Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Deployment patterns to use the same confluence instance on intranet and internet

Johan Ferner
Johan Ferner May 27, 2014

Hello,

My organization uses Confluence internally. It has the following setup:

  • Users login using crowd connected to Microsoft AD
  • Anonymous access can see almost everything

Now we would like to expose parts of this instance on the internet (includes putting the confluence instance in a DMZ). If a user accesses our confluence site from the internet we would like the following setup:

  • Anonymous access restricted to specific spaces - for public documentation etc.
  • Users can login using crowd connected to Microsoft AD and
    • can see everything if employee
    • can see specified spaces if partner (not employee)

Is it possible to mix these policys on the same confluence instance based on IP adress?

Thanks in advance,

Johan

Answer
Watch
Like Be the first to like this
289 views

2 answers

1 accepted

0 votes
Answer accepted
Johan Ferner
Johan Ferner September 2, 2014

This was put on hold by my organization.

After thinking about this for a while I would buy a second confluence instance and export/import spaces because of security concerns. That way I am assured that only public information is available on the internet.

Reply
0 votes
Steve Gerstner [bridgingIT]
Steve Gerstner [bridgingIT]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 27, 2014

The part with anonymous users might be a problem

I would use a webserver in front of the confluence tomcat doing a sso with ntlm or kerberos, so your internal users are automatically logged in (with a special authenticator you have to write).

Use a second webserver for the web traffic.

The only problem, you have two servers but only one baseurl.

Maybe you can use the same domain and map it internally to a different ip?

If you get this working, the only thing you have to deal with is permission management.

You don't need internal anonymous access and can work with qualified user names.

Or do you need the anonymous access due to licensing?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events