Answer the question
In order to leave comments, you need to log in
Y
Y
Yermek2021-10-21 10:22:57
Yermek, 2021-10-21 10:22:57
Why is jira not properly proxied through nginx?
Hello! I have the following container configuration
docker-compose.yml
jira:
container_name: jira-server
image: "atlassian/jira-software:latest"
restart: always
volumes:
- ./data/jiraVol:/var/atlassian/application-data/jira
expose:
- '8080'
ports:
- 8080:8080
environment:
TZ: "Asia/Almaty"
ATL_PROXY_NAME: 'mc.dsdk.kz'
ATL_PROXY_PORT: '443'
ATL_TOMCAT_CONTEXTPATH: 'jira'
ATL_TOMCAT_SECURE: 'true'
ATL_TOMCAT_SCHEME: 'https'and nginx (borrowed from here )
nginx.conf
location /jira {
proxy_pass http://jira-server:8080/jira;
client_max_body_size 10m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}when accessing,
https://myhost.kz/jiraI have the following picture: 
'
It turns out that when receiving pages, everything is OK, when receiving resources (css, js ....) a 404 error occurs. URLs inside are formed correctly (with jira prefix)
screenshot of urls
Judging by these entries from the nginx logs
nginx logs
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css?agile_global_admin_condition=true&jag=true HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"I suspect that the resources work out some other rule. Please tell me what needs to be corrected in the conf file in order to correctly resolve the routes (resources were worked out by the correct container)
nginx-ssl.conf
# user www-data;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
upstream backend {
server app-server:9000;
}
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 3600;
map $http_host $this_host {
"" $host;
default $http_host;
}
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $this_host;
}
server {
listen 80;
server_name myhost.kz;
# server_tokens off;
# windnow: changed to `location`
# rewrite ^ https://$host$request_uri? permanent;
location / {
return 301 https://$host$request_uri;
}
location ~ ^/\.well-known/acme-challenge/ {
root /var/www/certbot;
}
location ~ ^/GponForm/diag_Form {
return 444;
}
}
server {
listen 443 ssl http2;
keepalive_timeout 3600;
ssl_certificate /etc/nginx/certs/live/myhost.kz/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/live/myhost.kz/privkey.pem;
include /etc/nginx/certs/options-ssl-nginx.conf;
ssl_dhparam /etc/nginx/certs/ssl-dhparams.pem;
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/html;
client_max_body_size 10G; # 0=unlimited - set max upload size
fastcgi_buffers 128 8K;
gzip off;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
location ~* ^/ds-vpath/ {
rewrite /ds-vpath/(.*) /$1 break;
proxy_pass http://onlyoffice-document-server;
proxy_redirect off;
client_max_body_size 100m;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
proxy_set_header X-Forwarded-Proto $the_scheme;
}
location /jira {
proxy_pass http://jira-server:8080/jira;
client_max_body_size 10m;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass backend;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
fastcgi_read_timeout 3600;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=15778463";
# Add headers to serve security related headers
add_header Referrer-Policy "no-referrer" always;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Robots-Tag none;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-XSS-Protection "1; mode=block" always;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
location ~ ^/GponForm/diag_Form {
return 444;
}
}
}
Similar questions
X
R
A
D
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question