid response. ERR_SSL_PROTOCOL_ERROR"

As you can see, by the comments that Certbot liberally applies, Certbot made a lot of changes to my nginx server file, but I don't see any glaring errors in that.

There are two things that confuse me here:

1) On the atlassian page referenced above, it states that one should use the second nginx example for ssl, but it doesn't include any of the location directives. Why?

2) A similar question was asked  and the accepted answer was:

In server.xml, you will need to include only the below parameter

scheme="https" proxyName="jira.example.com" proxyPort="443"

Does that mean that server.xml should only include that line, and tomcat/jira applies the rest of the xml recipies based on those parameters, or that it's the only thing in a particular section. If the latter, which section?

 

Thank you all in advance for any help given. I'm in a bit of a panic, as my university work goes full steam next week and i use Jira to track my life.  I had Jira working just fine for localhost before all this, but i need to access it remotely via ssh.  I'd love to have this worked out in the next 3 days.

Answer
Watch
Like Be the first to like this
1166 views

2 answers

1 accepted

0 votes
Answer accepted
Bearcat M_ Şándor
Bearcat M_ Şándor
Contributor
October 20, 2020

Thank you again for the help. Atlassian has announced the discontinuation of their self-hosted server products, so I've moved to the cloud anyhow.

Reply
0 votes
Daniel Eads
Daniel Eads
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
August 24, 2020

Hi @Bearcat M_ Şándor !

Quick and easy answer - nginx isn't configured to point at Jira with your current setup. Remove line 3 from your nginx vhost file (don't redirect https requests in a circle) and add this:

## Proxy configuration
    location / {
  # By default, JIRA serves on 8080 but in your instance, you've got the HTTPS connector on 8081
        proxy_pass          http://localhost:8081;
        proxy_set_header    X-Forwarded-Host $host;
        proxy_set_header    X-Forwarded-Server $host;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_redirect      off;
  # If you want to accept attachments larger than 10mb, update the following line
  client_max_body_size 10M;
        proxy_connect_timeout 30s;

  # The read timeout is the primary "how long will I see a white screen before I get an 500 error message from nginx" - see these values:
  # Application restart - set to 5s    (will show people an error message sooner instead of an eternally-loading whitescreen)
  # Normal operation - 60s
  # If you need to use the Integrity Checker - 500s       
        proxy_read_timeout 60s;

    }

You'll also want to ensure the base URL in Jira is configured to https://<yourdomain.com> - if it's not https in the protocol, Jira will write the internal links incorrectly. Reload nginx, and restart Jira for the changes to take effect.

 

For more context:

  • The top and bottom connectors you see out of your active ones in your server.xml file are really extra. You're doing your serving to nginx with the one on lines 88-90.
  • The protocol error you get in your browser when trying to access http://...:8081 is because Jira is serving that address on HTTP, but your browser is trying to connect as HTTPS. nginx is doing the SSL termination, so you should only be accessing on port 443 in that configuration (which means you can just use https://yourdomain - without specifying a port)
  • Your vhost configuration didn't include any information for how nginx was supposed to proxy requests on to Jira - that's why you'd just get a spinning wheel or no connection at all when trying to access https://yourdomain (with no port specification).

Give that a shot and let me know how things go!

Cheers,
Daniel

View More Comments
Bearcat M_ Şándor
Bearcat M_ Şándor
Contributor
August 27, 2020

Wow! Thank you so much for the informative answer!  I'll make the changes when I get home this afternoon and report.  

The only thing that makes me apprehensive is changing the base URL in Jira. If there is an error there, I may not be able to get back in to fix it (though it's probably in my database somewhere)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.