-
-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SSL Support #76
Comments
Do you think it is possible to use something like Nginx to SSL Proxy jira? |
Using puppetlabs/apache seems to work without having to modify the jira configuration at all. So maybe its not worth adding since apache can handle it?
|
@Conzar that's great news. I think the documentation for the module can just be updated to show your example code. I'm not a massive fan of complicating systems and SSL Termination works a lot of the time for me :) |
Well, not so good news. It seemed to work on a fresh install of Jira. But it didn't work on an existing install of jira. Essentially, it was getting a proxy timeout error. Does anything need to change on the server.xml? Here is the main error:
|
@Conzar this article may be of use to you https://confluence.atlassian.com/display/STASH/Securing+Stash+behind+nginx+using+SSL I know its for stash but they work in a similar way |
Do you think the changes required to the connector in the server.xml should be rolled into this module? |
@Conzar The scheme should be https. I will add some examples on how to do this with the puppet apache and puppet nginx modules. This is the way I would recommend setting it up. That being said i think we could role in the required https settings into this module. I will take a look at it. |
I have switched to using reverse proxies in Apache (for port 80 to 8080 traffic). What needs to be done to use ssl? I saw you added the following: What is proxy, is that specific to this module? |
No proxy is specific to tomcat, Setting the tomcat connector: <Connector port="8081" ...
proxyName="www.mycompany.com"
proxyPort="443"
scheme="https"/> will cause servlets inside this web application to think that all proxied requests were directed to www.mycompany.com on port 443 using https. More detail here: http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html#Attributes AFAIK its required if you are doing ssl offloading with reverse proxying via apache/nginx. |
Add native ssl support
Can you please add SSL support?
The text was updated successfully, but these errors were encountered: