Uploaded image for project: 'JIRA Server (including JIRA Core)'
  1. JIRA Server (including JIRA Core)
  2. JRASERVER-34550

Unable to create AppLink to JIRA on a non-standard HTTPS port (other than 443)

    XMLWordPrintable

    Details

      Description

      Due to a bug in the Shared Access Layer, one of the libraries JIRA uses, attempts to connect over non-standard ports (such as 8443) will not work properly. This can cause AppLinks to fail when attempting to connect to JIRA as the 'Host' HTTP header is always missing the port, regardless of the actual URL.

      Example scenarios

      For affected versions in JIRA, refer to this issue. This table assumes the applications are listening on different IPs/ running on different servers so they can both listen on the same port numbers.

      JIRA affected? Port Target affected? Port Can establish Application Link?
      8443 443
      8443 8443
      443 443
      443 443
      443 8443
      8443 8443
      443 8443
      443 443

      This is a bug kept in place to track the problem in JIRA - when SAL is upgraded this problem will be resolved. Other products are kept track in the following issues:

      Any Atlassian application that has not had this bug fixed will require the workaround. For example, JIRA 6.1.3 is fixed however Confluence 5.3.1 is not so the applications would not be able to communicate with each other over HTTPS ports that are anything other than 443.

      Workaround 1 - altering server.xml

      Modify the remote application's server.xml to include the following arguments in the HTTPS Connector and restart the application:

      server.xml
      proxyName="remote application server name"
      proxyPort="remote application SSL port (e.g. 8443)"
      
      

      Workaround 2 - using a Reverse Proxy

      Host JIRA behind a reverse-proxy, such as Apache using Integrating JIRA with Apache using SSL.

      This will serve HTTPS on port 443 on Apache, however JIRA will be serving HTTP behind that proxy, effectively working around the problem. It is the recommendation of Atlassian Support to use this configuration over setting up HTTPS on Tomcat as the configuration of it is considered to be easier to achieve.

      Workaround 3 - using Tomcat

      Depending upon the application(s) that are affected, running them directly on port 443 can correct the problem as per our Application Stash seems to be offline in JIRA after creating an application link to Stash KB. This is only recommended for Windows installations as root access is required for Tomcat to listen on 443 - on Linux installs and this carries a significant security risk with it (if someone hacks Tomcat they have root access to the box).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                rtekhov Roman Tekhov
                Reporter:
                dcurrie@atlassian.com David Currie
              • Votes:
                45 Vote for this issue
                Watchers:
                87 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: