How to configure Jira via atlas-run/atlas-debug and ngrok proxy?

tbinna · May 9, 2019, 9:16am

I am trying to run Jira locally via atlas-run/atlas-debug and expose it via ngrok to the internet (HTTPS). If I just do atlas-run I get a bunch of [c.a.p.r.c.security.jersey.XsrfResourceFilter] Additional XSRF checks failed for request logs which, as far as I understand, are an effect of Tomcat not knowing about the ngrok proxy.

Basically, I want this, where Apache is ngrok proxy:

image source

How can I configure connector in server.xml for atlas-run?

Tried to configure default connector in target/container/tomcat8x/cargo-jira-home/conf/server.xml to add proxyName and proxyPort and change scheme to https. The problem here is that this config gets overridden with the default connector when I do atlas-run/atlas-debug.

Any help/hints or links to some secret hidden docs or community post that I didn’t manage to google yet would be appreciated.

Thanks!

tbinna · May 17, 2019, 5:04am

Does anyone know how to configure AMPS to set proxyName, proxyPort and scheme for the Tomcat container?

If I change the server.xml in target/container/tomcat8x/cargo-jira-home/conf/server.xml it gets reset to the standard config as soon as I do atlas-run/atlas-debug/atlas-run-standalone.

I managed to change the connector easily for a standard Jira installation (not started via AMPS, download purchased Jira app and start it) with the following config:

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
        maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
        maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
        acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
        proxyName="ea1129c9.ngrok.io" proxyPort="443"/>

jrichards · July 21, 2022, 12:30am

Hi @tbinna,

As far as I know, you can’t run atlas-debug behind a proxy. Deep down it uses Codehaus Cargo - Home so you might be able to get some info there and see if they have options (but I didn’t see any.)

However, what I do is use a regular Confluence or Jira install and adjust the server.xml to appear like you’re using atlas-debug. You would add proxyName and proxyPort as well.

So, what I do is

Update conf/server.xml to have the Connector with port="1990" or port="2990"
Update Context to have path="/confluence" or path="/jira"
For Confluence add CATALINA_OPS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5004 ${CATALINA_OPTS} or for Jira JVM_SUPPORT_RECOMMENDED_ARGS="-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005" to bin/setenv.sh

Then I run Confluence/Jira with bin/start-(confluence|jira).sh.

I can deploy the add-on with atlas-install-plugin. The thing you lose is the automatic install when rebuilding. But you do gain the ability to use a normal database, and make it persist between restarts.

Hope this helps.

Regards,
James

remie · July 21, 2022, 6:06am

You can configure it to use QuickReload. I’ve managed to do the same with the Docker image, so it should also be possible with local installation.

HendrikWinter · May 26, 2023, 5:41pm

Hi after struggling with this I’ve found a simple solution.

You can add the proxyName and proxyPort attributes to the Connector in the file “target/container/tomcat9x/apache-tomcat-9.0.65/conf/server.xml” instead. Add it to the connector with port 8080:

 <Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
            redirectPort="8443"
            proxyName="xxxx-xx-xx-xxx-xxx.ngrok-free.app" proxyPort="443"
            />

Atlas-run will take that connector and change the port to 1990 and make other changes but that way you can set the proxyName and proxyPort without a hassle for testing. The only issue is you can’t set the secure parameter because that will be overridden.

To get secure=“true” you can enable https in the pom.xml by doing the following:

[...]
<plugin>
    <groupId>com.atlassian.maven.plugins</groupId>
    <artifactId>confluence-maven-plugin</artifactId>
    <version>8.1.0</version>
    <extensions>true</extensions>
    <configuration>
              <useHttps>true</useHttps>
              <httpsPort>1990</httpsPort>
              <httpsKeystoreFile>${project.basedir}/tls.store</httpsKeystoreFile>
              <httpsKeystorePass>changeit</httpsKeystorePass>
              <jvmArgs>-Xms3000m -Xmx3000m</jvmArgs>
        [...]
    </configuration>
</plugin>
[...]

This will launch confluence under https://localhost:1990. You can generate the keystore like so:

keytool -genkey -alias tomcat -keyalg RSA -keystore tls.store

And then you can start ngrok like this:

ngrok http https://localhost:1990

I’ve studied the cargo docs for hours and tried different things but I got nothing to work.

Obviously you will need to run atlas-run once so that the files are unpacked and created.

Hope that helps.