Loading...

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: 8.13.0, 8.14.0, 8.15.0, 8.16.0, 8.17.0, 8.18.0, 8.19.0, 8.20.0, 8.21.0, 8.22.0, 9.0.0, 9.1.0, 9.2.0
Affects Version/s: 7.13.0, 8.5.0, 8.13.0, 8.20.0
Component/s: Documentation - All
Labels:
- rbst

Introduced in Version:
7.13
Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Description

Issue Summary

The documentation for Running Jira Applications over SSL or HTTPS provides an invalid XML <Connector> specification in Step2. Update Tomcat with the KeyStore

It specify non-xml-encoded characters in the relaxedQueryCharacters attribute that was added as part of Jira 7.13 era changes as required by Tomcat.

Invalid specification

<Connector relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxHttpHeaderSize="8192" SSLEnabled="true"
              maxThreads="150" minSpareThreads="25"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              sslEnabledProtocols="TLSv1.2,TLSv1.3"
              clientAuth="false" useBodyEncodingForURI="true"
              keyAlias="jira" keystoreFile="<Jira_HOME>/jira.jks" keystorePass="changeit" keystoreType="JKS"/>

This will result in the following error on startup:

30-Aug-2022 10:35:09.439 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Element type "Connector" must be followed by either attribute specifications, ">" or "/>".
30-Aug-2022 10:35:09.439 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server. Server instance is not configured.
NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
30-Aug-2022 10:35:53.016 SEVERE [main] org.apache.tomcat.util.digester.Digester.fatalError Parse Fatal Error at line 35 column 84: Element type "Connector" must be followed by either attribute specifications, ">" or "/>".
	org.xml.sax.SAXParseException; systemId: file:/home/allewellyn/msb/jira/atlassian-jira-software-8.20.10-standalone/conf/server.xml; lineNumber: 35; columnNumber: 84; Element type "Connector" must be followed by either attribute specifications, ">" or "/>".
		at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:204)
		at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:400)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:327)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(XMLScanner.java:1465)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.seekCloseOfStartTag(XMLDocumentFragmentScannerImpl.java:1433)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1362)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2710)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
		at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:534)
		at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:888)
		at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:824)
		at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
		at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1216)
		at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:635)
		at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1496)
		at org.apache.catalina.startup.Catalina.load(Catalina.java:618)
		at org.apache.catalina.startup.Catalina.load(Catalina.java:669)
		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
		at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
		at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
		at java.base/java.lang.reflect.Method.invoke(Method.java:566)
		at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:305)
		at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:475)

Correct Specification

<Connector relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
              maxHttpHeaderSize="8192" SSLEnabled="true"
              maxThreads="150" minSpareThreads="25"
              enableLookups="false" disableUploadTimeout="true"
              acceptCount="100" scheme="https" secure="true"
              sslEnabledProtocols="TLSv1.2,TLSv1.3"
              clientAuth="false" useBodyEncodingForURI="true"
              keyAlias="jira" keystoreFile="<Jira_HOME>/jira.jks" keystorePass="changeit" keystoreType="JKS"/>

Attachments

Issue Links

was cloned as

JRASERVER-74251 Apache SSL Documentation for server.xml Connector is incorrect

Closed

Mentioned in

Bugfixing & feedback processing in Jira DC: JRASERVER-74250

SSL Documentation for server.xml Connector is incorrect