Disponible sur : plan Enterprise
Disponible pour : Jira on-premise (Serveur / Centre de données)
Une sécurité de la couche de transport mutuelle permet d’établir une connexion encore plus sûre entre votre instance Jira et Miro. La fonctionnalité est automatiquement prise en charge pour tous les plans Enterprise et ne nécessite aucune configuration du côté de Miro.
⚠️ Notez que cet article ne propose pas d’instructions détaillées, il fournit simplement un exemple de configuration et notre certificat (à la fin de l’article). Veuillez consulter votre équipe informatique et vos admins système, car les étapes de configuration peuvent différer en fonction de votre infrastructure réseau.
Choisissez la méthode que vous préférez et ajustez la configuration NGINX que vous avez à l’aide de l’un des snippets suivants. Assurez-vous de remplacer 127.0.0.1 par l’adresse IP ou Web de votre instance Jira et de saisir notre certificat à la place de ENTER_MIRO_CERTIFICATE_HERE.
Validation via le certificat
Voici l’exemple de la configuration NGINX ci-dessous :
ssl_verify_client optional;
ssl_verify_depth 3;
set $cert_old "ENTER_OLD_MIRO_CERTIFICATE_HERE";
set $cert_new "ENTER_NEW_MIRO_CERTIFICATE_HERE";
set $valid_cert_flag 0;
location /jira/plugins/servlet/oauth/authorize {
proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
}
location /jira/login.jsp {
proxy_pass http://127.0.0.1/jira/login.jsp;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
}
location /jira {
if ($ssl_client_raw_cert ~ $cert_old) { set $valid_cert_flag 1; }
if ($ssl_client_raw_cert ~ $cert_new) { set $valid_cert_flag 1; }
if ($valid_cert_flag ! = 1) { return 403 "Invalid certificate\n"; }
proxy_pass http://127.0.0.1/jira;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
Validation via l’empreinte du certificat
Voici l’exemple de la configuration NGINX ci-dessous :
ssl_verify_client optional;
ssl_verify_depth 3;
set $fingerprint_old "ENTER_OLD_FINGERPRINT_OF_MIRO_CERTIFICATE_HERE";
set $fingerprint_new "ENTER_NEW_FINGERPRINT_OF_MIRO_CERTIFICATE_HERE";
set $valid_fingerprint_flag 0;
location /jira/plugins/servlet/oauth/authorize {
proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
}
location /jira/login.jsp {
proxy_pass http://127.0.0.1/jira/login.jsp;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
}
location /jira {
if ($ssl_client_fingerprint = $fingerprint_old) { set $valid_fingerprint_flag 1; }
if ($ssl_client_raw_cert = $fingerprint_new) { set $valid_fingerprint_flag 1; }
if ($valid_fingerprint_flag ! = 1) { return 403; }
proxy_pass http://127.0.0.1/jira;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
}
Certificats Miro
L’ancien certificat est valable jusqu’au 4 avril 2023.
-----BEGIN CERTIFICATE-----
MIIGpTCCBY2gAwIBAgIJAPi0WZHXQHmjMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD
VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa
MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0
cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj
dXJlIENlcnRpZmljY XRlIEF1dGhvcml0eSAtIEcyMB4XDTIyMDMwMzA5MjExMloX
DTIzMDQwNDA5MjExMlowHjEcMBoGA1UEAxMTamlyYS1jYXJkcy5taXJvLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUezlo2EoHrI180Fuke6/I7
LDTT3kucqW6mSHQTJ7l/UYetvsGzT6OxXChHtwXZp5nqwnd7uOz+jCUE0V5+nQUT
K9oP51bzR2LXcUAdohPkbcL9ofrA6ZETuOzdPe6uMJYb3pZBYFIFC2cdCyPyj 3T8
QrpmbI4OgpP7LIHI+GlmTAgloy0y17vBms/9ofE6HKsHmV0NHZr6CagdQks7JUFw
VSAfl8THkqHpKI3GOqVeHHyHyOe3+RH7y7lKIj+kNe+znv3iMpk67eJBJHkl+1IF
xeqlRfW1e8EzjENQ2PtJAyEbsoPHAnRu1JdJOsF2Ld1zk7cbQ50YZLHEeY7sxh0C
AwEAAaOCA00wggNJMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA4BgNVH R8EMTAvMC2gK6AphidodHRw
Oi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMzg4Ni5jcmwwXQYDVR0gBFYwVDBI
BgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQRq
MGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEF
BQcwAoY0aHR0cDovL2Nlc nRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5
L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjA3BgNV
HREEMDAughNqaXJhLWNhcmRzLm1pcm8uY29tghd3d3cuamlyYS1jYXJkcy5taXJv
LmNvbTAdBgNVHQ4EFgQU2wiZ/76DT0QSteUPWyBAumMf5WcwggF+BgorBgEEAdZ5
AgQCBIIBbgSCAWoBaAB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1u
A AABf08VaA4AAAQDAEcwRQIgE4b1z73aHpEUm0t767CEbBs5k18P3VL9gde8ffcn
S3ACIQDkdXZoHljAIGAV2Of4u/dADbx32RUQPC6y21BzRzVMHQB2ADXPGRu/sWxX
vw+tTG1Cy7u2JyAmUeo/4SrvqAPDO9ZMAAABf08VaZIAAAQDAEcwRQIgPYI4uMSe
59LnpJF1ivhe7axWAchcyzw3EuLlXMvfSckCIQDEp4u/8B8etyss1qa8yLnPvvn6
+UzwWDMvEDa90zuPWAB2AHoyjFTYty22IOo44FIe6YQWc DIThU070ivBOlejUutS
AAABf08Vag0AAAQDAEcwRQIgFUvaCCOxige+fuCmSCy/Qjo3Mw+XAtPLMzGWYppE
aSsCIQCZdcwDTSjKSKG4OuUO7c9Z1/kENm+BxNfXiJ1kCgW4nTANBgkqhkiG9w0B
AQsFAAOCAQEAf7Bxu7OZiL1188x1ewvIh2CA4jm/U9rJVecdLDylbxTzZBzez3hl
DEUgj5/V5t+CxubJJTzbi6h9gK7sEAEryO6EgO1kZNwKS4sRSKgCoURBBRxv1lEl
yTyuz8OEhgB5MsWFg2AhkUiiG JJhHGCZeCaWJZQeAKnS+yVWHhC0u+f/OD58Gvug
rDlKbiha3WMu3dX1fe/7pIZLVi7Y4Xti2IMbi7DXb+Di315F+4UWZQM0pON8Q/pJ
yowcYPTSF7agUH8526DG43k71HLjKYDnrXi/4JeSl5M0hrwMz2un5hWuFBGbxjGJ
9VSi1PY9bCx1CMj8p6q9/+DmsGd7mFj7CQ==
-----END CERTIFICATE-----
Le nouveau certificat est valable jusqu’au 4 avril 2024.
