Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Configuring F5 load balancer with Jira SSL

Polybio Fernandes
Polybio Fernandes June 11, 2019

I am trying to use an F5 load balancer with an SSL certificate that is configured on F5 (BIG / IP).

I am not balancing the load of JIRA, it will only be a single server behind a single VIP.

I'm just trying to avoid installing an SSL certificate directly on the Jira server that was installed in the http://jiradev.test.com:8080 standard and I want through the F5 that the certificate is installed to be access through https: // jiradev.test.com
The following is the configuration of "server.xml"

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" />

I would like the procedure to be performed in the jira so that the access is in https without having to install the certificate in Jira and yes only in F5.

Answer
Watch
Like Be the first to like this
4369 views

3 answers

1 accepted

0 votes
Answer accepted
Shankar Asam {Appfire}
Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 12, 2019

Hi,

The procedure is, install SSL certs on F5 and then modify server.xml of JIRA to include  schemeproxyName & proxyPort attributes. Replace them with the appropriate domain and port of the proxy, as in the below example,

<!-- Apache Proxy Connector with values for scheme, proxyName and proxyPort -->
        <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true" 
            scheme="https" proxyName="jira.atlassian.com" proxyPort="443"/> 

Then restart JIRA. 

Typically, proxyName value would be the JIRA's URL that is pointing to VIP in F5

 

Thanks

Shankar

View More Comments
Polybio Fernandes
Polybio Fernandes June 12, 2019

Hello Shankar!

The setting that you indicated to me right.
I just did comment the default server.xml block and enabled the HTTPS block informing the domain of the certificate that is in F5.
Thank you for your help.

Polybio

Like
Polybio Fernandes
Polybio Fernandes June 17, 2019

Hello,

I'm having an error on the page below. Do you have any tips to solve this?

"gadget.common.error.500 using nginx and HTTPS"

I'm waiting.
Thank you

Like
Shankar Asam {Appfire}
Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 18, 2019

Hi Polybio,

Please visit the link below to see if the issue got addressed.

https://community.atlassian.com/t5/Jira-Software-questions/Jira8-behind-Nginx-proxy-gadget-common-error-500/qaq-p/1010477

Please make sure that your BASE URL and the proxyName in server.xml should match. And also verify the same in nginx configuration.

 

thanks

Like
Polybio Fernandes
Polybio Fernandes June 18, 2019

Thank you Shankar Asam !

Polybio

Like Shankar Asam {Appfire} likes this
Reply
0 votes
Software Asset Management
Software Asset Management
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
September 8, 2021

Hi

Question related to F5 <<https and correct configuration in server.xml.

Shouldn't base be also https:// in system settings? When do so the server will have error with gadger.500, How to solve it?

The server itself don't have the certificate installed in it. It is in the load balance witch in it's turn translate https to http internally. 

on the server it'self doing curl -v https://... will return error 

Rebuilt URL to: https://jira.*******.***/
* Trying 127.0.1.1...
* TCP_NODELAY set
* connect to 127.0.1.1 port 443 failed: Connection refused
* Failed to connect to jira.******.*** port 443: Connection refused
* Closing connection 0

Any solution?

 

Best Regards

Reply
0 votes
Roy Rizkallah
Roy Rizkallah July 10, 2021

@Shankar Asam {Appfire} @Polybio Fernandes 

Dears, 

I am trying to install the SSL on Palo Alto similar to F5. Is there any special config I should do on Jira?

Should I install any certificate on Jira server? It is not working although as mentioned above.

Kindly help. Thank you,

View More Comments
Shankar Asam {Appfire}
Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 11, 2021

Hi,

If you are terminating SSL at F5 or Palo Alto, then you don't have to install / import any SSL certs into JIRA (F5 --> JIRA and JIRA --> F5 will be on HTTP only). You just need to modify server.xml to add your proxy-related config(see above).

 

If this is not the case and want to have https between F5 and app server (JIRA) - then you will need to import SSL certs into Java's keystore on app server (JIRA) .  See this KB article for more info and specifically ( Step 2. Update Tomcat with the KeyStore under Advanced  configuration)

 

-shankar

Like
Roy Rizkallah
Roy Rizkallah July 11, 2021

@Shankar Asam {Appfire} 

Thank you for the reply :) the first part worked for me. I had to adjust the host file too. 

Regards, 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.