Hello,
I want to start using our Confluence over HTTPS. We are using Confluence with synchrony.
I have certificate which I added to keystore. I tried to change httpd-vhosts.conf configuration and server.xml configuration files,...
Here is my httpd-vhosts.conf (We hosts JIRA and Confluence on the same server). JIRA works fine over HTTPS:
<VirtualHost *:443>
ServerName domainaddress_of_our_JIRA
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://Internal_IP_of_our_JIRA:8080/
ProxyPassReverse / Internal_IP_of_our_JIRA:8080/
SSLEngine On
SSLCertificateFile "C:\Apache24\conf\our_jira_certificate.cer"
SSLCertificateKeyFile "C:\Apache24\conf\our_jira_privatekey.key"
SSLProxyEngine Off
RemoteIPHeader X-Forwarded-For
</VirtualHost>
<VirtualHost *:80>
ServerName domainaddress_of_our_JIRA
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#Redirect / https://domainaddress_of_our_JIRA/
</VirtualHost>
<VirtualHost *:443>
ServerName domainaddress_of_our_Confluence
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://Internal_IP_of_our_Confluence:8090/$1 [P]
<Proxy *>
Require all granted
</Proxy>
SSLEngine On
SSLCertificateFile "C:\Apache24\conf\our_Confluence_certificate.cer"
SSLCertificateKeyFile "C:\Apache24\conf\our_Confluence_privatekey.key"
ProxyPass /synchrony http://Internal_IP_of_our_Confluence:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://Internal_IP_of_our_Confluence:8091%{REQUEST_URI} [P]
</Location>
ProxyPass / http://Internal_IP_of_our_Confluence:8090
ProxyPassReverse / http://Internal_IP_of_our_Confluence:8090
<Location />
Require all granted
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName domainaddress_of_our_Confluence
Redirect Permanent /synchrony https://domainaddress_of_our_Confluence/synchrony
</VirtualHost>
Here is serwer.xml configuration (I changed proxyport to "443", and scheme to "https" at the top of file, uncommented "Connector" at the bottom and added paths to keystore):
<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="domainaddress_of_our_Confluence" proxyport="443" sheme="https"/>
<Connector port="8099" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol" sheme="http"/>
<Engine name="Standalone" defaultHost="domainaddress_of_our_Confluence" debug="0">
<Host name="domainaddress_of_our_Confluence" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>
</Engine>
<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/
For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="48" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystoreFile="C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts" keystorePass="password_for_keystore" keyAlias="name_of_certificate_alias"/>
</Service>
</Server>
When I change something in httpd-vhosts.conf I restart Apache service, and when I change something in serwer.xml I restart Confluence service.
After the above changes Confluence is running over HTTPS, but I still have the same error:
https://confluence.atlassian.com/confkb/can-t-check-base-url-warning-in-confluence-6-6-or-later-939718433.html
and my Application links from JIRA don't work (Network Error - JIRA says that propably because of misconigured proxy).
Could You please check my configuration and tell wehere is the problem ?
Thank You,
Mr Zee
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.