Unito’s Full Guide to On-premise Installations

Whether you're using an on-premise installation of Jira, GitHub, or GitLab, here are some tips to get everything working right.

Atlassian will be sunsetting on-premise Jira support in February of 2024. If you'll be migrating to Cloud, you might want to finish that process before you start using Unito.

What does this article cover?

Identifying how accessible your on-premise installation is

Is your installation accessible over the internet?

If so, we support on-premise installations out of the box if they are accessible over the Internet (ie. not behind a firewall or VPN). You'll just need to follow a few additional steps, which are all described in the app.

Installations behind a firewall or VPN require additional configuration which can be performed by someone familiar with your customized installation. Here are the three ways you can connect Unito to your on-premise installation of Jira or GitHub.

Open firewall ports

Configure your firewall and/or routers to open a specific port and forward traffic to your internal Jira or GitHub Enterprise server. Any port number is fine, as long as it forwards to an HTTPS-enabled port on your server. Specify the port when you type in your server's address in the Unito app.

You can also specify which IP addresses can access your open port for added security. Limit access to Unito's fixed IP addresses and your internal IP addresses.

  • Pros: This approach has the easiest setup for organizations with simple network infrastructures (e.g. with a single router). Also, administration is simple once the service is provisioned.

  • Cons: Opening ports in larger organizations can be a complex process involving multiple departments. Since this approach works at the network level (layer 3), there's no control over traffic contents (e.g. which API endpoints are called).

Reverse proxy or API gateway

Instead of exposing the app, you can use another server/service that is reachable over the internet to act as a proxy or frontend for your Jira/GitHub servers. These are called reverse proxies, API Gateways, or Application Gateways. Some examples include Strong Loop, IBM, F5, Oracle, and NGINX.

You can further secure access to the proxy by allowing access to only our IP addresses, by requesting our SSL client certificates, or by requiring custom HTTP headers. For these advanced configurations, we suggest you contact us, and we'll get you all set up in no time.

  • Pros: Secure. Flexible, with full control over communications.

  • Cons: Introduces a new software component (the proxy), which needs to be configured and managed.

On-premise agent or tunneling


A lightweight "agent" software sits in your infrastructure behind the firewall and initiates communication with the Unito infrastructure, thereby avoiding firewall issues. The agent then maintains a bi-directional connection (or tunnel) using the HTTPS protocol. In this scenario, none of your services are exposed to the Internet.

As an agent, we recommend using ngrok (additional info below). It supports end-to-end encryption and IP whitelisting, which provides a fully secured solution when limited to Unito's IP addresses (and your own office IPs). 

  • Pros: No need to open ports, expose an API, or touch the network infrastructure. Simple setup: lightweight agent software can run directly on the Jira or GitHub server, or in dedicated VM.

  • Cons: Separate software download, third-party solution.

Configuring your on-premise installation for Unito

For some on-premise installations, there are a few steps you need to take before you can connect them to Unito. Here are full guides we've written to doing that for Jira and GitHub.

How to configure Jira for Unito access

How to configure GitHub Enterprise for Unito access

Troubleshooting

Double Check your Server URL

Sounds obvious but we've mistyped at Alassian and gitub so many times ourselves, we had to add this reminder.

HTTPS

Make sure your server is secure over HTTPS, and not just HTTP. Here's how you can check this: 

  1. Access your tool in a browser and login

  2. Ensure the address bar indicates a secure connection over HTTPS

  3. If not, contact your server administrator to have them secure your server.
     Here's some more info our HTTPS requirements and setup tips.

Internet access

Make sure your server is accessible over the public Internet:

  1. Use any online website testing tool such as https://tools.pingdom.com/ to test access to your server from outside your corporate network. Just enter the full URL you use to access your tool.

  2. If the server is not reachable, contact your server administrator to discuss how it can be exposed to Unito's server.

Here's some more info on connectivity for on-premise servers.

SSL/TLS configuration

Make sure your server SSL/TLS certificate is correctly configured:

  1. Use any online SSL diagnostics tool such as https://www.sslshopper.com/ssl-checker.html to test your configuration. Just enter the full URL you use to access your tool.

  2. If the diagnostics report a problem (often a missing "intermediate certificate"), contact your server administrator with the diagnostics results.

Here's some more info on how to enable SSL/TLS client certificates.

Note: while browsers can be more tolerant of incorrect SSL configurations, Unito's server enforce strict security constraints.

Application configuration

GitHub Enterprise, Jira, and GitLab servers require an in-app setup before they can be connected to Unito.

On-premise URL domain validation

With on-premise tools, security is doubly important. That's why when you add the domain for your server, we'll check if it matches one of your email addresses — or another verified domain. If it doesn't, you'll probably get this error.

If you get this error, please reach out to us so we can resolve the issue.

Troubleshooting a URL mismatch error

Sometimes, when trying to connect an on-premise Jira server, you'll get a URL mismatch error. Here's our full guide for fixing this issue.

Other on-premise tips

We've created additional guides to help make sure your on-premise installation works flawlessly with Unito.

How to enable SSL/TLS client certificates

Check out our full guide for doing this here.

What IP Addresses Does Unito Use?

Here are our fixed IP addresses:

54.82.172.192
54.82.178.193
notice the third number (178) is not the same for both IPs

We also maintain the following fully qualified domain names (FQDN) to point to our IP addresses.

a.infra-ip.unito.io
b.infra-ip.unito.io

How to use ngrok to connect your on-premise Jira server to Unito

Check out our full guide for doing this here.

Reach out to us if all else fails

If you need help, don't hesitate to reach out to us.

Just remember that your Jira server was set up specifically for your business, meaning that some specifications are unique to your business. Since we don't know these specifications, it will be difficult for us to know how your on-premise installation can best be configured for Unito. Make sure that the person who contacts Unito for support knows your on-premise installation's specifications.