Thursday, 1 September 2011

Browse » Home » » » » Gadgets do not Display Correctly when Using SSL and Proxy Server

Gadgets do not Display Correctly when Using SSL and Proxy Server

Symptoms

After upgrading to JIRA 4.0.1 or later, gadgets may not render over https://www.mycompany.com/jira or https://jira.mycompany.com, but work fine over http.
You may see errors in the logs similar to this:
2010-02-12 13:12:25,881 http-17000-3 ERROR anonymous 47545x3x1 asaintprix /plugins/servlet/gadgets/dashboard-diagnostics [dashboard.internal.diagnostics.DiagnosticsServlet] DIAGNOSTICS: FAILED
com.atlassian.gadgets.dashboard.internal.diagnostics.UrlSchemeMismatchException: Detected URL scheme, 'http', does not match expected scheme 'https'
    at com.atlassian.gadgets.dashboard.internal.diagnostics.Diagnostics.checkExpectedScheme(Diagnostics.java:58)
    at com.atlassian.gadgets.dashboard.internal.diagnostics.Diagnostics.check(Diagnostics.java:30)

Cause

JIRA sits behind a reverse proxy or load balancer and doesn't know the URL scheme, hostname or port to connect to Tomcat. Gadgets therefore cannot resolve their path.

Resolution

Note that an SSL connection between Apache and Tomcat is usually unnecessary. That is, the SSL connection can be terminated at Apache Web Server, and the connection to Tomcat can run over HTTP.
Make sure you have properly configured the Tomcat connector port attributes as described in Integrating JIRA with Apache using SSL or Integrating JIRA with Apache. Note that an SSL connection between Apache and Tomcat is usually unnecessary. If you choose this option, you should change the attribute in your Tomcat Connector in conf/server.xml (if using stand-alone) or jira.xml (if using EAR/WAR) from secure="true" to secure="false".

Standard Connector Port where Tomcat handles SSL encryption
Notice in this example which shows our default connector port information secure="true". This is used when Tomcat is handling traffic over https. If Tomcat is not handling encryption, you'll need secure="false" as shown above.
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />

Advertisement:

No comments:

Post a Comment

Note: only a member of this blog may post a comment.