Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

What are the steps to enable https on a docker container from the docker registry?

Cole Brand
Cole Brand
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
April 9, 2020

What are the steps to enable https on a docker container from the docker registry?

Specifically I want to:

  • use docker to run jira so I can destroy it easily when I'm done testing
  • create a self-signed localhost certificate
  • use that certificate on my tomcat instance in the docker container
  • to test things locally on my machine to oauth to localhost
  • on a website that I am running on localhost which makes callbacks tricky when the oauth server is supposed to call back to my server

My end-goal is to write software that authenticates my user via OAuth (1.0a because that's what's supported) and I can't show my POC before I can get permission to host it on a named server and connect it to our Jira datacenter instance. 

Right now, the instance is not HTTPS so Jira says I can't turn on any settings around OAuth unless I fundamentally misunderstand how Jira should be configured.

Additionally, our Jira instance in prod and even development are both HTTPS so I want to match my target instance as best I can.

I have tried multiple "tutorials" online that appear to apply to older versions of Jira, and that reference values that no longer exist.

I have generated an openssl cert with a localhost subject, I have created a pkcs12, and a jks, and have added those configs to the server.xml, and when I restart I continue to only get 8080 export even tho the server config doesn't have an 8080 in the entire file. The server runs on 8080 as evidenced by internal-docker-container running curl shows it working on 8080 and not 8433 as configured.

Is there an up-to-date as of March or April 2020 tutorial that shows step-by-step how to do this? Or is there a docker image (community supported is fine, I only want to test against jira auth, nothing else really comes to mind right now) that does HTTPS by default? Or is there a better way to do what I want to do to test an OAuth workflow that will closely mimic my internal company workflow?

Answer
Watch
Like Be the first to like this
1977 views

1 answer

0 votes
Dave Chevell
Dave Chevell
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 25, 2020

Hey @Cole Brand ,

server.xml is generated from a template, located at /opt/atlassian/etc/server.xml.j2, at startup. If you need inject your own custom version, the "Advanced Configuration" of our readme at https://hub.docker.com/r/atlassian/jira-software recommends that you mount your own custom server.xml (or other generated files) at runtime. For example:

docker run -d -v /path/to/my/custom/server.xml:/opt/atlassian/etc/server.xml.j2 -p 8080:8080 atlassian/jira-software:latest

I hope that helps Cole! Let me know how you go.

Cheers

Dave

View More Comments
Cole Brand
Cole Brand
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 25, 2020

I'm not so daft as to think the words below don't reflect frustration, they absolutely do. And that may be considered by some to be unprofessional, but I feel that in the experience I have had, there is no other word than unprofessional to describe the usage of the API presented by Atlassian along with the tools provided for testing.

I appreciate where you're coming from Dave, but no, it doesn't really do anything to help me. I'm not a Tomcat person. I do IIS dev in C# mostly, with kestrel and console and the like in addition to my web dev on IIS. I also generally specialize in powershell. My expertise lies in other places than java and tomcat.

I think that you're also missing a java keystore in your example here, and https forwarding, and https ports on the command line, and maybe a self-signed https cert with a file I can import to my local machine to facilitate testing. Or maybe Atlassian wants to standardize on a known testing certificate to facilitate testing and encourage the adoption of better practices outside the Atlassian team themselves. Our shipping SDK product does include a signed (with chain) https cert for our devs working against IIS that don't work for my company. We find it a best-practice to standardize on a name that isn't localhost to replicate real-world scenarios.

Your reply doesn't help because it doesn't really address the questions I've asked, and doesn't provide any sort of a walkthrough.

It may be that nobody at Atlassian understands well enough either how to do this, and that it's not a benefit for the community because almost nobody is running Jira in docker for test, so that's fine, and it is be as it may. 

But Atlassian offering this docker image and not supporting basic web standards in 2020 is a real shame. HTTPS is a given, but I shouldn't have to become a Tomcat and Atlassian product certified specialist to be able to test features locally.

At this point my team has completely pivoted away from using Atlassian tooling to help support our project due to the poor customer support we've received through every channel available to me:

1) our internal team doesn't have a contact at Atlassian to ask for help with dev projects
2) the customer support team responding to emails doesn't support dev projects
3) This community isn't maintained as evidenced by a six week response cycle on a (seemingly) simple walkthrough request.

It could have been possible for you to say "Hey Cole, you don't need https to do oauth 1.0a on a local docker instance, here's a writeup on how you test oauth locally from a docker container" but that doesn't exist either, so I'm guessing it's not a supported test scenario on your end either.

I would love to have a call with an application architect at Atlassian on the Jira team, but apparently you don't support that either.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events