Install Jira on Ubuntu with Nginx, RDS and Let’s Encrypt 2023

sudo apt update
sudo apt upgrade

Step 1: Download Jira Core

You can download the latest version of Jira from the official Atlassian website. The version we are going to install is JIRA Core 9.9.0.

SSH to your server or instance and start downloading Jira.

wget https://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-core-9.9.0-x64.bin

Once the file is downloaded, make the file executable.

sudo chmod a+x atlassian-jira-core-9.9.0-x64.bin

Now you can start the installation.

Step 2: Install Jira

Run the installation file.

sudo ./atlassian-jira-core-9.9.0-x64.bin

Now you will get…

Output
We couldn't find fontconfig, which is required to use OpenJDK. Press [y, Enter] to install it.

Enter y followed by Enter and start the installation.

When you are prompted to choose the Installation type, you can choose Custom Install by typing 2 and Enter

Install JIRA as Service? Type y

You can configure other steps with the default.

Finally you will get the overview of your installation.

Details on where JIRA Core will be installed and the settings that will be used.
Installation Directory: /opt/atlassian/jira 
Home Directory: /var/atlassian/application-data/jira 
HTTP Port: 8080 
RMI Port: 8005 
Install as service: Yes 
Install [i, Enter], Exit [e]

Now enter i to start the installation.

Once the installation is complete you can start Jira when prompted.

You will receive an output similar to the one below. This indicated Jira is installed successfully and running on port 8080.

Output
Installation of JIRA Core 8.6.1 is complete
Your installation of JIRA Core 8.6.1 is now ready and can be accessed via
your browser.
JIRA Core 8.6.1 can be accessed at http://localhost:8080
Finishing installation …

Step 3: Configure Tomcat for Nginx

Now you can configure Tomcat setting for Nginx reverse proxy.

Stop Jira.

sudo service jira stop

Edit your server.xml and replace the connector and the context.

sudo nano /opt/atlassian/jira/conf/server.xml

Replace

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

with (add a / symbol in the path)

<Context path="/" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

Scroll up to find the default connector and add the proxyName, proxyPort, scheme and secure. So the connector looks like the one below.

<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="Special characters" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true" proxyName="jira.domain.com"  proxyPort="443" scheme="https" secure="true"/>

Hit CTRL + X followed by Y and ENTER to save and exit the file.

Step 4: Restart Jira

Once the setup is done, you can start the Jira.

sudo service jira start

If you get any error while restarting, the catalina.pid file hasn’t been deleted while stopping. So you need to delete the file manually and start Jira.

sudo su
sudo rm -rf  /opt/atlassian/jira/work/catalina.pid
exit
sudo service jira start

Once the restart is successful you can install and configure Nginx.

Step 5: Install Nginx

sudo apt install nginx

Remove default Nginx configuration.

sudo rm -rf /etc/nginx/sites-available/default
sudo rm -rf /etc/nginx/sites-enabled/default

Step 6: Configure Nginx reverse Proxy

Create a new configuration file for Jira.

sudo nano /etc/nginx/sites-available/jira.conf

Add the following configurations.

server {
     listen [::]:80;
     listen 80;

     server_name jira.domain.com;

     location / {
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Server $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass http://localhost:8080;
         client_max_body_size 10M;
     }
 }

Hit Ctrl+X followed by Y and Enter to save the file and exit.

To enable this newly created website configuration, symlink the file that you just created into the sites-enabled directory.

sudo ln -s /etc/nginx/sites-available/jira.conf /etc/nginx/sites-enabled/jira.conf

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Step 7: Install Let’s Encrypt SSL for Jira

HTTPS
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to your audiences.

sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install python-certbot-nginx

Now we have installed Certbot by Let’s Encrypt for Ubuntu 18.04, run this command to receive your certificates.

sudo certbot --nginx certonly

Enter your email and agree to the terms and conditions, then you will receive the list of domains you need to generate SSL certificate.

To select all domains simply hit Enter

The Certbot client will automatically generate the new certificate for your domain. Now we need to update the Nginx config.

Redirect HTTP Traffic to HTTPS

Open your site’s Nginx configuration file add replace everything with the following. Replacing the file path with the one you received when obtaining the SSL certificate. The ssl_certificate directive should point to your fullchain.pem file, and the ssl_certificate_key directive should point to your privkey.pem file.

server {
     listen [::]:80;
     listen 80;

     server_name jira.domain.com;

     return 301 https://jira.domain.com$request_uri;
 }

 server {
     listen [::]:443 ssl;
     listen 443 ssl;

     server_name jira.domain.com;

     ssl_certificate /etc/letsencrypt/live/jira.domain.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/jira.domain.com/privkey.pem;

     location / {
         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Server $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass http://localhost:8080;
         client_max_body_size 10M;
     }
 }

Hit CTRL+X followed by Y to save the changes.

Check your configuration and restart Nginx for the changes to take effect.

sudo nginx -t
sudo service nginx restart

Renewing SSL Certificate

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. Now you set up a cronjob to check for the certificate which is due to expire in next 30 days and renew it automatically.

sudo crontab -e

Add this line at the end of the file

0 0,12 * * * certbot renew >/dev/null 2>&1

Hit CTRL+X followed by Y to save the changes.

This cronjob will attempt to check for renewing the certificate twice daily.

Step 7: Confirm the Installation

Now you can point your browser to the Jira URL. You will see the Jira Setup page. Now you can configure it yourself.

You can follow the on-screen details to set up Jira completely by using your RDS database credentials.

Also,  read List Users in Linux 2023