Configuration options for a local Jira Server

Learn how to securely integrate your local Jira Server (or Data Center) with Unito for seamless 2-way sync.

What does this article cover?

Unito currently supports Jira Server, Jira Cloud, Jira Service Management, and Jira Data Center. However, be advised that Atlassian ended support for all local server products in February of 2024. 

Unito enables you to connect your on-premise Jira Server or Data Center instance to other tools for powerful,  two-way data synchronization. This guide will walk you through optional steps for additional configurations.

Prerequisites before configuring

  • Confirm Accessibility: Ensure your Jira Server/Data Center instance is accessible over the internet. If it's behind a firewall or VPN, you'll need to configure it to allow access to Unito's servers.
  • Administrator Access: You'll need administrator privileges within Jira to complete the setup process.
  • Create an application link: An application link is a way to establish a trusted connection between Jira and another application, such as Unito. It allows for secure communication and data exchange between the two platforms. Here's a guide to setting up an application link in Jira Server.

Why do I need to create an application link?

  • Authentication: The application link enables Unito to authenticate with your Jira server, verifying its identity and ensuring secure access to your data.
  • Data Exchange: It provides a pathway for Unito to access Jira's APIs, allowing it to read and write data, such as issues, projects, and custom fields.
  • Security: Application links help protect your Jira data by controlling which applications can access it and what actions they can perform.

3 Methods for configuring your Jira Server's connection to Unito

There are three additional options for configuring  your Jira Server or Data Center to Unito.

Open firewall ports

Configure your firewall and/or routers to open a specific port and forward traffic to your internal Jira server. Any port is fine, but In the Unito app, be sure to specify the same port when you type in your server's address.

  • HTTPS: Make sure your Jira Server/Data Center is running over HTTPS (not HTTP).
  • IP Addresses: You can also specify which IP addresses can access your open port for added security. Limit access to Unito's fixed IP addresses and your internal IP addresses.

Benefits: This approach has the easiest setup for organizations with simple network infrastructures (e.g. with a single router). Also, administration is simple once the service is provisioned.

Drawbacks: Opening ports in larger organizations can be a complex process involving multiple departments. Since this approach works at the network level (layer 3), there's no control over traffic contents (e.g. which API endpoints are called).

Reverse proxy or API gateway

If you prefer not to directly expose your Jira Server or Data Center instance to the internet, you can use a reverse proxy or API gateway as an intermediary. This acts as a secure "front door" for your Jira instance, handling incoming requests from Unito and forwarding them to your internal server.

Common examples of reverse proxies and API gateways include Strong Loop, IBM, F5, Oracle, and NGINX.

Security Enhancement: You can configure the reverse proxy to only allow access from Unito'sIP addresses, add an extra layer of security with our SSL client certificates, or require custom HTTP headers.

For these advanced configurations, we suggest you contact us, and we'll get you all set up in no time.

Benefits:

  • Enhanced Security: Your Jira instance remains hidden behind the proxy, reducing its exposure to potential threats.
  • Flexibility: You gain granular control over how Unito communicates with your Jira server.

Drawbacks:

  • Additional Complexity: Setting up and managing a reverse proxy introduces a new component to your infrastructure, which requires additional configuration and maintenance.

On-premise agent or tunneling

An on-premise agent establishes a secure tunnel between your Jira server and Unito's infrastructure.

Recommendation:  We suggest using ngrok as your on-premise agent. It's a lightweight tool that supports end-to-end encryption and IP whitelisting for added security.

This method eliminates the need to open firewall ports or expose your Jira API directly to the internet. The agent software runs within your network, initiating communication with Unito and maintaining a secure connection over HTTPS.

Benefits:

  • Simplified Setup: No need to modify your firewall or expose your Jira API.
  • Enhanced Security: Your Jira server remains isolated from the public internet.
  • Flexible Deployment: The agent can run directly on your Jira server or within a dedicated virtual machine.

Considerations:

  • Third-Party Tool: You'll need to download and install the ngrok agent software.
  • Additional Resource: The agent requires some system resources to run.

Troubleshooting tips for local Jira server installations

If you encounter problems connecting your Jira server to Unito:

Check your server URL

  • Ensure the URL is accurate, including any necessary subdomains or port numbers.
  • Avoid typos, extra spaces, or incorrect spellings.

Verify HTTPS

Make sure your server is secure over HTTPS, and not just HTTP.

  1. Confirm that your Jira server is accessible via HTTPS (not HTTP).

  2. Open your Jira instance in a browser to check if the address bar indicates a secure connection.

  3. If not, contact your Jira administrator to enable HTTPS.

  4. For more information, see Unito's HTTPS requirements and setup tips. 

Test internet accessibility

Make sure your server is accessible via public Internet:

    • Use an online website testing tool like Pingdom Tools to check if your server is accessible from outside your network.
    • If not, consult your Jira administrator to make the server publicly accessible.

Validate SSL/TLS configuration

Make sure your server SSL/TLS certificate is correctly configured:

  1. Use an online SSL diagnostics tool (like SSL Labs) to verify your server's SSL/TLS certificate.
  2. If issues are found, provide the diagnostic results to your Jira administrator.
  3. You can also refer to our guide on how to enable SSL/TLS client certificates.
  4. If the diagnostics report a problem (often a missing "intermediate certificate"), contact your server administrator with the diagnostics results.

Application link:

If you're setting up a manual configuration, be sure to add an application link in Jira set up with the right permissions and authentication settings. 

Domain validation

With on-premise tools, security is doubly important. That's why when you add the domain for your server, we'll check if it matches one of your email addresses — or another verified domain. If it doesn't, you may see this error:

Troubleshooting a URL mismatch error

Sometimes, when trying to connect an on-premise Jira server, you'll get a URL mismatch error. Here's how to resolve a URL Mismatch Error when connecting Jira.

Other on-premise tips

We've created additional guides to help make sure your on-premise installation works flawlessly with Unito.

How to enable SSL/TLS client certificates

Check out our full guide to enabling SSL/TLS client certificates (Mutual TLS/mTLS).

What IP Addresses Does Unito Use?

Here are our fixed IP addresses:

54.82.172.192
54.82.178.193

We also maintain the following fully qualified domain names (FQDN) to point to our IP addresses.

a.infra-ip.unito.io
b.infra-ip.unito.io

Reach out to us if all else fails

If you've tried these troubleshooting steps and are still experiencing difficulties, our support team is ready to assist you. Please gather the following information before you contact Unito for support:

  • Jira Server/Data Center Version: The specific version of Jira you're using.
  • Configuration Details: Any relevant details about your server's configuration, such as firewall rules, proxy settings, or custom plugins.
  • Error Messages: Any error messages you've encountered during the connection process.