in Debian, Jira, Linux

How to solve URL scheme mismatch when running Jira behind a reverse proxy

I’m running Jira behind a Nginx proxy with SSL enabled. Jira was giving me this error message in the login:

We've detected a potential problem with JIRA's Dashboard configuration that your administrator can correct. Click here to learn more
 
We've detected a potential problem with JIRA's Dashboard configuration that your administrator can correct. Hide
Dashboard Diagnostics: Mismatched URL Scheme
 
JIRA is reporting that it is using the URL scheme 'http', which does not match the scheme used to run these diagnostics, 'https'. This is known to cause JIRA to construct URLs using an incorrect hostname, which will result in errors in the dashboard, among other issues.
 
The most common cause of this is the use of a reverse-proxy HTTP(S) server (often Apache or IIS) in front of the application server running JIRA. While this configuration is supported, some additional setup might be necessary in order to ensure that JIRA detects the correct scheme.
 
The following articles describe the issue and the steps you should take to ensure that your web server and app server are configured correctly:
 
    Gadgets do not display correctly after upgrade to JIRA 4.0
    Integrating JIRA with Apache
    Integrating JIRA with Apache using SSL
 
If you believe this diagnosis is in error, or you have any other questions, please contact Atlassian Support.
 
Detailed Error
 
com.atlassian.gadgets.dashboard.internal.diagnostics.UrlSchemeMismatchException: Detected URL scheme, 'http', does not match expected scheme 'https'

To solve it you need to edit the server.xml config file located in the Jira “installation directory”, by default: /usr/local/atlassian/jira.

Open the config file with a text editor and add these three lines in the Connector node (pico /usr/local/atlassian/jira/conf/server.xml):

...
    <Service name="Catalina">
        <Connector port="8103"
                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
 
<!-- Lines added to solve the URL scheme mismatch -->
        scheme="https"
        proxyName="example.org"
        proxyPort="443"
/>
...

Replace proxyName and proxyPort with the hostname and port of your reverse proxy.

Write a Comment

Comment

  1. Thank you for the fix!!
    I had nginx configured to re-direct
    jira.mysite.com to mysite.com:8080 using
    proxypass. And jira was complaining that I was accessing
    jira.mysite.com from jira.mysite.com! XD and this fixed the problem!

  2. You rock. Thank you! This worked great for SSL offload at an F5, nginx reverse proxy.

  3. Excellent Fix! Verified working behind Palo Alto LBs. Watch your syntax closely and remove the /> from behind disableUploadTimeout=”true” then append it to the end of the lines you add.

    Thanks a ton!

  4. Had this issue upgrading from version 6.2.3 to 7.1.6. The fix still worked but Tomcat wouldn’t start with the comment inside the Connector element. Once I removed the comment it worked.