HTTPS

Rafal Niznik August 20, 2017

Hi All

Confluence is new to me but currently I want to setup SSL 

I follow all instruction I found but still have some issues running over SSL

Can anyone advice and provide basic step-by-step guide?

I'm runnning confluence under Debian box

 

Regards

Raf

2 answers

2 accepted

2 votes
Answer accepted
noamdah
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 21, 2017

Run on application server:

openssl genrsa -out confKey.key 2048 -sha256


openssl req -new -key confKey.key -out confReq.csr

 

Send confReq.csr to CA

Take caReply.cer to server

 

openssl pkcs12 -export -out key.pfx -inkey confKey.key -in caReply.cer


keytool -importkeystore -srckeystore key.pfx -srcstoretype pkcs12 -destkeystore myKey.jks -deststoretype JKS


On server.xml file:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="changeit" keystoreFile="/path/to/myKey.jks"/>


Restart confluence

Change base url

0 votes
Answer accepted
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 20, 2017

You'll need to decide on what route you want to take first.  You can either try to run Confluence's Tomcat with SSL, or take the recommended route of setting up a simple reverse proxy that handles all the SSL stuff.  (There are other routes, but these are more than a little unusual, and I'm only really familiar with the 97% of cases that go with a proxy).

Do you have a preference?  If so, and it's a proxy, which web server would you choose as the proxy?  (Nginx, Apache, Lighttpd etc)

Rafal Niznik August 21, 2017

currently I use Sophos XG firewall that has option to protect webservers but not really sure hot to set this up

Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 21, 2017

That's nothing to do with SSL or proxies.  Although you may have to configure it to allow traffic on the port you want to run on.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events