Ghazi Bahri GitHub

Run JIRA behind reverse proxy with Nginx and SSL Let’s Encrypt

Image pour Run JIRA behind reverse proxy with Nginx and SSL Let’s Encrypt

My config : Debian 9 hosting :

1- PHP apps using Nginx as http web server  listing to port 80

2- JIRA 8 using Tomcat as http web server liting to port 8080

Prerequisites

SSL certificate using Let’s Encrypt is generated for subdomain : foo.example.com

In this example, we want  to use Nginx as reverse proxy to Tomcat and generate ssl Let’s encrypt certificate so JIRA can be accessed with HyperText Transfer Protocol Secure (HTTPS) on standard HTTP port 80.

1- Configure Nginx Vhost

/etc/nginx/sites-available/foo.example.com

server {
listen *:80;
listen 443 ssl http2;
server_name foo.example.com;
if ($scheme != "https") {
rewrite ^ https://$http_host$request_uri? permanent;
}
ssl_certificate /etc/letsencrypt/live/foo.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/foo.example.com/privkey.pem;
 
 
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8888/;
client_max_body_size 10M;
}
}

check Nginx : nginx -t

restart Nginx /etc/init.d/nginx restart

 

2- Configure Tomcat (bundled with JIRA)

Go to <JIRA-INSTALL>/conf/server.xml and add the proxyName and proxyPort elements

<Connector port="8888" maxThreads="150" minSpareThreads="25" connectionTimeout="20000"
enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1"
useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100"
disableUploadTimeout="true" proxyName="foo.example.com" proxyPort="443"
scheme="https" secure="true"/>

restart JIRA :

/etc/init.d/jira stop

/etc/init.d/jira start

← Retour aux articles