Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Expose JIRA to external network

Priyank
Priyank May 23, 2018 edited

Intro: I am a part time linux admin with relatively less experience. Recently I have been assigned the task of making JIRA available to users outside our network. 

I understand that this task involves multiple aspects and tasks to do. So far I have not had much luck finding assistance in other posts. Hence I am making this post here.

It is my understanding so far that I need to:

1. Link a second IP address to my JIRA installation. First one is used for internal only. I create a second one with the intention of opening up that port to the external network.

2. JIRA installation is currently set up to port 8099. I need to edit the server.xml file to port 80 for internal and external traffic

3. Update the JIRA base URL.

4. Setup SSL certificates for HTTPS.

Is this accurate? or am I missing some steps?

Note: this is running on a Centos machine. Also the IT department is working on DMZ firewall and ASA rules so routing will work both inside and out. 

Any advice?

 

Answer
Watch
Like Jasper likes this
4757 views

2 answers

1 vote
Marcos PS [DEISER]
Marcos PS [DEISER]
Contributor
May 23, 2018

Agree with Danyal, if possible try to do not use different IPs for LAN and WAN access and if you have no other choice, make sure you use the same FQDN for accessing Jira service and the use of HTTPS are forced for any access, remember that only one base URL can be defined at once if you do not want to face problems in the future, make sure all your users use the same URL for accessing Jira.

Take a look to this doc...

View More Comments
Priyank
Priyank May 25, 2018

Hi Marcos,

I am in the process but facing a roadblock. Please advice.

Objective:

OS: Centos 7

Current jira instance: <Server IP addr>:8099

Need to go to hostname: jira.companyname.com

Things I did: According to link: https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html

A. For atlassian application:

1. Stopped JIRA

2. Not using context path so ignored

3. For connector directive, In server.xml, added

proxyName="jira.companyname.com"
proxyPort="8099"
scheme="http"/>

B. For Apache HTTP server

1. mod_proxy enabled by default in Centos.

2. Configure virtual host using mod_proxy, 

Since includeOptional statement present in httpd.conf, In conf.d folder created an jira-vm.conf file with following. 

<VirtualHost *:80>
    ServerName jira.companyname.com
     
    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
     
    <Proxy *>
         Require all granted
    </Proxy>
 
    ProxyPass / http://<ip addr>:8099
    ProxyPassReverse / http://<ip addr>:8099
</VirtualHost>

 3. Restart apache

systemctl restart httpd.service

4.  Modify CentOS SELinux policy

$ sudo /usr/sbin/setsebool -P httpd_can_network_connect 1

 C. Restart JIRA.

Result:

I dont see any response on jira.company.com

On ipaddr:8099 I see my jira instance with error:

"

Dashboard Diagnostics: Mismatched URL Hostname

JIRA is reporting that it is running on the hostname 'jira.clarionus.com', which does not match the hostname used to run these diagnostics, '<ip addr>'. This is known to cause JIRA to construct URLs using the incorrect hostname, which will result in errors in the dashboard, among other issues."

 

Thank you for your time

Like
Marcos PS [DEISER]
Marcos PS [DEISER]
Contributor
May 25, 2018

Hi Priyank,

ProxyPass and ProxyPassReverse must point to Tomcat connector port, not instead of the Apache proxy port. If you do not changed it, the default one for Jira is 8080... hope it helps!

Regards,

Like
Priyank
Priyank May 25, 2018

Marcos,

Thank you for the reply.

I did change the port on Jira from 8080 to 8099 during installation some time back. I checked now and the Tomcat connector port is indeed set to 8099. 

Any other ideas? 

I appreciate your assistance.

Like
Marcos PS [DEISER]
Marcos PS [DEISER]
Contributor
May 25, 2018

Set proxyPort="80" in the Tomcat intead

Like
Priyank
Priyank May 25, 2018 edited

Marcos,

Here is my setting snippet.


<Connector port="8099"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="jira.company.com"
proxyPort="80"
scheme="http"/>

 

I have set proxy port to 80 and connector port is 8099.

