JIRA Server with SSL Behind Apache Reverse Proxy Not Working

StackOverflow https://stackoverflow.com/questions/22709415

Pregunta

I'm trying to get JIRA setup behind an Apache reverse proxy where the connection to Apache is via SSL and then the connection between Apache and JIRA is http.

i.e. Internet/Network <=https=> Apache <=http=> JIRASERVER

I'm using a self certified certificate created as described here Both Apache and JIRA are running on the same Windows 2008 R2 server. I've followed the instructions from Atlassian but it just doesn't seem to work, I've been looking around all over the Internet and not found a solution for my issue.

I can setup Apache without SSL and that seems to work fine

Config 1

Internet/Network <=http=> Apache <=http=> JIRASERVER

JIRA Setup Files

server.xml

<Service name="Catalina">
    <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" 
    enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" 
    port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
    proxyName="JIRASERVERNAME" proxyPort="80"/>

Apache Setup File

httpd.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so

ServerName JIRASERVERNAME

Include conf/extra/httpd-vhosts.conf

httpd-vhosts.conf

<VirtualHost *>
    ServerName JIRASERVERNAME

    ProxyRequests       Off
    ProxyPreserveHost   On
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass           /   http://JIRASERVERNAME:8080/
    ProxyPassReverse    /   http://JIRASERVERNAME:8080/

</VirtualHost>

Type JIRASERVERNAME in a browser URL directs to JIRASERVERNAME/secure/Dashboard.jspa and works fine.

Config 2

However when I try and enable the SSL by changing the files as shown below (i.e. remove the setup for non-SSL and just use SSL) I get no response and am confused as to what's wrong.

JIRA Setup Files

server.xml

<Service name="Catalina">
    <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" 
    maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
    protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
    scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/>

Apache Setup Files

httpd.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so

ServerName JIRASERVERNAME

Include conf/extra/httpd-vhosts.conf

httpd-vhosts.conf

<VirtualHost *:443>
    ServerName JIRASERVERNAME

    SSLEngine               On
    SSLCertificateFile      "C:\Program Files\Atlassian\JIRA\jre\server.crt"
    SSLCertificateKeyFile   "C:\Program Files\Atlassian\JIRA\jre\server.key"
    SSLProxyEngine      On

    ProxyRequests       Off
    ProxyPreserveHost   On
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass           /   http://JIRASERVERNAME:8080/
    ProxyPassReverse    /   http://JIRASERVERNAME:8080/

</VirtualHost>
<VirtualHost *:80>
    ServerName JIRASERVERNAME
    Redirect        /   https://JIRASERVERNAME/
</VirtualHost>

Typing in JIRASERVERNAME redirects to the secure URL https://JIRASERVERNAME But I get the response in Chrome "This web page is not available" Can anyone help point out what I've done wrong please, I'd be very grateful

¿Fue útil?

Solución

I got it working, it was mainly because Apache wasn't listening on port 443, and I fixed this by including httpd-ssl.conf and then defining my VirtualHost in there.

So this is what I've ended up with

JIRA Setup Files

server.xml

    <Service name="Catalina">
        <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" 
        maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080"
        protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true"
        scheme="https" proxyName="JIRASERVERNAME" proxyPort="443" secure="true"/>
Apache Setup File

httpd.conf

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so 

ServerName JIRASERVERNAME

Include conf/extra/httpd-vhosts.conf

Include conf/extra/httpd-ssl.conf

httpd-vhosts.conf

<VirtualHost *:80>
    ServerName JIRASERVERNAME
    Redirect        /   https://JIRASERVERNAME/
</VirtualHost>

httpd-ssl.conf

 Listen 443 #This was already defined in here

<VirtualHost *:443>
    ServerName JIRASERVERNAME

    SSLEngine           On
    SSLCertificateFile      "C:\Program Files\Atlassian\JIRA\jre\server.crt"
    SSLCertificateKeyFile   "C:\Program Files\Atlassian\JIRA\jre\server.key"
    SSLProxyEngine      On

    ProxyRequests       Off
    ProxyPreserveHost   On

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass       /   http://JIRASERVERNAME:8080/
    ProxyPassReverse    /   http://JIRASERVERNAME:8080/

</VirtualHost>

I also commented out any lines that were superseded by my VirtualHost config.

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top