Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Switch to SSl

Markus Steinke
Markus Steinke
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
June 19, 2019

I followed the instructions https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html.

Everything works fine.

But if i switch in the server.xml to 

<Connector port="8443" maxHttpHeaderSize="8192"
    maxThreads="150" minSpareThreads="25"                    
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2"      
       sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
    URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>

Confluence is not longer reachable.  

if i switch back to 

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"/>

Everything works fine.

Answer
Watch
Like Be the first to like this
459 views

1 answer

1 accepted

0 votes
Answer accepted
Dave Theodore [Coyote Creek Consulting]
Dave Theodore [Coyote Creek Consulting]
Community Champion
June 19, 2019

I wouldn't recommend doing it that way.  There are two big reasons why.  First is security. If you want to listen to TCP port 443, you will need to run the Confluence Java process as root/administrator. This means that if there is a vulnerability in Confluence or Java, it is possible for an attacker to take over your server relatively easily.  Second is that this is doing things the hard way.  When you need to make changes, such as when a cert expires, you need to restart Confluence.

I would instead recommend using a reverse proxy server such as Apache. This can run on the same server. It is very simple to manage certificates this way and reverse proxy servers can do privilege separation built-in.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security