-----BEGIN CERTIFICATE-----
MIIGpjCCBY6gAwIBAgIIFQn6dMANr6kwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow
GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRz
LmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1
cmUgQ2VydGlmaWNhd GUgQXV0aG9yaXR5IC0gRzIwHhcNMjMwMzA1MDcyOTAwWhcN
MjQwNDA1MDcyOTAwWjAeMRwwGgYDVQQDExNqaXJhLWNhcmRzLm1pcm8uY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR7OWjYSgesjXzQW6R7r8jss
NNPeS5ypbqZIdBMnuX9Rh62+wbNPo7FcKEe3BdmnmerCd3u47P6MJQTRXn6dBRMr
2g/nVvNHYtdxQB2iE+Rtwv2h+sDpkRO47N097q4wlhvelkFgUgULZx0LI/KPd PxC
umZsjg6Ck/ssgcj4aWZMCCWjLTLXu8Gaz/2h8TocqweZXQ0dmvoJqB1CSzslQXBV
IB+XxMeSoekojcY6pV4cfIfI57f5EfvLuUoiP6Q177Oe/eIymTrt4kEkeSX7UgXF
6qVF9bV7wTOMQ1DY+0kDIRuyg8cCdG7Ul0k6wXYt3XOTtxtDnRhkscR5juzGHQID
AQABo4IDTzCCA0swDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdH wQxMC8wLaAroCmGJ2h0dHA6
Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS01Mjk0LmNybDBdBgNVHSAEVjBUMEgG
C2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMu
Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGow
aDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUF
BzAChjRodHRwOi8vY2Vyd GlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv
Z2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMDcGA1Ud
EQQwMC6CE2ppcmEtY2FyZHMubWlyby5jb22CF3d3dy5qaXJhLWNhcmRzLm1pcm8u
Y29tMB0GA1UdDgQWBBTbCJn/voNPRBK15Q9bIEC6Yx/lZzCCAYAGCisGAQQB1nkC
BAIEggFwBIIBbAFqAHcA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsA
A AGGsKyCWwAABAMASDBGAiEA1enIaQQS2O3/YkWzbO0grlm0oys/9KNpBwuQpkHj
eN0CIQCT3v6KQX4fAVCKbHsytHVAWuaajIH3nRC2eWtI9J1kRgB3AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhrCsg0kAAAQDAEgwRgIhALLRymwv
Zvda+sJiaj5YwrD7Sq5UrDQyZpcj+qg9d8rZAiEAhdbDfHD7S6srDTuEE8uo6smb
r38An2L2qp9KV47AV4EAdgDatr9rP7W2Ip+bwrtca+hwk XFsu1GEhTS9pD0wSNf7
qwAAAYawrIPfAAAEAwBHMEUCIQCWaR7Xd1LxMWHQmE4Rti4Af5PKYlHBCHoTayb/
baMuBQIgdEB2HKPQA9y4fjFdwIlPJjaTWkjzr1eDw8wwbv5vrMMwDQYJKoZIhvcN
AQELBQADggEBAC6lyp+jDufdUwvT6lXOnAE4Ty40gMrc6qhMltIaFXYVZ9mgJFWA
Z4YznQGQWZNpd1D7mjJXNxrqy+1I8zEcPIMGd1bwPDvPyVATI6z77D/WRLlqLV94
QkesRauQDAz3iePjbOF0v119I G2Syd/j27DSOyhimxlWzdcnt67tulotaU2hvp6m
yJb72/3/J5eeMrIGttZQRmfTPp0S31MSpdsVyvVy/BEUlV942etysxUAxpw2EFnE
Y+BClbTAGcNTmFSr3vWf1G22wRrclXqZGl8nmn/ITKS3RxxmWhG9HT/olTsgrOAW
kBSO09jSQk/6SksU8co9ftzjISgKAv1R43I=
-----END CERTIFICATE-----
Différentes façons de configurer
Vous pouvez choisir parmi deux options en ce qui concerne la vérification de la validation :