Like
Reply
0 votes
Danyal Iqbal
Danyal Iqbal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 23, 2018

I would install an apache reverse proxy in front of your internal jira and make it public, allow only apache to access your internal jira and external users to access the apche webserver. And thats the only way I would recommend for a production instance (read security concerns). I would not assign a 2nd ip and open ports on my production instance.

The rest should be business as usual, edit the server.xml, install the ssl certificates and restart the webserver.

View More Comments
Priyank
Priyank May 25, 2018 edited

Hi Danyal,

I am in the process but facing a roadblock. Please advice.

Objective:

OS: Centos 7

Current jira instance: <Server IP addr>:8099

Need to go to hostname: jira.companyname.com

Things I did: According to link: https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html

A. For atlassian application:

1. Stopped JIRA

2. Not using context path so ignored

3. For connector directive, In server.xml, added

proxyName="jira.companyname.com"
proxyPort="8099"
scheme="http"/>

B. For Apache HTTP server

1. mod_proxy enabled by default in Centos.

2. Configure virtual host using mod_proxy, 

Since includeOptional statement present in httpd.conf, In conf.d folder created an jira-vm.conf file with following. 

<VirtualHost *:80>
    ServerName jira.companyname.com
     
    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
     
    <Proxy *>
         Require all granted
    </Proxy>
 
    ProxyPass / http://<ip addr>:8099
    ProxyPassReverse / http://<ip addr>:8099
</VirtualHost>

 3. Restart apache

systemctl restart httpd.service

4.  Modify CentOS SELinux policy

$ sudo /usr/sbin/setsebool -P httpd_can_network_connect 1

 C. Restart JIRA.

Result:

I dont see any response on jira.company.com

On ipaddr:8099 I see my jira instance with error:

"

Dashboard Diagnostics: Mismatched URL Hostname

JIRA is reporting that it is running on the hostname 'jira.clarionus.com', which does not match the hostname used to run these diagnostics, '<ip addr>'. This is known to cause JIRA to construct URLs using the incorrect hostname, which will result in errors in the dashboard, among other issues."

 

Thank you for your time.

Like Jasper likes this
Priyank
Priyank May 25, 2018

Danyal,

I am in the process but facing a roadblock. Please advice.

Objective:

OS: Centos 7

Current jira instance: <Server IP addr>:8099

Need to go to hostname: jira.companyname.com

Things I did: According to link: https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html

A. For atlassian application:

1. Stopped JIRA

2. Not using context path so ignored

3. For connector directive, In server.xml, added

proxyName="jira.companyname.com"
proxyPort="8099"
scheme="http"/>

B. For Apache HTTP server

1. mod_proxy enabled by default in Centos.

2. Configure virtual host using mod_proxy, 

Since includeOptional statement present in httpd.conf, In conf.d folder created an jira-vm.conf file with following. 

<VirtualHost *:80>
    ServerName jira.companyname.com
     
    ProxyRequests Off
    ProxyVia Off
    ProxyPreserveHost On
     
    <Proxy *>
         Require all granted
    </Proxy>
 
    ProxyPass / http://<ip addr>:8099
    ProxyPassReverse / http://<ip addr>:8099
</VirtualHost>

 3. Restart apache

systemctl restart httpd.service

4.  Modify CentOS SELinux policy

$ sudo /usr/sbin/setsebool -P httpd_can_network_connect 1

 C. Restart JIRA.

Result:

I dont see any response on jira.company.com

On ipaddr:8099 I see my jira instance with error:

"

Dashboard Diagnostics: Mismatched URL Hostname

JIRA is reporting that it is running on the hostname 'jira.clarionus.com', which does not match the hostname used to run these diagnostics, '<ip addr>'. This is known to cause JIRA to construct URLs using the incorrect hostname, which will result in errors in the dashboard, among other issues."

 

If you can point me in the right direction, I will be grateful.

Thank you for your time. 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
atlassian, atlassian government cloud, fedramp, webinar, register for webinar, atlassian cloud webinar, fedramp moderate offering, work faster with cloud

Unlocking the future with Atlassian Government Cloud ☁️

Atlassian Government Cloud has achieved FedRAMP Authorization at the Moderate level! Join our webinar to learn how you can accelerate mission success and move work forward faster in cloud, all while ensuring your critical data is secure.

Register Now
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.