Whether you're using an on-premise installation of Jira, GitHub, or GitLab, here are some tips to get everything working right.What does this article cover?
- Determining the accessibility of an on-premise installation
- Configure your on-premise installation for Unito
- Other on-premise tips
- Reach out to us if all else fails
Unito currently supports Jira Server, Jira Cloud, Jira Service Management, and Jira Data Center. However, be advised that Atlassian will be sunsetting on-premise Jira support in February of 2024.
Determining the accessibility of an on-premise installation
First, it's essential to verify whether your on-premise installation is accessible over the internet. If so, and it's not behind a firewall or VPN, you're good to go out-of-the-box.
However, if your installation is behind a firewall or VPN, you'll need to perform additional configurations, which must be performed by someone familiar with your organization's customized installation.
There are three ways to connect Unito to your on-premise installation of GitHub, Jira Server, or Data Center:
Open firewall ports
Configure your firewall and/or routers to open a specific port and forward traffic to your internal Jira or GitHub Enterprise server.
Any port number is fine, as long as it forwards to an HTTPS-enabled port on your server. In the Unito web app, be sure to specify the port when you type in your server's address.
You can also specify which IP addresses can access your open port for added security. Limit access to Unito's fixed IP addresses and your internal IP addresses.
Pros: This approach has the easiest setup for organizations with simple network infrastructures (e.g. with a single router). Also, administration is simple once the service is provisioned.
Cons: Opening ports in larger organizations can be a complex process involving multiple departments. Since this approach works at the network level (layer 3), there's no control over traffic contents (e.g. which API endpoints are called).
Reverse proxy or API gateway
Instead of exposing the app, you can use another server/service that is reachable over the internet to act as a proxy or frontend for your GitHub server or Jira Data Center. These are called reverse proxies, API Gateways, or Application Gateways. Some examples include Strong Loop, IBM, F5, Oracle, and NGINX.
You can further secure access to the proxy by allowing access to only our IP addresses, by requesting our SSL client certificates, or by requiring custom HTTP headers. For these advanced configurations, we suggest you contact us, and we'll get you all set up in no time.
Pros: Secure. Flexible, with full control over communications.
Cons: Introduces a new software component (the proxy), which needs to be configured and managed.
On-premise agent or tunneling
A lightweight "agent" software sits in your infrastructure behind the firewall and initiates communication with the Unito infrastructure, thereby avoiding firewall issues. The agent then maintains a bi-directional connection (or tunnel) using the HTTPS protocol. In this scenario, none of your services are exposed to the Internet.
As an agent, we recommend using ngrok. It supports end-to-end encryption and IP whitelisting, which provides a fully secured solution when limited to Unito's IP addresses (and your own office IPs).
Pros: No need to open ports, expose an API, or touch the network infrastructure. Simple setup: lightweight agent software can run directly on the Jira or GitHub server, or in dedicated VM.
Cons: Separate software download, third-party solution.
Double-check your server URL
Just be on the lookout for typos, extra spaces or a misspelling of Atlassian or GitHub.
Make sure your server is secure over HTTPS, and not just HTTP.
Access your tool in a browser and login
Ensure the address bar indicates a secure connection over HTTPS
If not, contact your server administrator to have them secure your server.
Here's some more info our HTTPS requirements and setup tips.
Make sure your server is accessible via public Internet:
Use any online website testing tool such as https://tools.pingdom.com/ to test access to your server from outside your corporate network. Just enter the full URL to access your tool.
If the server is not reachable, contact your server administrator to discuss how it can be exposed to Unito's server.
Make sure your server SSL/TLS certificate is correctly configured:
Use any online SSL diagnostics tool (example) to test your configuration. Just enter the full URL to access your tool.
If the diagnostics report a problem (often a missing "intermediate certificate"), contact your server administrator with the diagnostics results.
Note: while browsers can be more tolerant of incorrect SSL configurations, Unito's server enforce strict security constraints.
GitHub Enterprise, Jira, and GitLab servers require an in-app setup before they can be connected to Unito.
On-premise URL domain validation
With on-premise tools, security is doubly important. That's why when you add the domain for your server, we'll check if it matches one of your email addresses — or another verified domain. If it doesn't, you'll probably get this error.
If you get this error, please reach out to us so we can resolve the issue.
Troubleshooting a URL mismatch error
Sometimes, when trying to connect an on-premise Jira server, you'll get a URL mismatch error. Here's our full guide for fixing this issue.
Other on-premise tips
We've created additional guides to help make sure your on-premise installation works flawlessly with Unito.
How to enable SSL/TLS client certificates
Check out our full guide for doing this here.
What IP Addresses Does Unito Use?
Here are our fixed IP addresses:
notice the third number (178) is not the same for both IPs
We also maintain the following fully qualified domain names (FQDN) to point to our IP addresses.
How to use ngrok to connect your on-premise Jira server to Unito
Check out our full guide for doing this here.
Reach out to us if all else fails
If you need help, don't hesitate to reach out to us.
Just remember that your Jira server was set up specifically for your business, meaning that some specifications are unique to your business. Since we don't know these specifications, it will be difficult for us to know how your on-premise installation can best be configured for Unito. Make sure that the person who contacts Unito for support knows your on-premise installation's specifications.