Enable SSL with AWS ELB and Confluence

I am successfully running Confluence (and Jira) in AWS behind ELB (elastic load balancer) instances.  On the ELB there is an HTTP (80) listener to the EC2 instance on the HTTP port for Confluence (8090).  This works great.  However, I want to use SSL on the ELB side.  When I change the listener on the ELB that works but Confluence redirects back to port 80 which then fails since the ELB is no longer listening on that port.  I tried changing the base URL and I tried adding proxyPort to the server.xml file.  I haven't found a combination that works.

5 answers

0 vote

Hi Troy, 

I believe it is failing because your ELB is listening on port 443 but when Confluence send the information back, it is done by a different port. So, the ELB receive the connection from Confluence on port 80 when the expected is on port 443. So, I believe that if we configure Confluence to only listen on port 443 it should works. Can you have a look on  this link and let us know how it is going? 

In case it doesn't work, please paste the server.xml here. 

 

Regards, 

Renato Rudnicki

 

@Troy Moreland, did you get this to work?

HI Troy, Were you able to get this to work based on the link provided below by Renato?

I have a similar setup, where ELB port 80 points to instance port 8080 for JIRA, however the same does not work when setting up a https port via ELB and using a AWS Certificate.

Please let me know

 

Thanks

Milind Shah

I got this working. The key is in fact your server.xml. I use the following xmlstarlet commands in my Confluence dockerfile to inject the needed attributes:

 

# configure Confluence for use behind an ELB by adding proxy-related attributes to server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n scheme -v https $CONFLUENCE_INSTALL/conf/server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n proxyPort -v 443 $CONFLUENCE_INSTALL/conf/server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n secure -v true $CONFLUENCE_INSTALL/conf/server.xml

I tried that out but it did not work.

i updated the server xml to include the 3 variables mentioned adove but that still does not let https work through AWS ELB

 

Load Balancer Protocol
Load Balancer Port
Instance Protocol
Instance Port
Cipher
SSL Certificate
HTTP80HTTP8080N/AN/A
HTTPS443HTTP8080 3a9009dd-7216-458e-8b65-9e2cdf9ae24b (ACM)

 

Server XML:

 

<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
acceptCount="100"
disableUploadTimeout="true"
redirectPort="8443"
scheme="https"
proxyPort="443"
secure="true"
/>

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

989 views 23 13
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you