Disponível em: plano Enterprise
Disponível para: Jira on-premise (servidor/data center)
A segurança da camada de transporte mútua permite estabelecer uma conexão ainda mais segura entre sua instância do Jira e a Miro. A funcionalidade é compatível automaticamente em todos os planos Enterprise e não requer nenhuma configuração no lado da Miro.
⚠️ Observe que este artigo não apresenta instruções detalhadas, mas simplesmente fornece uma configuração de amostra e nosso certificado (no final do artigo). Consulte seu time de TI e os administradores do sistema, porque, dependendo da infraestrutura da sua rede, as etapas de configuração podem ser diferentes.
Escolha o método que você preferir e ajuste a configuração do NGINX que você tem usando um dos seguintes snippets. Certifique-se de substituir 127.0.0.1 pelo IP ou endereço da web da instância do Jira e insira nossos valores do certificado em vez de ENTER_MIRO_CERTIFICATE_HERE.
Como validar por meio do certificado
Encontre a amostra para a configuração do NGINX abaixo:
ssl_verify_client
optional;ssl_verify_depth
3;set $cert_old
"ENTER_OLD_MIRO_CERTIFICATE_HERE";set $cert_new
"ENTER_NEW_MIRO_CERTIFICATE_HERE";set $valid_cert_flag
0;location /jira/plugins/servlet/oauth/authorize {
proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect
off;}location /jira/login.jsp {
proxy_pass http://127.0.0.1/jira/login.jsp;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect
off;}location /jira {
if ($ssl_client_raw_cert ~ $cert_old) { set $valid_cert_flag 1; }
if ($ssl_client_raw_cert ~ $cert_new) { set $valid_cert_flag 1; }
if ($valid_cert_flag ! = 1) { return 403 "Invalid certificate\n"; }
proxy_pass http://127.0.0.1/jira;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
Como validar por meio da impressão digital do certificado
Encontre a amostra para a configuração do NGINX abaixo:
ssl_verify_client optional;
ssl_verify_depth
3;defina $fingerprint_old
"ENTER_OLD_FINGERPRINT_OF_MIRO_CERTIFICATE_HERE";defina $fingerprint_new
"ENTER_NEW_FINGERPRINT_OF_MIRO_CERTIFICATE_HERE";defina $valid_fingerprint_flag 0;
location /jira/plugins/servlet/oauth/authorize {
proxy_pass http://127.0.0.1/jira/plugins/servlet/oauth/authorize;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect
off;}location /jira/login.jsp {
proxy_pass http://127.0.0.1/jira/login.jsp;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect
off;}location /jira
{if ($ssl_client_fingerprint = $fingerprint_old) { set $valid_fingerprint_flag 1;
}if ($ssl_client_raw_cert = $fingerprint_new) { set $valid_fingerprint_flag 1;
}if ($valid_fingerprint_flag ! = 1) { return 403; }
proxy_pass http://127.0.0.1/jira;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10M;
proxy_redirect off;
}
Certificados da Miro
O certificado antigo é válido até 4 de abril de 2023.
--BEGIN
CERTIFICATE--MIIGpTCCBY2gAwIBAgIJAPi0WZHXQHmjMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljY XRlIEF1dGhvcml0eSAtIEcyMB4XDTIyMDMwMzA5MjExMloX
DTIzMDQwNDA5MjExMlowHjEcMBoGA1UEAxMTamlyYS1jYXJkcy5taXJvLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALUezlo2EoHrI180Fuke6/I7
LDTT3kucqW6mSHQTJ7l/UYetvsGzT6OxXChHtwXZp5nqwnd7uOz+jCUE0V5+nQUT
K9oP51bzR2LXcUAdohPkbcL9ofrA6ZETuOzdPe6uMJYb3pZBYFIFC2cdCyPyj
3T8QrpmbI4OgpP7LIHI+GlmTAgloy0y17vBms/9ofE6HKsHmV0NHZr6CagdQks7JUFwVSAfl8THkqHpKI3GOqVeHHyOe3+RH7y7lKIj+kNe+znv3iMpk67eJBJHkl+1IFxeqlRfW1e8EzjENQ2PtJAyEbsoPHAnRu1JdJOsF2Ld1zk7cbQ50YZLHEeY7sxh0CAwEAAaOCA00wggNJMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDA4BgNVH
R8EMTAvMC2gK6AphidodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczEtMzg4Ni5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXATA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATB2BggrBgEFBQcBAQrqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2Nlc
nRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjA3BgNVHREEMDAughNqaXJhLWNhcmRzLm1pcm8uY29tghd3d3klyYS1jYXJkcy5taXJvLmNvbTAdBgNVHQ4EFgQU2wiZ/76DT0QSteUPWyBAumMf5WcwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uA
AABf08VaA4AAAQDAEcwRQIgE4b1z73aHpEUm0t767CEbBs5k18P3VL9gde8ffcnS3ACIQDkdXZoHljAIGAV2Of4u/dADbx32RUQPC6y21BzRzVMHQB2ADXPGRu/sWxXvw+tTG1Cy7u2JyAmUeo/4SrvqAPDO9ZMAAABf08VaZIAAAQDAEcwRQIgPYI4uMSe59LnpJF1ivhe7axWAchcyzw3EuLlXMvfSckCIQDEp4u/8B8etyss1qa8yLnPvn6+UzwWDMvEDa90zuPWAB2AHoyjFTYty22IOo44FIe6YQWc DIThU070ivBOlejUutS
AAABf08Vag0AAAQDAEcwRQIgFUvaCCOxige+fuCmSCy/Qjo3Mw+XAtPLMzGWYppE
aSsCIQCZdcwDTSjKSKG4OuUO7c9Z1/kENm+BxNfXiJ1kCgW4nTANBgkqhkiG9w0B
AQsFAAOCAQEAf7Bxu7OZiL1188x1ewvIh2CA4jm/U9rJVecdLDylbxTzZBzez3hl
DEUgj5/V5t+CxubJJTzbi6h9gK7sEAEryO6EgO1kZNwKS4sRSKgCoURBBRxv1lEl
yTyuz8OEhgB5MsWFg2AhkUiiG
JJhHGCZeCaWJZQeAKnS+yVWHhC0u+f/OD58GvugrDlKbiha3WMu3dX1fe/7pIZLVi7Y4Xti2IMbi7DXb+Di315F+4UWZQM0pON8Q/pJyowcYPTSF7agUH8526DG43k71HLjKYDnrXi/4JeSl5M0hrwMz2un5hWuFBGbxjGJ9VSi1PY9bCx1CMj8p6q9/+DmsGd7mFj7CQ==--END CERTIFICATE----
O novo certificado é válido até 4 de abril de 2024.
