Changing confluence to SSL

Hi Atlassian experts,

I am trying to move my trial Confluence 5.8.5 Cent OS 7 installation to https. After I do localhost:8090 and it-confluence01:8090 just time out.    I looked through the log files (Catalina.out and atlassian-confluence.log) and after correcting any error in those (My /root/.keystore was not readable by confluence) it still did the same thing.

I also read this and changed my web.xml.  Still exact same behavior.  I change back to http everything work, I move to https and nothing.

Here is my server.xml:  (yes I know changeit is a terrible password but I first have to get it to work then I'll worry about security)

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true" keystoreFile="/root/.keystore"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="changeit"/>

Thanks in advance for any help on this one.


3 answers

1 accepted

0 votes
Accepted answer

Turns out the problem was that confluence was using the ID confluence1 with home directory of /home/confluence1 and I needed to place .keystore there.    Would be nice if confluence saw an ID of confluence as asked (you already have a confluence ID do you want to use that?)  but once I placed the .keystore in the correct place everything worked.  I have up to /home/jira7/ on my JIRA box lol

Hi Robert,

Looks like you might have a typo. The option for sslProtocol can't have an 's' at the end. See for confirmation of valid options.

Additionally, the all option is a shortcut for "TLSv1+TLSv1.1+TLSv1.2". Looks like you could swap out your TLS versions with "all" to simplify the config.

Thanks, interestingly I did not type that, I simply uncommented it from what was given by Atlassian?!? I tried that, and exact same problem. But now with the extra warning of: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'sslProtocols' to 'TLSv1,TLSv1.1,TLSv1.2' did not find a matching property.

Something else to consider... I'm not sure if you are thinking of putting a reverse proxy on the same server at some point, but I found it easier to configure SSL to terminate at the proxy and then just use the standard web.xml for Confluence.  I was using IIS, but I imagine it would work just as well with Apache or nginx...

Second on this. We use nginx in our environment (and Apache before that) and the setup is pretty straightforward.

I third that, that is how we did it at the place I just left. Unfortunately that is item 192 on today hot items list and I need to make sure passwords are not visible immediately and then I can set up a proxy et al.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Dec 18, 2018 in Confluence Cloud

Happy holidays from our team to yours!

Hi Community!  2018 was filled with changes for our team, both big and small, and we've taken a lot of time to both celebrate our wins and recognize areas of improvement. One thing that we're a...

477 views 3 18
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you