Hi All,
Our jira instance accessible by our internal users and it can be accessed via intranet
Due this tight security setup, we couldn't integrate the third party application with our JIRA instance. example ...Smartsheet
So, now we have created the external public faced FQDN(DNS) and allowed particular API- IP address to access the instance.
So now we have two DNS, one for private user access and another for third party applications to access it.
If we configure both DNS separately its works.
Issue here is, how we can configure the two proxy name in server.xml configuration file? So that i can have one for internal users and another for third party integration without affecting anything?
Please advise
The application cannot know which proxy it is supposed to use, so there's nothing you can do here.
You are running it on one url though aren't you?
Hi @Nic Brough [Adaptavist],
I have JIRA application which is allowed to access inside my corporate network. When Third party application hits to JIRA, it won't get response since my URL can be access inside the network.
To overcome this issue, I have created another URL and allowed third party application to access it.
So now I have two urls, one for private access and another one for third party application access it but I am not sure how to configure the two domain in jira
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You don't. It runs on a single URL
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I know Atlassian must allow single base URL only. The second one I am going to use it for third party application integration not for users to access it.
Is that possible to configure to proxy in server.xml?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, because JIRA needs to run on one url. It has no way of knowing which proxy to use if you configure two.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Mathiyalagan ,
We are in similar situation.
We have external URL for integrating with external apps. We have allowed few external IP addresses to access the Jira instance with external URL.
And, internal url is used by internal users. Base URL is internal URL. Proxyname in server.xml is same as base URL.
However, this doesn't work for external integrations that are configured using application link (OAuth) (Eg: smartsheet jira integration as it requires external URL must match proxyname in server.xml).
We reached out to Atlassian and they said they don't support multiple proxynames and it might break. They mentioned different URLs can cause security checks to fail with OAuth or SAML, etc. Jira is not currently designed to support multiple URL endpoints. https://jira.atlassian.com/browse/JRASERVER-69185
Could you please let me know if you have faced any issues by configuring two different proxy name on 8080 and 8081 ?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You will find the non-base-url proxy has the wrong url, so it will fail. All links given out by Jira will be for the base-url and you'll have problems authenticating the other one, gadgets and reports may fail, people will be directed to the base url unexpectedly, and so-on.
I would remove your second proxy, it's not going to work properly.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
This is not related but looks like @Nic Brough -Adaptavist- knows a lot about this. Can we configure two diferent connectors on server.xml, one for HTTP and another one for HTTPS? I think this should users let access by using HTTP but will show them an error, as URL BASE can be only one of them, true?+
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can, but it will indeed break if anyone uses the url that is not the base url.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The only important tink for us is if rest api will still working on HTTP, as we know dashboards and some functionalities into jira will be broken accesing throgh HTTP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It won't. REST also breaks if you use the wrong base url, in places.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your help Nic!! You saved me from a lot of time of testing
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have achieved this by having two connector port in server.xml to handle this scenario. Configure 8080 and 8081 respectively for two different proxy name.
Allow one port for internal user and allow second port for third party integration. Please make sure you have tight security setup placed to make sure no data visibility for outside users.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That's incoming proxies, not what you asked about. It'll work, but only partially, as the base url is wrong on one of your proxies.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Nic. As I mentioned in my answer, I can access the JIRA instance using two different proxy names. Thanks for your time on this topic
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thing is, for incoming connections, you don't need to do anything in the Tomcat. You can have as many proxies forwarding to the Tomcat as you want. The changes you've made are utterly irrelevant to what you're doing.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Show up and give back by attending an Atlassian Community Event: we’ll donate $10 for every event attendee in March!
Join an Atlassian Community Event!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.