Answer the question
In order to leave comments, you need to log in
Why is jira not properly proxied through nginx?
Hello! I have the following container configuration
jira:
container_name: jira-server
image: "atlassian/jira-software:latest"
restart: always
volumes:
- ./data/jiraVol:/var/atlassian/application-data/jira
expose:
- '8080'
ports:
- 8080:8080
environment:
TZ: "Asia/Almaty"
ATL_PROXY_NAME: 'mc.dsdk.kz'
ATL_PROXY_PORT: '443'
ATL_TOMCAT_CONTEXTPATH: 'jira'
ATL_TOMCAT_SECURE: 'true'
ATL_TOMCAT_SCHEME: 'https'
location /jira {
proxy_pass http://jira-server:8080/jira;
client_max_body_size 10m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
https://myhost.kz/jira
I have the following picture: 2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css?agile_global_admin_condition=true&jag=true HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"
# user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream backend {
server app-server:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 3600;
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
server {
listen 80;
server_name myhost.kz;
# server_tokens off;
# windnow: changed to `location`
# rewrite ^ https://$host$request_uri? permanent;
location / {
return 301 https://$host$request_uri;
}
location ~ ^/\.well-known/acme-challenge/ {
root /var/www/certbot;
}
location ~ ^/GponForm/diag_Form {
return 444;
}
}
server {
listen 443 ssl http2;
keepalive_timeout 3600;
ssl_certificate /etc/nginx/certs/live/myhost.kz/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/live/myhost.kz/privkey.pem;
include /etc/nginx/certs/options-ssl-nginx.conf;
ssl_dhparam /etc/nginx/certs/ssl-dhparams.pem;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 128 8K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~* ^/ds-vpath/ {
rewrite /ds-vpath/(.*) /$1 break;
proxy_pass http://onlyoffice-document-server;
proxy_redirect off;
client_max_body_size 100m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
proxy_set_header X-Forwarded-Proto $the_scheme;
}
location /jira {
proxy_pass http://jira-server:8080/jira;
client_max_body_size 10m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 3600;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers
add_header Referrer-Policy "no-referrer" always;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
location ~ ^/GponForm/diag_Form {
return 444;
}
}
}
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question