Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Gadgets Don't Work Behind a Reverse Proxy (Ngnix) with SSL

Rodney Marable
Rodney Marable October 17, 2019

On a fresh Jira-8.4.1 installation hosted on an Amazon Linux 2 EC2 instance with an SSL-enabled reverse proxy built using nginx-1.12 (AWS provided), we are observing some strange behavior with gadgets.

When we try to add a new gadget, we noticed that all of the URLs have "localhost" instead of our hostname:

 

Screen Shot 2019-10-17 at 1.35.58 PM.png

 

We also saw this health check error:

 

Screen Shot 2019-10-17 at 1.47.12 PM.png

 

The base URL is correct.

We added arguments for -Dhttp.nonProxyHosts and -Dhttps.nonProxyHosts as directed in option #3 of https://confluence.atlassian.com/jirakb/jira-server-base-url-health-check-fails-859447384.html, using the hostname in our base URL, but we are not seeing any change in behavior.

Avatars are also not available:

Screen Shot 2019-10-17 at 9.10.59 AM.png

 

*Everything* else on this site is working as expected through the HTTPS proxy, so we are looking for suggestions on other things we can try.

Thanks,

Rodney

Answer
Watch
Like Deleted user likes this
2143 views

1 answer

1 accepted

2 votes
Answer accepted
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 17, 2019

Some random thoughts. 

Double check your baseurl. 

In your server.xml file make sure you are using the one for  HTTPS - Proxying Jira via Apache or Nginx over HTTPS. In particular, make sure that proxyname and proxyport are set.

In your nginx config make sure your proxy_set_headers and sch are set,

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://your.servers.com:8080;
client_max_body_size 20M;
}

View More Comments
Rodney Marable
Rodney Marable October 17, 2019

Hi Andrew,

Thanks for the feedback!

We were missing this statement from nginx.conf:

proxy_set_header Host $host;

 

After restarting nginx, everything is working now:

Screen Shot 2019-10-17 at 9.13.41 PM.png

Screen Shot 2019-10-17 at 9.10.59 AM.png

Screen Shot 2019-10-17 at 9.13.24 PM.png

Thanks for your suggestion - it was spot on.

Regards,

Rodney

Like Deleted user likes this
Deleted user October 31, 2019

Dear, @Andrew Laden I have a small question. 

 

>> proxy_pass http://your.servers.com:8080;

 

This line implies I should expose http port into the web. Is it correct? Or should I use local DNS here? 

 

Sincerely,

Kim

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 31, 2019

The proxy pass is nginx proxying the traffic, so any connections to 8080 would be coming from your nginx server, and not the internet. So while your nginx has to be exposed to the end users, the jira server itself on 8080 doesn't.

If your nginx is running on the same server as your jira instance, I suppose you can use localhost instead, and configure your tomcat to only bind to the local interface.

You could run a local firewall on the jira server to restrict who can connect to 8080.

Like Deleted user likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.