setup jira run under build-in tomcat web server with https

URL Link //n.sfs.tw/15823

2022-05-08 13:19:07 By

in order to solve HTTPS behind reverse proxy causing Atlassian marketplace redirecting incapability issue,

our team leader decided to run Jira build-in tomcat web server directly.

here are the noting processes as a reminder,

first, Jira 7.6.1 provided a native configuration tool including CLI and GUI based on JAVA 8,

if you want to run it, alter the java version to 1.8 exactly, I tried JAVA 11, but not working.

and you need to set JAVA_HOME in your profile, before running the configuration tool.

then source your profile every time you run it.

profile settings under /etc/profile.d/java.sh

export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64/jre
export JAVA_PATH=$JAVA_HOME
export PATH=$PATH:$JAVA_HOME/bin

 

second, prepare SSL certification files, including both p12 and jks

import them using keytool into java secure library

third, run configuration tool under CLI,

if you wishing to run under GUI, you'll have to allow SSH X11 forwarding,

I ended up setting X authority file utility

references:

https://www.cyberciti.biz/faq/how-to-fix-x11-forwarding-request-failed-on-channel-0/

https://www.wongwonggoods.com/linux/linux-x11-forward/

I set up X11UseLocalhost to no with xauth yum package.

but CLI is good enough

following this manual: https://confluence.atlassian.com/adminjiraserver073/running-jira-applications-over-ssl-or-https-861253906.html

then goes to your jira installation location, in my case, at /opt/atlassian/jir/

finds server.xml under the conf folder,

you'll need to modify a package name or the Jira won't be able to startup,

inside your server.xml about <Connector> settings,

fix this:

protocol="org.apache.coyote.http11.Http11Protocol"

to this:

protocol="org.apache.coyote.http11.Http11NioProtocol"

you're done on running jira with build-in tomcat web server.

next is to import ssl certification into jira java keystore

jks and p12 type of file are needed

if you do not have these two certificate files, do steps as following first,

cat root.cer uca.cer > all.crt
###add privatekey to generate p12 formate encryption
openssl pkcs12 -export -chain -in server.cer -inkey privatekey.key -out jira2019.p12 -name jira2019 -CAfile all.crt
###using p12 to generate jks formate
/opt/atlassian/jira/jre/bin/keytool -importkeystore -destkeystore /opt/atlassian/jira/jre/lib/security/jira2019.jks -srckeystore jira2019.p12 -alias jira2019
 
steps above had import jks into keystore, do not need to execute steps belows.
 
or if you had them already,

#keytool -importkeystore -destkeystore /path/to/jira.jks -srckeystore /path/to/jira.p12 -alias jira

but java will complain about type of key, you'll have to transfer jks as pkcs12

#keytool -importkeystore -srckeystore /path/to/jira.jks -destkeystore /path/to/jira.jks -deststoretype pkcs12

then restart jira, that's all.