Configuring SSL on Jira using HAProxy

We all know HAProxy is a widely used load balancer or proxy software these days. When installing Jira, it can be accessed via the default port 8080 and 8443 (secure connection). But most of you guys will need to make Jira work on the default http and https port. We cannot configure Jira in the default ports like 80 and 443.

But, with the help of a proxy software, we can make this happen. When it is a widely used proxy software, configuring it won’t be an issue.

We can redirect the requests made to the port 80 to the port 8080. Users will be able to access the Jira interface just by browsing the server hostname. No need to worry about the port numbers and IP address of the server.

Requirements:

  1. CentOS Operating System
  2. Clean installation of Jira
  3. SSL certificate (.pem)

Unlike apache, there is no need to install any dependencies for HAProxy.

There are only few steps to install and configure HAProxy.

  1. yum -y install haproxy
  2. systemctl start haproxy

You can find the configuration file for HAProxy in the following path: /etc/haproxy/haproxy.cfg

Open the configuration file in the Linux text editor

vi /etc/haproxy/haproxy.cfg

The configuration file will look like this.

global
daemon
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
tune.ssl.default-dh-param 2048

defaults
log global
retries 3
maxconn 2000
timeout connect 5s
timeout client 50s
timeout server 50s

listen stats
bind 127.0.0.1:9090
balance
mode http
stats enable
stats auth admin:admin

frontend localhost
bind *:80
bind *.443 ssl crt /etc/letsencrypt/live/jira.iserversupport.com/cert.crt

redirect scheme https if !{ssl_fc}

mode http

default_backend mode

 

backend node

mode http

option forwardfor

option httpchk HEAD  / HTTP/1.1\r\nHost:localhost

server dcnode1 192.168.1.1:80 check

http-request set-header X-Forwarded-Port %[8080]

http-request  add-header X-Forwarded-Proto httpsif { ssl-fc }

 

Please make sure the bind *443 crt is defined with the exact path of your certificates stored in your server.

Once everything is updated, save the configuration file and restart HAProxy

systemctl reload haproxy

systemctl enable haproxy

The next step is to configure Jira to use the SSL configuation in the proxy. Otherwise, there will be URL Mismach Error and non-secure warnings. To get rid of these errors, we need to make the server.xml connector for “HTTPS – Proxying Jira via Apache or Nginx over HTTPS” to look like below.

<!–

<Connector port=”8080″ relaxedPathChars=”[]|” relaxedQueryChars=”[]|{}^\`&quot;&lt;&gt;”
maxThreads=”150″ minSpareThreads=”25″ connectionTimeout=”20000″ enableLookups=”false”
maxHttpHeaderSize=”8192″ protocol=”HTTP/1.1″ useBodyEncodingForURI=”true”
acceptCount=”100″ disableUploadTimeout=”true” bindOnInit=”false” secure=”true” scheme=”https”
proxyName=”jira.iserversupport.com” proxyPort=”443″/>

–>

The connector is already commented in the configuration file. We need to uncomment it to make it active.

The below tags are the mandatory ones. So,  make sure it is set correctly.

  1. scheme = https
  2.  proxyName : jira.iserversupport.com (Your server hostname)
  3. proxyPort = 443

 

  1. Login to your Jira dashboard with administrator account
  2. Find the gear icon in the top right corner near to the profile
  3. Navigate to System
  4. Provide the password for user.
  5. Click on “Edit Settings” option in the top right side of the settings tab
  6. Change the base URL to https://jira.iserversupport.com (https://server-hostname.com)
  7. Scroll down and click update and the changes will be saved.

 

 

One of the greatest server management service
18-09-2014
Reviewed Item
Best guide i have been looking for an easy guide for the installation.
Author Rating
51star1star1star1star1star

Leave a Reply

Your email address will not be published. Required fields are marked *