Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions
Community
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions
Forums
Home Q&A Discussion groups Articles Ask a question Search
Learning Events Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Running Crowd over HTTPS

Richard Sylvester
Richard Sylvester November 7, 2025

Hi Guys,

I have Crowd running in Kubernetes (installed via Helm). Is anyone able to give me step-by-step instructions on getting it running over HTTPS? I have already got a signed certificate to import. 

Thanks in advance.

 

Answer
Watch
Like Jason U likes this
111 views

2 answers

3 votes
Yevhen
Yevhen
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 12, 2025

https://atlassian.github.io/data-center-helm-charts/userguide/CONFIGURATION/#ingress all you need is to create an ingress, ie enable it in your helm values.

Reply
1 vote
Tomislav Tobijas
Tomislav Tobijas
Community Champion
November 7, 2025

Hi @Richard Sylvester ,

I never actually did this, but I managed to find the following:

Terminate SSL at the Ingress Controller (might be recommended)

  • The best practice is to terminate SSL at your Kubernetes Ingress (e.g., NGINX, AWS ALB). This means HTTPS is handled at the edge, and traffic inside the cluster is HTTP.

  • Store your signed certificate as a Kubernetes Secret.

  • Configure your Ingress resource to use this Secret for TLS termination.

  • This approach is simpler and easier to maintain

And if you need HTTPS directly in the Crowd Pod...

Option 1: Pre-Built Java Truststore as a Kubernetes Secret (Recommended)

  • On your workstation, import your signed certificate into a Java keystore:

    keytool -import -trustcacerts -alias mycert -file /path/to/your.crt -keystore keystore.jks -storepass <password>

  • Create a Kubernetes Secret from the keystore:

    kubectl create secret generic crowd-keystore --from-file=keystore.jks=/path/to/keystore.jks -n <namespace>

  • In your Helm values, mount the Secret and set JVM arguments:

    volumes:
  - name: crowd-keystore
    secret:
      secretName: crowd-keystore
volumeMounts:
  - name: crowd-keystore
    mountPath: /var/opt/crowd-keystore
    readOnly: true
env:
  - name: JVM_SUPPORT_RECOMMENDED_ARGS
    value: "-Djavax.net.ssl.trustStore=/var/opt/crowd-keystore/keystore.jks -Djavax.net.ssl.trustStorePassword=<password>"

  • Update Crowd’s configuration (e.g., server.xml) to enable HTTPS and point to your keystore.

Option 2: Dynamic Truststore Generation Using an Init Container

  • Store your certificate as a Kubernetes Secret.

  • Use an init container to import the certificate into a new keystore at pod startup.

  • Mount the generated keystore and set JVM arguments as above.

Option 3: Custom Docker Image

  • Build a custom Crowd image with your certificate imported into the Java truststore during the build process.

  • Use this image in your Helm deployment.

But I've never actually executed this. Been a while since I've played with server configs and SSLs (can't say I miss it that much) 😅

Hopefully, someone actually did configure it, so maybe they can provide some additional details.

Cheers,
Tobi

View More Comments
Richard Sylvester
Richard Sylvester November 10, 2025

Thanks for this @Tomislav Tobijas , I should have mentioned I am using Nginx as the ingress controller, so I'll try terminating at the ingress level first and then Option 1 if that doesn't work. Will let you know how I get on.

Like Tomislav Tobijas likes this
Richard Sylvester
Richard Sylvester November 10, 2025

I assume this process would be the same for Jira, Confluence etc?

Like
Tomislav Tobijas
Tomislav Tobijas
Community Champion
November 12, 2025

@Richard Sylvester yeah, these should also be recommended for Jira, Confluence, and other DC products deployed in Kubernetes.

This might help as well: Load balancer configuration options 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
DEPLOYMENT TYPE
SERVER
VERSION
7.1.0
PRODUCT PLAN
STANDARD
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security