Changing confluence to SSL

Hi Atlassian experts,

I am trying to move my trial Confluence 5.8.5 Cent OS 7 installation to https. After I do localhost:8090 and it-confluence01:8090 just time out.    I looked through the log files (Catalina.out and atlassian-confluence.log) and after correcting any error in those (My /root/.keystore was not readable by confluence) it still did the same thing.

I also read this https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS and changed my web.xml.  Still exact same behavior.  I change back to http everything work, I move to https and nothing.

Here is my server.xml:  (yes I know changeit is a terrible password but I first have to get it to work then I'll worry about security)

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true" keystoreFile="/root/.keystore"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="changeit"/>

Thanks in advance for any help on this one.

Robert

3 answers

1 accepted

Accepted Answer
0 votes

Turns out the problem was that confluence was using the ID confluence1 with home directory of /home/confluence1 and I needed to place .keystore there.    Would be nice if confluence saw an ID of confluence as asked (you already have a confluence ID do you want to use that?)  but once I placed the .keystore in the correct place everything worked.  I have up to /home/jira7/ on my JIRA box lol

1 vote
Daniel Eads Community Champion Jul 21, 2015

Hi Robert,

Looks like you might have a typo. The option for sslProtocol can't have an 's' at the end. See https://tomcat.apache.org/tomcat-7.0-doc/config/http.html for confirmation of valid options.

Additionally, the all option is a shortcut for "TLSv1+TLSv1.1+TLSv1.2". Looks like you could swap out your TLS versions with "all" to simplify the config.

Thanks, interestingly I did not type that, I simply uncommented it from what was given by Atlassian?!? I tried that, and exact same problem. But now with the extra warning of: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslProtocols' to 'TLSv1,TLSv1.1,TLSv1.2' did not find a matching property.

Something else to consider... I'm not sure if you are thinking of putting a reverse proxy on the same server at some point, but I found it easier to configure SSL to terminate at the proxy and then just use the standard web.xml for Confluence.  I was using IIS, but I imagine it would work just as well with Apache or nginx...

Daniel Eads Community Champion Jul 21, 2015

Second on this. We use nginx in our environment (and Apache before that) and the setup is pretty straightforward.

I third that, that is how we did it at the place I just left. Unfortunately that is item 192 on today hot items list and I need to make sure passwords are not visible immediately and then I can set up a proxy et al.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Thursday in Confluence

What are your project planning tips?

Hello Community,  Jessica here from the Confluence product marketing team! Today I wanted to get your takes on project planning –– what works, what doesn’t, how do you know if you’re doing it r...

145 views 0 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you