Jump to content
Welcome to our new Citrix community!

How to config Jira behind an ADC?


Recommended Posts

Hi folks

 

We'd an external Jira partner inhouse and we tried to configure ADC as reverse proxy from internet.

I made a simple LB/CS configuration but if we access to the Jira website there are strange messages.

 

We tried different configs of the Jira server.xml but nothing worked.

 

Has anyone of you an idea or maybe a complete installation guide? From the application vendor the only help is a configuration for a SSL over Apache/NGINX but nothing for real ADCs :-(

 

Thanks in advance

Urs

Link to comment
Share on other sites

We are successfully running JIRA because a Netscaler. For our scenario, we do SSL offload at the Netscaler and HTTP to the backend (JIRA) over port 8080.

 

For this type of configuration, you'll want to set your JIRA (Tomcat) server.xml's connector to have properties like the following, as described in the JIRA guide for reverse proxy:

<Connector
    ... 
    port="8080"
    secure="false"
    proxyName="real_hostname.yourcompany.com"
    proxyPort="443"
    scheme="https" />

port: represents the port the Jira service is running on. This will be the port for which the Netscaler service or service-group is configured.

secure: represents if connections from the Netscaler to the JIRA service are HTTP or SSL.

proxyName: represents the hostname that users will enter into their browser. This hostname will resolve to your Netscaler VIP (LBVS). This hostname will also need to used in the JIRA Base URL.

proxyPort: represents the port that users connect to from their browser.

scheme: represents the connection type for users from their browser.

 

For the above type of configuration, traffic will look like the following:

client -> Netscaler: https, port 443, e.g. https://real_hostname.yourcompany.com (this is what the JIRA base URL will be as well)

Netscaler -> JIRA: http, port 8080, e.g. http://ip.of.jira.server:8080

 

It's a good idea to have multiple Connector configs in your server.xml, so that you can always access JIRA directly if something with your Netscaler goes awry (this is also mentioned in above JIRA reverse proxy guide).

 

Hope that helps!

  • Like 1
Link to comment
Share on other sites

10 hours ago, Ross Bender said:

We are successfully running JIRA because a Netscaler. For our scenario, we do SSL offload at the Netscaler and HTTP to the backend (JIRA) over port 8080.

 

For this type of configuration, you'll want to set your JIRA (Tomcat) server.xml's connector to have properties like the following, as described in the JIRA guide for reverse proxy:


<Connector
    ... 
    port="8080"
    secure="false"
    proxyName="real_hostname.yourcompany.com"
    proxyPort="443"
    scheme="https" />

port: represents the port the Jira service is running on. This will be the port for which the Netscaler service or service-group is configured.

secure: represents if connections from the Netscaler to the JIRA service are HTTP or SSL.

proxyName: represents the hostname that users will enter into their browser. This hostname will resolve to your Netscaler VIP (LBVS). This hostname will also need to used in the JIRA Base URL.

proxyPort: represents the port that users connect to from their browser.

scheme: represents the connection type for users from their browser.

 

For the above type of configuration, traffic will look like the following:

client -> Netscaler: https, port 443, e.g. https://real_hostname.yourcompany.com (this is what the JIRA base URL will be as well)

Netscaler -> JIRA: http, port 8080, e.g. http://ip.of.jira.server:8080

 

It's a good idea to have multiple Connector configs in your server.xml, so that you can always access JIRA directly if something with your Netscaler goes awry (this is also mentioned in above JIRA reverse proxy guide).

 

Hope that helps!

 

Hi Ross,

 

thanks for your infos. Little bit offtopic, but did you get AAA to work in front of your CS for Jira including SSO?


Regards

Julian

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...