Just a heads up: On March 24, 2025, starting at 4:30pm CDT / 19:30 UTC, the site will be undergoing scheduled maintenance for a few hours. During this time, the site might be unavailable for a short while. Thanks for your patience.

×
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Configuring nginx as reverse proxy for Jira 7.10 with ssl

Sri Ved
Sri Ved June 12, 2018

My Jira instance is running on a machine with IP 192.168.1.41, on port 8080 with a redirect to port 8443 (jks configured with a valid wildcard cert). This setup was tested and all was well.

Then, I introduced nginx (on a different server, 192.168.2.12) to do reverse proxy. This listens on standard SSL port (also configured with a wildcard SSL certificate). But, when I try to access the site, the "Dashboard diagnostics: Mismatched URL Hostname" error shows up and my gadgets are not displayed. 

Can someone please help me configure the nginx and jira servers correctly?

Here are my current configs:

nginx:

server {
  listen 443;
  ssl on; 
  ssl_certificate /etc/ssl/certs/cert_chain.crt;
  ssl_certificate_key /etc/ssl/certs/wccert.key;
  server_name jira.ourdomain.com;
  charset utf-8;
  location /{
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass https://192.168.1.41:8443;
  } 
}

 

and, the relevant portions of server.xml in jira server:

<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
 maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
 acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
 proxyName="jira.ourdomain.com" proxyPort="443"/>


<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
 maxHttpHeaderSize="8192" SSLEnabled="true"
 maxThreads="150" minSpareThreads="25"
 enableLookups="false" disableUploadTimeout="true"
 acceptCount="100" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"
 keyAlias="tomcat" keystoreFile="/opt/atlassian/jira/certs/signedpcs12.jks" keystorePass='changeit' keystoreType="JKS" />

Base URL is setup as: https://jira.ourdomain.com

 

Answer
Watch
Like Be the first to like this
3474 views

1 answer

1 accepted

2 votes
Answer accepted
Marcos PS [DEISER]
Marcos PS [DEISER]
Contributor
June 13, 2018

Hi there Sri,

The proxy_pass must point to 8080 port instead of 8443, here you have some information about nginx integration.

Additionally, do you have imported the certificates to the Java's true-store?, you should run this command:

<JAVA_HOME>/bin/keytool -import -alias <server_name> -keystore <JAVA_HOME>/jre/lib/security/cacerts -file youtCertificate.crt

 The default password is "changeit"

Regards,

Marcos.

View More Comments
Vickey Palzor Lepcha
Vickey Palzor Lepcha
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 23, 2019

Agreed - and I think importing cert to JIRA keystore resolves the gadget display issue too.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, atlassian government cloud, fedramp, webinar, register for webinar, atlassian cloud webinar, fedramp moderate offering, work faster with cloud

Unlocking the future with Atlassian Government Cloud ☁️

Atlassian Government Cloud has achieved FedRAMP Authorization at the Moderate level! Join our webinar to learn how you can accelerate mission success and move work forward faster in cloud, all while ensuring your critical data is secure.

Register Now
AUG Leaders

Upcoming Jira Events