Tool-Specific troubleshooting
      Back to home
      1. Help Center
      2. Troubleshooting and FAQs
      3. Tool-Specific troubleshooting

      Unito’s Full Guide to On-Premise Installations

      Whether you're using an on-premise installation of Jira, GitHub, or GitLab, here are some tips to get everything working right.

      What does this article cover?

      Unito currently supports Jira Server, Jira Cloud, Jira Service Management, and Jira Data Center. However, be advised that Atlassian will be sunsetting on-premise Jira support in February of 2024. 

      Determining the accessibility of an on-premise installation

      First, it's essential to verify whether your on-premise installation is accessible over the internet. If so, and it's not behind a firewall or VPN, you're good to go out-of-the-box.

      However, if your installation is behind a firewall or VPN, you'll need to perform additional configurations, which must be performed by someone familiar with your organization's customized installation.

      There are three ways to connect Unito to your on-premise installation of GitHub, Jira Server, or Data Center:

      Open firewall ports

      Configure your firewall and/or routers to open a specific port and forward traffic to your internal Jira or GitHub Enterprise server.

      Any port number is fine, as long as it forwards to an HTTPS-enabled port on your server. In the Unito web app, be sure to specify the port when you type in your server's address.

      You can also specify which IP addresses can access your open port for added security. Limit access to Unito's fixed IP addresses and your internal IP addresses.

      • Pros: This approach has the easiest setup for organizations with simple network infrastructures (e.g. with a single router). Also, administration is simple once the service is provisioned.

      • Cons: Opening ports in larger organizations can be a complex process involving multiple departments. Since this approach works at the network level (layer 3), there's no control over traffic contents (e.g. which API endpoints are called).

      Reverse proxy or API gateway

      Instead of exposing the app, you can use another server/service that is reachable over the internet to act as a proxy or frontend for your GitHub server or Jira Data Center. These are called reverse proxies, API Gateways, or Application Gateways. Some examples include Strong Loop, IBM, F5, Oracle, and NGINX.

      You can further secure access to the proxy by allowing access to only our IP addresses, by requesting our SSL client certificates, or by requiring custom HTTP headers. For these advanced configurations, we suggest you contact us, and we'll get you all set up in no time.

      • Pros: Secure. Flexible, with full control over communications.

      • Cons: Introduces a new software component (the proxy), which needs to be configured and managed.

      On-premise agent or tunneling


      A lightweight "agent" software sits in your infrastructure behind the firewall and initiates communication with the Unito infrastructure, thereby avoiding firewall issues. The agent then maintains a bi-directional connection (or tunnel) using the HTTPS protocol. In this scenario, none of your services are exposed to the Internet.

      As an agent, we recommend using ngrok. It supports end-to-end encryption and IP whitelisting, which provides a fully secured solution when limited to Unito's IP addresses (and your own office IPs). 

      • Pros: No need to open ports, expose an API, or touch the network infrastructure. Simple setup: lightweight agent software can run directly on the Jira or GitHub server, or in dedicated VM.

      • Cons: Separate software download, third-party solution.

      Troubleshooting

      Double-check your server URL

      Just be on the lookout for typos, extra spaces or a misspelling of Atlassian or GitHub.

      HTTPS

      Make sure your server is secure over HTTPS, and not just HTTP.

      1. Access your tool in a browser and login

      2. Ensure the address bar indicates a secure connection over HTTPS

      3. If not, contact your server administrator to have them secure your server.
         Here's some more info our HTTPS requirements and setup tips.

      Internet access

      Make sure your server is accessible via public Internet:

      1. Use any online website testing tool such as https://tools.pingdom.com/ to test access to your server from outside your corporate network. Just enter the full URL to access your tool.

      2. If the server is not reachable, contact your server administrator to discuss how it can be exposed to Unito's server.

      SSL/TLS configuration

      Make sure your server SSL/TLS certificate is correctly configured:

      1. Use any online SSL diagnostics tool (example) to test your configuration. Just enter the full URL to access your tool.

      2. If the diagnostics report a problem (often a missing "intermediate certificate"), contact your server administrator with the diagnostics results.

      Here's some more info on how to enable SSL/TLS client certificates.

      Note: while browsers can be more tolerant of incorrect SSL configurations, Unito's server enforce strict security constraints.

      Application configuration

      GitHub Enterprise, Jira, and GitLab servers require an in-app setup before they can be connected to Unito.

      On-premise URL domain validation

      With on-premise tools, security is doubly important. That's why when you add the domain for your server, we'll check if it matches one of your email addresses — or another verified domain. If it doesn't, you'll probably get this error.

      If you get this error, please reach out to us so we can resolve the issue.

      Troubleshooting a URL mismatch error

      Sometimes, when trying to connect an on-premise Jira server, you'll get a URL mismatch error. Here's our full guide for fixing this issue.

      Other on-premise tips

      We've created additional guides to help make sure your on-premise installation works flawlessly with Unito.

      How to enable SSL/TLS client certificates

      Check out our full guide for doing this here.

      What IP Addresses Does Unito Use?

      Here are our fixed IP addresses:

      54.82.172.192
      54.82.178.193
      notice the third number (178) is not the same for both IPs

      We also maintain the following fully qualified domain names (FQDN) to point to our IP addresses.

      a.infra-ip.unito.io
      b.infra-ip.unito.io

      How to use ngrok to connect your on-premise Jira server to Unito

      Check out our full guide for doing this here.

      Reach out to us if all else fails

      If you need help, don't hesitate to reach out to us.

      Just remember that your Jira server was set up specifically for your business, meaning that some specifications are unique to your business. Since we don't know these specifications, it will be difficult for us to know how your on-premise installation can best be configured for Unito. Make sure that the person who contacts Unito for support knows your on-premise installation's specifications.