We all know HAProxy is a widely used load balancer or proxy software these days. When installing Jira, it can be accessed via the default port 8080 and 8443 (secure connection). But most of you guys will need to make Jira work on the default http and https port. We cannot configure Jira in the default ports like 80 and 443.
But, with the help of a proxy software, we can make this happen. When it is a widely used proxy software, configuring it won’t be an issue.
We can redirect the requests made to the port 80 to the port 8080. Users will be able to access the Jira interface just by browsing the server hostname. No need to worry about the port numbers and IP address of the server.
Requirements:
- CentOS Operating System
- Clean installation of Jira
- SSL certificate (.pem)
Unlike apache, there is no need to install any dependencies for HAProxy.
There are only few steps to install and configure HAProxy.
- yum -y install haproxy
- systemctl start haproxy
You can find the configuration file for HAProxy in the following path: /etc/haproxy/haproxy.cfg
Open the configuration file in the Linux text editor
vi /etc/haproxy/haproxy.cfg
The configuration file will look like this.
global
daemon
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
tune.ssl.default-dh-param 2048
defaults
log global
retries 3
maxconn 2000
timeout connect 5s
timeout client 50s
timeout server 50s
listen stats
bind 127.0.0.1:9090
balance
mode http
stats enable
stats auth admin:admin
frontend localhost
bind *:80
bind *.443 ssl crt /etc/letsencrypt/live/jira.iserversupport.com/cert.crt
redirect scheme https if !{ssl_fc}
mode http
default_backend mode
backend node
mode http
option forwardfor
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server dcnode1 192.168.1.1:80 check
http-request set-header X-Forwarded-Port %[8080]
http-request add-header X-Forwarded-Proto httpsif { ssl-fc }
Please make sure the bind *443 crt is defined with the exact path of your certificates stored in your server.
Once everything is updated, save the configuration file and restart HAProxy
systemctl reload haproxy
systemctl enable haproxy
The next step is to configure Jira to use the SSL configuation in the proxy. Otherwise, there will be URL Mismach Error and non-secure warnings. To get rid of these errors, we need to make the server.xml connector for “HTTPS – Proxying Jira via Apache or Nginx over HTTPS” to look like below.
<!–
<Connector port=”8080″ relaxedPathChars=”[]|” relaxedQueryChars=”[]|{}^\`"<>”
maxThreads=”150″ minSpareThreads=”25″ connectionTimeout=”20000″ enableLookups=”false”
maxHttpHeaderSize=”8192″ protocol=”HTTP/1.1″ useBodyEncodingForURI=”true”
acceptCount=”100″ disableUploadTimeout=”true” bindOnInit=”false” secure=”true” scheme=”https”
proxyName=”jira.iserversupport.com” proxyPort=”443″/>
–>
The connector is already commented in the configuration file. We need to uncomment it to make it active.
The below tags are the mandatory ones. So, make sure it is set correctly.
- scheme = https
- proxyName : jira.iserversupport.com (Your server hostname)
- proxyPort = 443
- Login to your Jira dashboard with administrator account
- Find the gear icon in the top right corner near to the profile
- Navigate to System
- Provide the password for user.
- Click on “Edit Settings” option in the top right side of the settings tab
- Change the base URL to https://jira.iserversupport.com (https://server-hostname.com)
- Scroll down and click update and the changes will be saved.
Leave A Comment