Stash integration functionality does not work properly when JIRA and Stash are behind SSL on subdomains

Summary

When JIRA and Stash are configured behind a reverse-proxy serving SSL on separate subdomains of the same domain, the following occurs:

• The JIRA Development Panel does not appear
• JIRA to Stash Triggers report as not being capable
• The JIRA Capabilities Warning appears in the Project Administration screen

Environment

• Apache reverse-proxy is configured with the following VirtualHosts:

  <VirtualHost *:443>
  	ServerName jira.example.com
  	DocumentRoot "/usr/local/var/www/htdocs"
  	<Proxy *>
  		Order deny,allow
  		Allow from all
  	</Proxy>
  
  	SSLEngine on
  
  	SSLCertificateFile "/usr/local/etc/apache2/2.2/server.crt"
  	SSLCertificateKeyFile "/usr/local/etc/apache2/2.2/server.key"
  
  	ProxyRequests           Off
  	ProxyPreserveHost       On
  
  	ProxyPass               /	http://example:8080/
  	ProxyPassReverse        /	http://example:8080/
  </VirtualHost>
  
  <VirtualHost *:443>
  	ServerName stash.example.com
  	DocumentRoot "/usr/local/var/www/htdocs"
  	<Proxy *>
  		Order deny,allow
  		Allow from all
  	</Proxy>
  
  	SSLEngine on
  
  	SSLCertificateFile "/usr/local/etc/apache2/2.2/server.crt"
  	SSLCertificateKeyFile "/usr/local/etc/apache2/2.2/server.key"
  
  	ProxyRequests           Off
  	ProxyPreserveHost       On
  
  	ProxyPass               /	http://example:7990/
  	ProxyPassReverse        /	http://example:7990/
  </VirtualHost>
  

• JIRA's server.xml:

          <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true" 
              scheme="https" proxyName="jira.example.com" proxyPort="443" secure="true"/> 
  

• Stash's server.xml:

          <Connector port="7990" protocol="HTTP/1.1"
                     connectionTimeout="20000"
                     useBodyEncodingForURI="true"
                     redirectPort="8443"
                     compression="on"
                  compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/javascript,application/x-javascript"
  		   proxyName="stash.example.com"
  		   proxyPort="443"
  		   scheme="https" />
  

Steps to Reproduce

1. Configure JIRA and Stash behind a reverse-proxy over SSL on separate subdomains. It can be easy to do this by setting /etc/hosts to 127.0.0.1 and using the above Apache config.
2. Access the Project Admin screen and click on Development Tools.
3. Attempt to view the development panel of an issue with a linked commit.
4. Attempt to add a workflow trigger.

Expected Results

1. The capabilities warning does not fail.
2. The development panel appears for the issue.
3. The workflow trigger capability check responds correctly.

Actual Results

All of those 3 actions fail with the attached errors.

Workaround

Either of the following will workaround the problem:

• Running JIRA & Stash over HTTP.
• Running JIRA & Stash over HTTPS on the same domain, using context paths. For example:
  • https://example.com/stash
  • https://example.com/jira
• Setup multiple IPs for the server and use IP addresses in Apache VirtualHost's, for example:

  NameVirtualHost *:443
  
  <VirtualHost 192.168.1.110:443>
     ServerName jira.example.com
  </VirtualHost>
  <VirtualHost 192.168.1.111:443>
     ServerName stash.example.com
  </VirtualHost>
  

Notes

This may be related to SNI in JIRA & Stash as per the attached issues.