--BEGIN
CERTIFICATE--MIIGpjCCBY6gAwIBAgIIFQn6dMANr6kwDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhd
GUgQXV0aG9yaXR5IC0gRzIwHcNMjMzA1MDcyOTAwWhcNMjQwNDA1MDcyOTAwWjAeMRwwGgYDVQQDExNqaXJhLWNhcmRzLm1pcm8uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR7OWjYSgesjXzQW6R7r8jssNPeS5ypbqZIdBMnuX9Rh62+wbNPo7FcKEe3BdmnmerCd3u47P6MJQTRXn6dBRMr2g/nVvNHYtdxQB2iE+Rtwv2h+sDpkRO47N097q4wlhvelkFgUgULZx0LI/KPd PxC
umZsjg6Ck/ssgcj4aWZMCCWjLTLXu8Gaz/2h8TocqweZXQ0dmvoJqB1CSzslQXBV
IB+XxMeSoekojcY6pV4cfIfI57f5EfvLuUoiP6Q177Oe/eIymTrt4kEkeSX7UgXF
6qVF9bV7wTOMQ1DY+0kDIRuyg8cCdG7Ul0k6wXYt3XOTtxtDnRhkscR5juzGHQID
AQABo4IDTzCCA0swDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMDgGA1UdH
wQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2RpZzJzMS01Mjk0LmNybDBdBgNVHSAEVjBUMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wCAYGZ4EMAQIBMHYGCCsGAQUFBwEBBGowaDAkBggrBgEFBQcwAYYYaHR0cDDovL29jc3AuZ29kYWRkeS5jb20vMEAGCCsGAQUFBzAChjRodHRwOi8vY2Vyd
GlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvZ2RpZzIuY3J0MB8GA1UdIwQYMBaAFEDCvSeOzDSDMKIz1/tss/C0LIDOMDcGA1UdEQwMC6CE2ppcmEtY2FyZHMubWlyby5jb22CF3d3dy5qaXJhLWNhcmRzLm1pcm8uY29tMB0GA1UdDgQWBBTbCJn/voNPRBK15Q9bIEC6Yx/lZzCCAYAGCisGAQB1nkCBAIEggFwBIIBbAFqAHcA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAA AGGsKyCWwAABAMASDBGAiEA1enIaQQS2O3/YkWzbO0grlm0oys/9KNpBwuQpkHj
eN0CIQCT3v6KQX4fAVCKbHsytHVAWuaajIH3nRC2eWtI9J1kRgB3AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABhrCsg0kAAAQDAEgwRgIhALLRymwv
Zvda+sJiaj5YwrD7Sq5UrDQyZpcj+qg9d8rZAiEAhdbDfHD7S6srDTuEE8uo6smb
r38An2L2qp9KV47AV4EAdgDatr9rP7W2Ip+bwrtca+hwk
XFsu1GEhTS9pD0wSNf7qwAAAYawrIPfAAAEAwBHMEUCIQCWaR7Xd1LxMWHQmE4Rti4Af5PKYlHBCHoTayb/baMuBQIgdEB2HKPQA9y4fjFdwIlPJjaTWkjzr1eDw8wwbv5vrMMwDQYJKoZIhvcNAQELBQADgEBAC6lyp+jDufdUwvT6lXOnAE4Ty40gMrc6qhMltIaFXYVZ9mgJFWAZ4YznQGQWZNpd1D7mjJXNxrqy+1I8zEcPIMGd1bwPDvPyVATI6z77D/WRLlqLV94QkesRauQDAz3iePjbOF0v119I
G2Syd/j27DSOyhimxlWzdcnt67tulotaU2hvp6myJb72/3/J5eeMrIGttZQRmfTPp0S31MSpdsVyvVy/BEUlV942etysxUAxpw2EFnEY+BClbTAGcNTmFSr3vWf1G22wRrclXqZGl8nmn/ITKS3RxmWhG9HT/olTsgrOAWkBSO09jSQk/6SksU8co9ftzjISgKAv1R43I=--END CERTIFICATE----
Maneiras de configurar
Há duas opções para escolher quando se trata de como a validação será verificada: