Y
Y
Yermek2021-10-21 10:22:57
Nginx
Yermek, 2021-10-21 10:22:57

Why is jira not properly proxied through nginx?

Hello! I have the following container configuration

docker-compose.yml
jira:
    container_name: jira-server
    image: "atlassian/jira-software:latest"
    restart: always
    volumes:
      - ./data/jiraVol:/var/atlassian/application-data/jira
    expose:
      - '8080'
    ports:
      - 8080:8080
    environment:
      TZ: "Asia/Almaty"
      ATL_PROXY_NAME: 'mc.dsdk.kz'
      ATL_PROXY_PORT: '443'
      ATL_TOMCAT_CONTEXTPATH: 'jira'
      ATL_TOMCAT_SECURE: 'true'
      ATL_TOMCAT_SCHEME: 'https'

and nginx (borrowed from here )
nginx.conf
location /jira {
            proxy_pass http://jira-server:8080/jira;

            client_max_body_size 10m;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
        }


when accessing, https://myhost.kz/jiraI have the following picture:
61711081a0374642239504.png
'
It turns out that when receiving pages, everything is OK, when receiving resources (css, js ....) a 404 error occurs. URLs inside are formed correctly (with jira prefix)

screenshot of urls
6171153222177509997491.png


Judging by these entries from the nginx logs
nginx logs
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"                                                                                                             
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css?agile_global_admin_condition=true&jag=true HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"


I suspect that the resources work out some other rule. Please tell me what needs to be corrected in the conf file in order to correctly resolve the routes (resources were worked out by the correct container)

nginx-ssl.conf
# user  www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {

    upstream backend {
        server app-server:9000;
    }


    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  3600;

    map $http_host $this_host {
        "" $host;
        default $http_host;
    }

    map $http_x_forwarded_proto $the_scheme {
        default $http_x_forwarded_proto;
        "" $scheme;
    }

    map $http_x_forwarded_host $the_host {
        default $http_x_forwarded_host;
        "" $this_host;
    }

    server {
        listen 80;
        server_name myhost.kz;
        # server_tokens off;

        # windnow: changed to `location`
        # rewrite ^ https://$host$request_uri? permanent;

        location / {
            return 301 https://$host$request_uri;
        }

        location ~ ^/\.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        location ~ ^/GponForm/diag_Form {
                        return 444;
        }
    }

    server {
        listen 443 ssl http2;

        keepalive_timeout   3600;
        ssl_certificate /etc/nginx/certs/live/myhost.kz/fullchain.pem;
        ssl_certificate_key /etc/nginx/certs/live/myhost.kz/privkey.pem;
        include /etc/nginx/certs/options-ssl-nginx.conf;
        ssl_dhparam /etc/nginx/certs/ssl-dhparams.pem;

        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        root /var/www/html;
        client_max_body_size 10G; # 0=unlimited - set max upload size
        fastcgi_buffers 128 8K;

        gzip off;

        index index.php;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;

        rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
        rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }

        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location / {
            rewrite ^/remote/(.*) /remote.php last;
            rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
            try_files $uri $uri/ =404;
        }

        location ~* ^/ds-vpath/ {
            rewrite /ds-vpath/(.*) /$1  break;
            proxy_pass http://onlyoffice-document-server;
            proxy_redirect     off;

            client_max_body_size 100m;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
            proxy_set_header X-Forwarded-Proto $the_scheme;
        }

        location /jira {
            proxy_pass http://jira-server:8080/jira;

            client_max_body_size 10m;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
        }

        location ~ \.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_pass backend;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            fastcgi_read_timeout 3600;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the location ~ \.php(?:$|/) { block
        location ~* \.(?:css|js)$ {
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers
            add_header Referrer-Policy "no-referrer" always;
            add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
            add_header X-Content-Type-Options nosniff;
            add_header X-Robots-Tag none;
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }

        # Optional: Don't log access to other assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
            access_log off;
        }

        location ~ ^/GponForm/diag_Form {
                        return 444;
        }
    }
}

Answer the question

In order to leave comments, you need to log in

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question