The Customer Portal is not loading when Jira is running behind a reverse proxy (or Load Balancer)
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Symptoms
When accessing the Jira Service Management Customer Portal, the portal is not loading and a blank page is displayed instead:
Expected results
The Customer Portal should load:
Diagnosis
- Jira is running behind a load balancer or reverse proxy
- The SSL protocol is configured at the load balancer (or reverse proxy) level
When checking the HAR file collected while replicating the issue (or the Network tab in the browser), we can see that Service Management is trying to load some Javascript via HTTP URLs, while Jira's Base URLs is configured using HTTPS:
When checking the Console logs, we can see an error saying that the page was blocked due to "mixed content"
1:4 Mixed Content: The page at 'https://JIRA_DOMAIN/servicedesk/customer/portal/1' was loaded over HTTPS, but requested an insecure script 'http://JIRA_DOMAIN/s/f4cbae4fba07da7db5e0b98c8ce4618e-CDN/wmo8yh/813000/6411e0087192541a09d88223fb51a6a0/add9c254b8e5b2bbfdb57038dcb349ab/_/download/contextbatch/js/jira.webresources:almond,customerportal,com.atlassian.analytics.analytics-client:js-events/batch.js?locale=en-US'. This request has been blocked; the content must be served over HTTPS.
There is a proxied Tomcat connector in the file <JIRA_INSTALLATION_FOLDER>/conf/server.xml, which is configured without the parameter scheme="https":
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8082" protocol="HTTP/1.1" redirectPort="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" useBodyEncodingForURI="true" proxyName="somehostname.com" proxyPort="443"/>
Cause
The Service Management code that builds the Javascript URLs is using the protocol that has been passed from the Tomcat connector (HTTP) rather than the protocole from the base URL defined in Jira (which is using HTTPS).
Since the Tomcat connector was not configured with the HTTPS scheme parameter, all the Javascript URLs were built using HTTP (instead of HTTPS). Since the Customer Portal is accessed from the browser via HTTPS, the browser automatically blocked the loading of the portal due to the mixed content.
Workaround
Add the parameter scheme="https" to the server.xml of the Jira application (or each Jira node of the cluster if using Jira Data Center)
<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8082" protocol="HTTP/1.1" redirectPort="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" useBodyEncodingForURI="true" proxyName="somehostname.com" proxyPort="443" scheme="https"/>- Restart each the Jira application (or each Jira node of the cluster if using Jira Data Center)