Enable SSL with AWS ELB and Confluence

I am successfully running Confluence (and Jira) in AWS behind ELB (elastic load balancer) instances.  On the ELB there is an HTTP (80) listener to the EC2 instance on the HTTP port for Confluence (8090).  This works great.  However, I want to use SSL on the ELB side.  When I change the listener on the ELB that works but Confluence redirects back to port 80 which then fails since the ELB is no longer listening on that port.  I tried changing the base URL and I tried adding proxyPort to the server.xml file.  I haven't found a combination that works.

5 answers

This widget could not be displayed.

Hi Troy, 

I believe it is failing because your ELB is listening on port 443 but when Confluence send the information back, it is done by a different port. So, the ELB receive the connection from Confluence on port 80 when the expected is on port 443. So, I believe that if we configure Confluence to only listen on port 443 it should works. Can you have a look on  this link and let us know how it is going? 

In case it doesn't work, please paste the server.xml here. 

 

Regards, 

Renato Rudnicki

 

This widget could not be displayed.

@Troy Moreland, did you get this to work?

This widget could not be displayed.

HI Troy, Were you able to get this to work based on the link provided below by Renato?

I have a similar setup, where ELB port 80 points to instance port 8080 for JIRA, however the same does not work when setting up a https port via ELB and using a AWS Certificate.

Please let me know

 

Thanks

Milind Shah

This widget could not be displayed.

I got this working. The key is in fact your server.xml. I use the following xmlstarlet commands in my Confluence dockerfile to inject the needed attributes:

 

# configure Confluence for use behind an ELB by adding proxy-related attributes to server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n scheme -v https $CONFLUENCE_INSTALL/conf/server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n proxyPort -v 443 $CONFLUENCE_INSTALL/conf/server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n secure -v true $CONFLUENCE_INSTALL/conf/server.xml

I tried that out but it did not work.

i updated the server xml to include the 3 variables mentioned adove but that still does not let https work through AWS ELB

 

Load Balancer Protocol
Load Balancer Port
Instance Protocol
Instance Port
Cipher
SSL Certificate
HTTP80HTTP8080N/AN/A
HTTPS443HTTP8080 3a9009dd-7216-458e-8b65-9e2cdf9ae24b (ACM)

 

Server XML:

 

<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
acceptCount="100"
disableUploadTimeout="true"
redirectPort="8443"
scheme="https"
proxyPort="443"
secure="true"
/>

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

530 views 7 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you