23 May, 2025

Office Address

123/A, Miranda City Likaoli
Prikano, Dope

Phone Number

+0989 7876 9865 9

+(090) 8765 86543 85

Email Address

info@example.com

example.mail@hum.com

Nginx

Configure Jira server to run behind a NGINX reverse proxy

Configure Jira server to run behind a NGINX reverse proxy

Purpose

This page describes a possible way to use Nginx to proxy requests for Jira running in a standard Tomcat container. You can find additional documentation that explains how to use Apache mod_proxy for the very same purpose.

Solution

In this example, we want a setup where Jira can be accessed at the address http://jira.sysman.vn (on standard HTTP port 80), while Jira itself listens on port 8080 with context path /.

Set the Context Path (Skip in this example)

If you want Jira to server on http://doc.sysman.vn/jira:

  • Set your Jira application path (the part after hostname and port). To do this in Tomcat (bundled with Jira), edit <Jira-Install>/conf/server.xml, locate the “Context” definition: 
<Context docBase="${catalina.home}/atlassian-jira" path="" reloadable="false" useHttpOnly="true">
  • Change the path to the below:
<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">
  • Restart Jira and verify it can be accessed on the base URL (for example  http://doc.sysman.vn/jira). You may receive some errors about the dashboard being incorrectly configured – we’ll fix this in the next section.

Configure the Connector

  • And add the proxyName and proxyPort elements (replacing them with the appropriate properties), and another connector below – this is used for troubleshooting to bypass the proxy.
server  {
        listen 80;
        server_name jira.sysman.vn;
        # Only allow GET, HEAD and POST request methods. Since this a proxy you may
        # want to be more restrictive with your request methods. The calls are going
        # to be passed to the back end server and nginx does not know what it
        # normally accepts, so everything gets passed. If we only need to accept GET
        # HEAD and POST then limit that here.
        if ($request_method !~ ^(GET|HEAD|POST)$ ) {
                return 405;
        }
        return 301 https://$server_name$request_uri;
        }
server  {
        listen          443 ssl;
        server_name     jira.sysman.vn;
        access_log      /var/log/nginx/jira_sysman-access.log;
        ssl_certificate /etc/nginx/ssl/certfile.crt;
        ssl_certificate_key /etc/nginx/ssl/privatefile.key;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        # nginx 1.5.9+ or higher
        # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
        # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
        # spdy_headers_comp 6;
        # ssl_buffer_size 4k;
        # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
        # ssl_dhparam /etc/nginx/ssl/dhparam.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA';
        ssl_prefer_server_ciphers on;
        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
        add_header Strict-Transport-Security max-age=15768000;
        # Only allow GET, HEAD and POST request methods. Since this a proxy you may
        # want to be more restrictive with your request methods. The calls are going
        # to be passed to the back end server and nginx does not know what it
        # normally accepts, so everything gets passed. If we only need to accept GET
        # HEAD and POST then limit that here.
        add_header X-Frame-Options "SAMEORIGIN";
        if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT|PATCH|OPTIONS)$ ) {
                return 405;
        }

        location /confluence {
        client_max_body_size 100m;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://ip-jira-server:8080/confluence;
        }

        location / {
        client_max_body_size 100m;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://ip-jira-server:8080/;
        }
}

Notes

  • For the settings above to take effect, you need to restart both Jira and Nginx.
About Author

Sysman

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *