-
Notifications
You must be signed in to change notification settings - Fork 165
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTPS support #14
Comments
Sorry, there is no plan to implement this. The usual practice i see it keeping SSL termination external like using NGIN X or HAProxy as a frontend for the service. Perhaps you can override the default Java keystore file with your own if it's really needed. You could also utilize |
@cptactionhank: I had tried in the past to do ssl termination at JIRA/Confluence. It is not the intended use. |
There will unfortunately not be made features to configure keystorea and SSL front lens support in this image. The better way which is already supported is to use a proxy server as front end with ssl termination like HAproxy or NGINX. Have a second look at https://confluence.atlassian.com/adminjiraserver071/integrating-jira-with-apache-using-ssl-802593043.html You also can create you own image using mine as a base where you provide your own modified server.xml filer and Java keystore file. |
Expanding what cptactionhank has said (& simplifying the linked page), I have just setup a system with SSL and used a free LetsEncrypt cert (fullchain) on an Nginx server providing a reverse proxy. I did have to make a change to the default Docker container, but it was simply adding 'scheme="https" proxyName="jira.mydomain.com" proxyPort="443"', to the only enabled Connector section in the /opt/atlassian/jira/conf/server.xml file. |
@darren-harrison I'd be curious to see your setup without any sensitive details. Would you mind sharing it? |
The nginx config is as follows: server { ssl_certificate /etc/letsencrypt/live/jira.mydomain.com/fullchain.pem; location /.well-known { location / { }
Is there anything else you are interested in? |
Yes, I was having difficulty getting the system integration of all of it together. The remaining piece for a production deployment is the PostgreSQL via docker for JIRA/Atlassian stuff. I was able to get PostgreSQL docker container up, running, configured, and accessible to localhost, but connecting it to the JIRA docker container stumped me. |
There might be some firewall issues there. Our setup uses a MySql server on the docker host. I'm certain the Docker people would disapprove but it works great for us. |
hmm... I thought I had disabled the firewall. I will have to break out my local test env again. Cheers! |
Hi, I've used the suggested solution by putting a SSL-terminating proxy in front of the Jira container (I'm using haproxy). I am aware this is not the correct solution, but I was really trying to avoid building a new docker image with only this change. It would be awesome if this could be somehow configurable through environment variables, unfortunately I'm currently all out of time to tackle this. Sample Connector config: <Connector port="8080"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
proxyName="example.com"
proxyPort="443"
scheme="https"/>
<Connector port="8081"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"/> Anyway, thank you for your efforts @cptactionhank :) |
The boss might have something else to say on this, but in one thread around here, there was mention of the following variables. I have tried & maybe I'm not using them right but I don't think they worked for me. docker run --restart=always -d --name jira -v ${DOCKER_PATH}/jira:/var/atlassian/jira Indeed. Thank you for your hard work @cptactionhank ! Darren. |
@darren-harrison Thank you, I can see that these are used in the |
@darren-harrison thanks, the environment variables solved my problem 👍 The Jira part of my docker-compose.yml file:
|
Problem persists on |
Most likely you have not updated base-path, it's more of an JIRA configuration thing |
From my experience a configurable keystore would be a solution to this problem: Even when using a ngnx proxy (as we do), there is an issue where one atlassian instance (jira / bamboo/ confluence) does not trust another (or even itself) when using a custom certificates from a custom CA (this is true for most company networks). |
I want to correct myself as I have now solved the issue for me. The below Dockerfile extends this repo and adds a CA certificate to the keystore of Java (it doesnt help to add a custom keystore to jira since that is only used if the tomcat is doing https on its own)
|
Hi,
Would you be willing to configure the docker container to support HTTPS access to Jira with a custom keystore?
Thanks,
Joël
The text was updated successfully, but these errors were encountered: