Running JIRA with Firewall on Linux

Still need help?

The Atlassian Community is here for you.

Ask the community

This Knowledge Base article was written specifically for the Atlassian Server platform. Due to the Functional differences in Atlassian Cloud, the contents of this article cannot be applied to Atlassian Cloud applications.

Atlassian applications allow the use of Firewalls within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian cannot guarantee providing any support for it.

  • If assistance with configuration is required, please raise a question on Atlassian Answers.

Purpose

This documentation describes how to allow JIRA to run behind a Firewall (Iptables) on Linux. 

Verifying the Firewall rules

1- To make sure your firewall is enabled, run the following command (will also show the active rules):

iptables -nL


2 - Allowing the JIRA's port to be reached behind the firewall:

iptables -I INPUT -p tcp --dport 8080 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8080 -j ACCEPT
iptables -P OUTPUT ACCEPT

3 - Add these lines if you are running JIRA on port 8443:

iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8443 -j ACCEPT

4 - Allowing connections to JIRA from itself (to ensure you don't run into problems with gadget titles showing as __MSG_gadget)

iptables -t nat -I OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 8080


5 - Allowing the forward connections:

Add the following line on /etc/sysctl.conf
net.ipv4.ip_forward = 1

6 - To save the current rules, run the following command

service iptables save

7 - The last thing to do is restart the iptables service

service iptables reload

If you are running Centos 7, the management of firewall has changed. To disable the firewall follow the steps below:

Solution

Disable Firewalld

To disable firewalld, run the following command as root:

systemctl disable firewalld

Stop Firewalld

To stop firewalld, run the following command as root:

systemctl stop firewalld

Check the Status of Firewalld

To check the status of firewalld, run the following command as root:

systemctl status firewalld

If you prefer to keep Firewalld active, there are a few more steps to be taken:


Verifying the firewall rules on Firewalld

1- Allowing ports

Allow ports in permanent configuration (takes effect upon restart)

firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=8443/tcp

Allow ports temporarily (effective immediately, reverts to permanent configuration upon restart)

firewall-cmd --add-port=8080/tcp
firewall-cmd --add-port=8443/tcp


2- Add services

Allow ports in permanent configuration (takes effect upon restart):

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https

Allow ports temporarily (effective immediately, reverts to permanent configuration upon restart):

firewall-cmd --add-service=http
firewall-cmd --add-service=https


3- Configure forwarding

To finish, the following commands are required to configure the forwarding:

Change in permanent configuration (takes effect upon restart):

firewall-cmd --permanent --add-masquerade
firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --permanent --direct --add-rule ipv4 nat PREROUTING 1 -p tcp -d <jira-public-ip> --dport 443 -j REDIRECT --to-ports 8443

Change temporarily (effective immediately, reverts to permanent configuration upon restart):

firewall-cmd --add-masquerade
firewall-cmd --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --direct --add-rule ipv4 nat PREROUTING 1 -p tcp -d <jira-public-ip> --dport 443 -j REDIRECT --to-ports 8443

Description This documentation describes how to allow JIRA to run behind a Firewall (Iptables) on Linux. 
Product Jira
Platform Server
Last modified on Oct 16, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.