stackoom
  简体   繁体   中英

Jira behind Apache SSL proxy on CentOS

 原文  2014-01-04 20:49:35       apache/ tomcat/ ssl/ proxy/ jira

Question

Like the title says, I try to get Jira running behind an Apache SSL proxy.

I was able to make it work without SSL but now I'm struggling with a 502. I get the same result when I try to access https://localhost/ localhost:8080 (which worked without encryption before I set the proxy in jira) https://127.0.0.1 and some others.

Here is the Jira connector config. 

 <Connector port="8080"

               maxThreads="150"
               minSpareThreads="25"
               connectionTimeout="20000"

               enableLookups="false"
               maxHttpHeaderSize="8192"
               protocol="HTTP/1.1"
               useBodyEncodingForURI="true"
               redirectPort="8443"
               acceptCount="100"
               disableUploadTimeout="true"
               scheme="https"
               proxyName="localhost"
               proxyPort="443"
               />

   <!--

And now the Apache VHost config sorry for newbe-like config 

ProxyRequests On
NameVirtualHost *:443

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key
      SSLProxyEngine on

  ServerName localhost
  ServerAlias jira.ecoledelexcellence.ca
  ServerAlias 192.168.0.116

  ProxyRequests Off
  ProxyPreserveHost On

#  <Proxy *>
#    Order deny,allow
#    Allow from all
#  </Proxy>

  ProxyPass / https://127.0.0.1:8080/ retry=0
  ProxyPassReverse / https://127.0.0.1:8080/ retry=0

    <Location />
        Order allow,deny
        Allow from all
    </Location>

        #HTTP => HTTPS rewrite
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

Thanks for any hint

1 answers

solution1
 1 ACCPTED  2014-01-21 11:07:04

into the Tomcat, you should add into the Connector config that it is a secure channel: 

secure="true"

This tells Tomcat that even if the SSL engine is not initalized on this Connector, the incoming connections are qualified to be "secure". The proxyName should be the externally visible name of the machine, this helps if the webapp is using scheme , proxyName , and proxyPort variables to construct an URL, see: Tomcat Proxy Support

http://tomcat.apache.org/tomcat-7.0-doc/config/http.html

Set this attribute to true if you wish to have calls to request.isSecure() to return true for requests received by this Connector. You would want this on an SSL Connector or a non SSL connector that is receiving data from a SSL accelerator, like a crypto card, a SSL appliance or even a webserver.

(Also applies to AJP Connectors)

HTTP:

For the ProxyPass* you don't need the "s" in the https. Also you don't need the Rewrite at the end, it will force all incoming connections to plain http.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question JIRA Server with SSL Behind Apache Reverse Proxy Not Working Jira behind Apache https proxy redirect CentOS 7 - Apache Reverse Proxy - SSL Issues Tomcat6 behind Apache2.2 proxy with SSL Reverse Proxy with Apache on Centos 6 Jira, Tomcat and JBoss behind Apache Tomcat behind Apache and SSL Use Apache behind Proxy Jenkins behind apache proxy Traefik behind Apache proxy
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM