[英]Jira behind Apache SSL proxy on CentOS
Like the title says, I try to get Jira running behind an Apache SSL proxy. 就像标题所说的那样,我试图让Jira在Apache SSL代理后面运行。
I was able to make it work without SSL but now I'm struggling with a 502. I get the same result when I try to access https://localhost/ localhost:8080
(which worked without encryption before I set the proxy in jira) https://127.0.0.1
and some others. 我能够使它在没有SSL的情况下工作,但是现在我正与502苦苦挣扎。当我尝试访问https://localhost/ localhost:8080
时,我会得到相同的结果(在设置jira中的代理之前,它没有加密就可以工作) ) https://127.0.0.1
等。
Here is the Jira connector config. 这是Jira连接器配置。
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
scheme="https"
proxyName="localhost"
proxyPort="443"
/>
<!--
And now the Apache VHost config sorry for newbe-like config 现在,Apache VHost配置对类似newbe的配置感到抱歉
ProxyRequests On
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
SSLProxyEngine on
ServerName localhost
ServerAlias jira.ecoledelexcellence.ca
ServerAlias 192.168.0.116
ProxyRequests Off
ProxyPreserveHost On
# <Proxy *>
# Order deny,allow
# Allow from all
# </Proxy>
ProxyPass / https://127.0.0.1:8080/ retry=0
ProxyPassReverse / https://127.0.0.1:8080/ retry=0
<Location />
Order allow,deny
Allow from all
</Location>
#HTTP => HTTPS rewrite
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
Thanks for any hint 谢谢你的提示
into the Tomcat, you should add into the Connector config that it is a secure channel: 在Tomcat中,您应该在Connector配置中添加一个安全通道:
secure="true"
This tells Tomcat that even if the SSL engine is not initalized on this Connector, the incoming connections are qualified to be "secure". 这告诉Tomcat,即使未在此连接器上初始化SSL引擎,传入的连接也符合“安全”的条件。 The proxyName should be the externally visible name of the machine, this helps if the webapp is using scheme
, proxyName
, and proxyPort
variables to construct an URL, see: Tomcat Proxy Support proxyName应该是计算机的外部可见名称,如果webapp正在使用scheme
, proxyName
和proxyPort
变量构造URL,这将有所帮助,请参阅: Tomcat代理支持
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html http://tomcat.apache.org/tomcat-7.0-doc/config/http.html
Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector. 如果您希望调用request.isSecure()以对此连接器收到的请求返回true,则将此属性设置为true。 You would want this on an SSL Connector or a non SSL connector that is receiving data from a SSL accelerator, like a crypto card, a SSL appliance or even a webserver. 您可能希望在SSL连接器或从SSL加速器(如加密卡,SSL设备甚至Web服务器)接收数据的非SSL连接器上使用它。
(Also applies to AJP Connectors) (也适用于AJP连接器)
HTTP: HTTP:
For the ProxyPass*
you don't need the "s" in the https. 对于ProxyPass*
您不需要在https中添加“ s”。 Also you don't need the Rewrite at the end, it will force all incoming connections to plain http. 另外,您不需要最后的重写,它将强制所有传入的连接到纯HTTP。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.