Just follow this guide

https://confluence.atlassian.com/adminjiraserver072/installing-jira-applications-on-linux-828787555.html

For DB

https://confluence.atlassian.com/adminjiraserver072/connecting-jira-applications-to-mysql-828787562.html

For enabling SSL with nginx as reverse proxy, add this to /opt/atlassian/jira/conf/server.xml

<Connector port="8081" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false" maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443" acceptCount="100" disableUploadTimeout="true"
proxyName="helpdesk.example.com" proxyPort="443" scheme="https" secure="true"/>

below this code

 <Service name="Catalina">
 
        <Connector port="8080"
 
                   maxThreads="150"
                   minSpareThreads="25"
                   connectionTimeout="20000"
 
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
                   bindOnInit="false"/>

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}
 
server {
 
    listen  443 ssl default_server;
    server_name helpdesk.example.com;
 
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache       shared:SSL:10m;
    ssl_session_timeout     10m;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA;
    ssl_certificate /etc/letsencrypt/live/helpdesk.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/helpdesk.example.com/privkey.pem;
 
 
    location / {
        proxy_pass http://localhost:8081;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
    }
}

If you get MSG_gadget error and in /opt/atlassian/jira/logs/catlina.out this

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

import the SSL server and intermediate certificate into Java trusted keystore

root@servicedesk:~# /opt/atlassian/jira/jre/bin/keytool -import -alias servicedesk -keystore /opt/atlassian/jira/jre/lib/security/cacerts -file /etc/nginx/ssl/example.com.crt
	
root@servicedesk:~# /opt/atlassian/jira/jre/bin/keytool -import -alias servicedesk_intermediate_cert -keystore /opt/atlassian/jira/jre/lib/security/cacerts -file /etc/nginx/ssl/intermediate.crt

Set the /etc/hosts to resolve to proper address e.g

root@servicedesk:~# cat /etc/hosts
127.0.0.1       localhost servicedesk.example.com
<public ip>     servicedesk.example.com
<public ipv6>     servicedesk.example.com
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
# --- BEGIN PVE ---
10.10.4.169 servicedesk.example.com servicedesk
# --- END PVE ---

• Custom jira translation

• https://confluence.atlassian.com/jirakb/how-to-fix-gadget-titles-showing-as-__msg_gadget-813697086.html?_ga=2.9281206.2034740356.1523861306-521827037.1519112736
• https://confluence.atlassian.com/kb/connecting-to-ssl-services-802171215.html