Its really simple, but Atlassian make it sound more complicated then it needs to be.
First thing you want to make the Tomcat process that Jira uses to only run on a self signed SSl cert, so all communication is encrypted.
Run this as root
/opt/atlassian/jira/jre/bin/keytool -genkey -alias tomcat -keyalg RSA -validity 1095
When asked, set the password to “changeit” without quotes
This will make a .keystore file in root’s home directory.
Move it to where jira can get to it easily.
mv /root/.keystore /opt/atlassian/jira/
make sure Jira is stopped
Now its time to Exit the server.xml
Find the original port 8080 connector section and commend it out by surrounding it in
Create a New Connector
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" proxyName="jira.domain.com" proxyPort="443" clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true" keystoreFile="/opt/atlassian/jira/.keystore"/>
Change your proxyName value to what it would be on your front end. Jira needs to know this so when it serves the page up it has correct links.
Start Jira, make sure there are no errors
Check your server on https://ipaddress:8443 and make sure it hosts the page correctly.
Then you can set your IIS or Apache Proxy to point to https://ipaddress:8443 and you can then serve as needed