how can we bind seperate virtual hostnames to the proxy redirects for jira and confluence instances deployed on the same host when using https?

Robert Brittain December 13, 2012

How can we bind seperate virtual hostnames to the proxy redirects for jira and confluence instances deployed on the same host when using https? The document https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL indicates that this is possible -- but does not give details on exacly how to do it. Defining a named virtual host for each proxy redirection works when users access the applicatons via http. But these definitions are in-effective in redirecting https connections to these hosts, and instead routes the connection to the Apache homepage.

3 answers

0 votes
Aspect Infra Team
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
February 27, 2013

CentOS 6
1) in /etc/httpd/conf/httpd.conf

NameVirtualHost confluence.xxx.com:80

NameVirtualHost jira.xxx.com:80

NameVirtualHost confluence.xxx.com:443

NameVirtualHost jira.xxx.com:443

...

LoadModule ssl_module modules/mod_ssl.so

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

2) /etc/httpd/conf.d/jira.xxx.com.conf

<VirtualHost jira.xxx.com:80>

...

ServerName jira.xxx.com

RewriteEngine on

RewriteCond %{HTTPS} !=on

RewriteRule ^(.*)$ https://jira.xxx.com$1 [L]

...

ProxyPass / http://localhost:8008/

ProxyPassReverse / http://localhost:8008/

</VirtualHost>

<VirtualHost jira.xxx.com:443>
ServerName jira.xxx.com:443
...
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCACertificateFile /xxxx/xxx.crt
SSLCertificateFile /xxxx/xxx.crt
SSLCertificateKeyFile /xxxx/xxx..key
ProxyPassReverse / http://localhost:8008/
</VirtualHost>
( same for confluence )
3) /opt/atlassian/jira/conf/server.xml
<Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
scheme="https"
proxyName="jira.xxx.com"
proxyPort="443"/>
0 votes
Radu Dumitriu
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 13, 2012

Do not use virtual hosts + https. This is because of a vey common chicken or the egg problem: you need to decript the message (to get the hostname) but you do not know what ssl certificate to choose (because choosing the certificate means that you know the hostname)

Haha!

HTH

Edit: You can reuse the host by binding more IPs on the host eth0, run two instances of apache, one listent on one IP, the other on the other IP.

0 votes
C_ Faysal
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 13, 2012

can you post your vhost config containing your proxy setup for your Jira & Confluence?

we also use https with jira and confluence on the same host.

mine looks like already posted here

https://answers.atlassian.com/questions/111216/jira-port-issue/111247

in my private installation i use one vhost conf for each cause i use subdomains like jira.myhost and wiki.myhost

just to keep it clean and clear i decided to place each config in a seperate file inside http/conf.d/

for example this can also be like

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass /jira ajp://localhost:8009/jira
ProxyPassReverse /jira ajp://localhost:8009/jira
ProxyPass /crowd ajp://localhost:8008/crowd
ProxyPassReverse /crowd ajp://localhost:8008/crowd
ProxyPass /wiki ajp://localhost:8010/wiki
ProxyPassReverse /wiki ajp://localhost:8010/wiki

this will work when your jira is accessable i.e. at <yourhostname>/jira and so on... which needs the path in your server.xml

Context path="/jira"

regards

Suggest an answer

Log in or Sign up to answer