Proxy Jira 7 Over https with Nginx

Posted: November 18, 2015

I run self-hosted atlassian products and wanted to serve Jira, Stash, and Fisheye on the same server over https.

Users would connect securely to Nginx, and Nginx would proxy Jira locally over standard http. I'm using AWS and the security group (firewall) has all incoming ports locked down except ports 80 and 443.

Java configs & AJAX requests ended up making this a little more complicated than anticipated so I thought I would document the details.

The Goal

Serve the apps at the following addresses:

https://atlassian.example.com/jira
https://atlassian.example.com/stash
https://atlassian.example.com/fisheye

For this article, I'm only going into detail with Jira.

Nginx Config

This is my virtual host config for Jira.

Notice that the proxy_pass is set to the domain name. Typically something like this would be http://127.0.0.1:8082/jira, however I ran into some issues with Jira making AJAX requests.

I resolved this by making a local host record (/etc/hosts) of 127.0.0.1 atlassian.example.com, then using the domain name in the proxy_pass value. I didn't want to mess with firewall settings but if you know of an approach that doesn't depend on a host record, let me know!

server {
  listen 80;
  listen 443 ssl;
  server_name .atlassian.example.com;

  ssl on;
  error_page 497  https://$host$request_uri;
  ssl_certificate  /path/to/ssl/atlassian.example.com.crt;
  ssl_certificate_key /path/to/ssl/atlassian.example.com.key;

  location /jira {
    client_max_body_size 10M;
    proxy_pass http://atlassian.example.com:8082/jira;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}

Jira Config

The file to configure in Jira is [jira directory]/conf/server.xml.

Here is the relevant xml configuration that is part of that file:

    <Service name="Catalina">
        <Connector port="8082"
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   scheme="https" proxyName="atlassian.example.com" proxyPort="443" secure="true"/>

...

        <Engine name="Catalina" defaultHost="localhost">
            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
                <Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

Once that these files are configured, simply restarting Jira and Nginx should work.