Enable SSL with AWS ELB and Confluence

I am successfully running Confluence (and Jira) in AWS behind ELB (elastic load balancer) instances.  On the ELB there is an HTTP (80) listener to the EC2 instance on the HTTP port for Confluence (8090).  This works great.  However, I want to use SSL on the ELB side.  When I change the listener on the ELB that works but Confluence redirects back to port 80 which then fails since the ELB is no longer listening on that port.  I tried changing the base URL and I tried adding proxyPort to the server.xml file.  I haven't found a combination that works.

5 answers

0 votes

Hi Troy, 

I believe it is failing because your ELB is listening on port 443 but when Confluence send the information back, it is done by a different port. So, the ELB receive the connection from Confluence on port 80 when the expected is on port 443. So, I believe that if we configure Confluence to only listen on port 443 it should works. Can you have a look on  this link and let us know how it is going? 

In case it doesn't work, please paste the server.xml here. 

 

Regards, 

Renato Rudnicki

 

@Troy Moreland, did you get this to work?

HI Troy, Were you able to get this to work based on the link provided below by Renato?

I have a similar setup, where ELB port 80 points to instance port 8080 for JIRA, however the same does not work when setting up a https port via ELB and using a AWS Certificate.

Please let me know

 

Thanks

Milind Shah

I got this working. The key is in fact your server.xml. I use the following xmlstarlet commands in my Confluence dockerfile to inject the needed attributes:

 

# configure Confluence for use behind an ELB by adding proxy-related attributes to server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n scheme -v https $CONFLUENCE_INSTALL/conf/server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n proxyPort -v 443 $CONFLUENCE_INSTALL/conf/server.xml
RUN xmlstarlet ed --inplace --insert "/Server/Service/Connector" --type attr -n secure -v true $CONFLUENCE_INSTALL/conf/server.xml

I tried that out but it did not work.

i updated the server xml to include the 3 variables mentioned adove but that still does not let https work through AWS ELB

 

Load Balancer Protocol
Load Balancer Port
Instance Protocol
Instance Port
Cipher
SSL Certificate
HTTP80HTTP8080N/AN/A
HTTPS443HTTP8080 3a9009dd-7216-458e-8b65-9e2cdf9ae24b (ACM)

 

Server XML:

 

<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
acceptCount="100"
disableUploadTimeout="true"
redirectPort="8443"
scheme="https"
proxyPort="443"
secure="true"
/>

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 29, 2018 in New to Confluence

How to use Confluence Cloud for stakeholder management

Most of us don’t need much convincing that stakeholder management is important. It just makes sense that keeping everyone in-the-know on projects and assigning clearly defined roles is key to having ...

1,169 views 4 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you