I'm trying to get a JIRA install to work behind a Pound proxy that is doing SSL termination/"acceleration". Unfortunately it seems that JIRA (Coyote) is redirecting to HTTPS when accessed:
C:\Users\Josh>openssl s_client -connect www:443
...
---
GET /support HTTP/1.1
Host: www
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://www/support/
Transfer-Encoding: chunked
Date: Sat, 21 Jul 2012 16:05:03 GMT
0
I can't figure out how to stop this... This is my Pound config:
ignorecase 1
listenhttps
address 10.3.0.12
port 443
cert "/usr/local/etc/bundle.pem"
service
headrequire "Host: www"
url "/support.*"
backend
address 10.3.0.16
port 8080
end
session
type cookie
ttl 1800
id "X-SA"
end
end
end
Is there any setting in Tomcat or JIRA that would affect this?
Glad you got it working. I'll try and add a bit of color to this in the event it's useful. When terminating SSL with an upstream device - a proxy, load balancer, etc., the downstream service won't know this. So your Tomcat was seeing normal HTTP traffic, specifically for a URI of just "/". At this point, Tomcat is doing an self referential redirect to /support/, where the application is configured.
When it does this, it builds the URI to use http://... instead of HTTPS://, as it's got literally no idea about the upstream proxy that is doing SSL. By adding the proxyPort and ProxyName directives, above, you've given Tomcat explicit awareness of an upstream device, so it'll now rebuild those redirects using https://, which will work.
--Matt
I figured it out, the proxy settings in Tomcat solved it (proxyPort and proxyName, IIRC).