I have installed Confluence standalone version and need to run it over SSL/https. Certificate is installed on an F5 load balancer application so need to know how to configure Confluence and F5 (if needed to check configuration because network team manage this application) in order for Confluence to work on https.
Thanks.
Community moderators have prevented the ability to post new answers.
I was able to run Confluence by setting below configuration on server.xml
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="80" minProcessors="5" maxProcessors="75" proxyPort="443" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSEnabled="true" enableLookups="false" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="20000" useURIValidationHack="false" URIEncoding="UTF-8" />
Did you have to generate import any certificates on your application server? Or was it all handled by the F5? My network team is saying I dont need to generate/import any certs on the app server. All done by the F5.
Also did you edit your web.xml to redirect http to https?
to <CONFLUENCE_INSTALLATION>/confluence/WEB-INF/web.xml
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Woot! This works for me too!
Our stack looks like this:
client -> firewall -> load balancer -> apache -> tomcat
We do SSL offload on the load balancer, so apache only talks HTTP, but we need confluence to generate URLs using the HTTPS scheme.
The above configuration fragment works perfectly for us.
Thanks.
R.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Konnie McCauley @Robin Bowes @Jayzle Coballes any chance any of you can share some more information on this? on the tomcat and on the F5 level.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
We certainly have had some challenges with getting our standalone behind the F5. We also have the Kerberos authentication set up for SSO. Would anything need to be changes in this connector?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Community moderators have prevented the ability to post new answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.