Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Configuring nginx as reverse proxy for Jira 7.10 with ssl

Sri Ved
Sri Ved June 12, 2018

My Jira instance is running on a machine with IP 192.168.1.41, on port 8080 with a redirect to port 8443 (jks configured with a valid wildcard cert). This setup was tested and all was well.

Then, I introduced nginx (on a different server, 192.168.2.12) to do reverse proxy. This listens on standard SSL port (also configured with a wildcard SSL certificate). But, when I try to access the site, the "Dashboard diagnostics: Mismatched URL Hostname" error shows up and my gadgets are not displayed. 

Can someone please help me configure the nginx and jira servers correctly?

Here are my current configs:

nginx:

server {
  listen 443;
  ssl on; 
  ssl_certificate /etc/ssl/certs/cert_chain.crt;
  ssl_certificate_key /etc/ssl/certs/wccert.key;
  server_name jira.ourdomain.com;
  charset utf-8;
  location /{
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass https://192.168.1.41:8443;
  } 
}

 

and, the relevant portions of server.xml in jira server:

<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
 maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
 acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
 proxyName="jira.ourdomain.com" proxyPort="443"/>


<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxHttpHeaderSize="8192" SSLEnabled="true"
 maxThreads="150" minSpareThreads="25"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"
 keyAlias="tomcat" keystoreFile="/opt/atlassian/jira/certs/signedpcs12.jks" keystorePass='changeit' keystoreType="JKS" />

Base URL is setup as: https://jira.ourdomain.com

 

Answer
Watch
Like Be the first to like this
3510 views

1 answer

1 accepted

2 votes
Answer accepted
Marcos PS [DEISER]
Marcos PS [DEISER]
Contributor
June 13, 2018

Hi there Sri,

The proxy_pass must point to 8080 port instead of 8443, here you have some information about nginx integration.

Additionally, do you have imported the certificates to the Java's true-store?, you should run this command:

<JAVA_HOME>/bin/keytool -import -alias <server_name> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file youtCertificate.crt

 The default password is "changeit"

Regards,

Marcos.

View More Comments
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 23, 2019

Agreed - and I think importing cert to JIRA keystore resolves the gadget display issue too.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.