Integrating JIRA with Nginx

Atlassian applications allow the use of reverse-proxies within our products, however Atlassian Support does not provide assistance for configuring them. Consequently, Atlassian can not guarantee providing any support for them.

If assistance with configuration is required, please raise a question on Atlassian Answers.

This page describes a possible way to use Nginx to proxy requests for JIRA running in a standard Tomcat container. You can find additional documentation that explains how to use Apache mod_proxy for the very same purpose.

Configuring Tomcat

In this example, we want a setup where JIRA can be accessed at the address http://www.atlassian.com/jira (on standard HTTP port 80), while JIRA itself listens on port 8080 with context path /jira.

Set the Context Path

(info) If you want JIRA to serve on http://jira.atlassian.com skip this section.

  1. Set your JIRA application path (the part after hostname and port). To do this in Tomcat (bundled with JIRA), edit <JIRA-INSTALL>/conf/server.xml, locate the "Context" definition:
     

    <Context docBase="${catalina.home}/atlassian-jira" path="" reloadable="false" useHttpOnly="true">
  2. Change the path to the below:

    <Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">
  3. Restart JIRA and verify it can be accessed on the base URL (for example http://www.atlassian.com/jira). You may receive some errors about the dashboard being incorrectly configured - we'll fix this in the next section.

Configure the Connector

  1. Configure the HTTP connectors so we have one serving as a proxy connector and another for troubleshooting. This is done in the same <JIRA-INSTALL>/conf/server.xml file, locate this code segment:

    <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/>
  2. And add the proxyName and proxyPort elements (replacing them with the appropriate properties), and another connector below - this is used for troubleshooting to bypass the proxy:

    <!-- Nginx Proxy Connector -->
    <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
    proxyName="www.atlassian.com" proxyPort="80"/> 
     
    <!-- OPTIONAL,Nginx Proxy Connector with https -->
    <Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
    proxyName="www.atlassian.com" proxyPort="443" scheme="https" secure="true"/> 
     
    <!-- Standard HTTP Connector -->
    <Connector port="8082" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/>

Configure Nginx

  1. Update the Nginx settings to have the below server (replacing www.atlassian.com with the FQDN and jira-hostname with the hostname of the server):

    server {
        listen www.atlassian.com:80;
        server_name www.atlassian.com;
        location /jira {
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
            proxy_pass http://jira-hostname:8080/jira;
            client_max_body_size 10M;
        }
    }

    (info) By default Nginx allows 1MB file to be attached into JIRA. So, parameter client_max_body_size is necessary to set the maximum size of attachment that can be uploaded into JIRA

  2. If configuring SSL, follow the instructions in https://mozilla.github.io/server-side-tls/ssl-config-generator/ to generate the profile.
  3. If you want to redirect HTTP to HTTPS the below can be used instead of the above block (remember to replace www.atlassian.com with the FQDN):

    server {
            listen  80 default_server;
            listen  [::]:80 default_server ipv6only=on;
            server_name atlassian.com www.atlassian.com;
            return  301 https://$server_name$request_uri;
    }
  4. If configuring SSL, ensure the security config from https://mozilla.github.io/server-side-tls/ssl-config-generator/ is used.
  5. Restart Nginx.

Test JIRA

  1. Restart JIRA and verify it can be accessed on the base URL (for example http://www.atlassian.com/jira) and also the 8081 port (e.g.: http://www.atlassian.com:8080/jira).
  2. For normal operation of JIRA you will also need to set the base URL accordingly. In this example the base URL shall be set to http://www.atlassian.com/jira.
  3. Disable GZIP compression as described in Configuring JIRA Options.

Notes

  • For the settings above to take effect you need to restart both JIRA and Nginx.
  • (warning) If you are facing loading problem with a page in JIRA, you will need to increase proxy_buffer_size to 8k. The default value for proxy_buffer_size is set to the page size of your system which on an x86/x86_64 is 4k.
  • (warning) If you encounter problems with input validation, it might be caused by the gzip compression enabled in reverse proxying. Such issue is described in the Creating a Confluence Gadget in JIRA Fails article.
  • If you encounter problems creating triggers when linked to Stash, please see the resolution described in the Unable to create Stash trigger in JIRA when using Nginx article.
Last modified on Apr 17, 2016

Was this helpful?

Yes
No
Provide feedback about this article

Not finding the help you need?

Ask the community

Powered by Confluence and Scroll Viewport.