Integrating JIRA with NGINX

This page describes a possible way to use Nginx to proxy requests for JIRA running in a standard Tomcat container. You can find additional documentation that explains how to use Apache mod_proxy for the very same purpose.

Configuring Tomcat

In this example, we want a setup where JIRA can be accessed at the address http://www.atlassian.com/jira (on standard HTTP port 80), while JIRA itself listens on port 8080 with context path /jira.

Set the Context Path

 If you want JIRA to serve on http://jira.atlassian.com skip this section.

1. Set your JIRA application path (the part after hostname and port). To do this in Tomcat (bundled with JIRA), edit <JIRA-INSTALL>/conf/server.xml, locate the “Context” definition:
   <Context docBase="${catalina.home}/atlassian-jira" path="" reloadable="false" useHttpOnly="true">

   1	<Context docBase="${catalina.home}/atlassian-jira" path="" reloadable="false" useHttpOnly="true">

2. Change the path to the below:
   <Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">

   1	<Context docBase="${catalina.home}/atlassian-jira" path="/jira" reloadable="false" useHttpOnly="true">

3. Restart JIRA and verify it can be accessed on the base URL (for example http://www.atlassian.com/jira). You may receive some errors about the dashboard being incorrectly configured – we’ll fix this in the next section.

Configure the Connector

1. Configure the HTTP connectors so we have one serving as a proxy connector and another for troubleshooting. This is done in the same <JIRA-INSTALL>/conf/server.xml file, locate this code segment:
   &lt;Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/&gt;

   1	<Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/>

2. And add the proxyName and proxyPort elements (replacing them with the appropriate properties), and another connector below – this is used for troubleshooting to bypass the proxy:
   &lt;!-- Nginx Proxy Connector --&gt; &lt;Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="www.atlassian.com" proxyPort="80"/&gt;    &lt;!-- OPTIONAL,Nginx Proxy Connector with https --&gt; &lt;Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="www.atlassian.com" proxyPort="443" scheme="https" secure="true"/&gt;   &lt;!-- Standard HTTP Connector --&gt; &lt;Connector port="8082" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/&gt;

   1 2 3 4 5 6 7 8 9 10

   <!-- Nginx Proxy Connector --> <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="www.atlassian.com" proxyPort="80"/>    <!-- OPTIONAL,Nginx Proxy Connector with https --> <Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="www.atlassian.com" proxyPort="443" scheme="https" secure="true"/>   <!-- Standard HTTP Connector --> <Connector port="8082" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"/>

Configure Nginx

1. Update the Nginx settings to have the below server (replacing www.atlassian.com with the FQDN and jira-hostname with the hostname of the server):
   server { listen www.atlassian.com:80; server_name www.atlassian.com; location /jira { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://jira-hostname:8080/jira; client_max_body_size 10M; } }

   1 2 3 4 5 6 7 8 9 10 11

   server {     listen www.atlassian.com:80;     server_name www.atlassian.com;     location /jira {         proxy_set_header X-Forwarded-Host $host;         proxy_set_header X-Forwarded-Server $host;         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         proxy_pass http://jira-hostname:8080/jira;         client_max_body_size 10M;     } }

    By default Nginx allows 1MB file to be attached into JIRA. So, parameter client_max_body_size is necessary to set the maximum size of attachment that can be uploaded into JIRA

2. If configuring SSL, follow the instructions in https://mozilla.github.io/server-side-tls/ssl-config-generator/ to generate the profile.
3. If you want to redirect HTTP to HTTPS the below can be used instead of the above block (remember to replace www.atlassian.com with the FQDN):
   server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name atlassian.com www.atlassian.com; return 301 https://$server_name$request_uri; }

   1 2 3 4 5 6

   server {         listen  80 default_server;         listen  [::]:80 default_server ipv6only=on;         server_name atlassian.com www.atlassian.com;         return  301 https://$server_name$request_uri; }

4. If configuring SSL, ensure the security config from https://mozilla.github.io/server-side-tls/ssl-config-generator/ is used.
5. Restart Nginx.

Test JIRA

1. Restart JIRA and verify it can be accessed on the base URL (for example http://www.atlassian.com/jira) and also the 8081 port (e.g.: http://www.atlassian.com:8080/jira).
2. For normal operation of JIRA you will also need to set the base URL accordingly. In this example the base URL shall be set to http://www.atlassian.com/jira.
3. Disable GZIP compression as described in Configuring JIRA Options.

Notes

• For the settings above to take effect you need to restart both JIRA and Nginx.
•  If you are facing loading problem with a page in JIRA, you will need to increase proxy_buffer_size to 8k. The default value for proxy_buffer_size is set to the page size of your system which on an x86/x86_64 is 4k.
•  If you encounter problems with input validation, it might be caused by the gzip compression enabled in reverse proxying. Such issue is described in the Creating a Confluence Gadget in JIRA Fails article.
• If you encounter problems creating triggers when linked to Stash, please see the resolution described in the Unable to create Stash trigger in JIRA when using Nginx article.