Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources

HTTPS

Rafal Niznik
Rafal Niznik Aug 20, 2017

Hi All

Confluence is new to me but currently I want to setup SSL 

I follow all instruction I found but still have some issues running over SSL

Can anyone advice and provide basic step-by-step guide?

I'm runnning confluence under Debian box

 

Regards

Raf

Answer
Watch
Like Be the first to like this

2 answers

1 vote
Noam Dahan
Noam Dahan Aug 21, 2017

Run on application server:

openssl genrsa -out confKey.key 2048 -sha256


openssl req -new -key confKey.key -out confReq.csr

 

Send confReq.csr to CA

Take caReply.cer to server

 

openssl pkcs12 -export -out key.pfx -inkey confKey.key -in caReply.cer


keytool -importkeystore -srckeystore key.pfx -srcstoretype pkcs12 -destkeystore myKey.jks -deststoretype JKS


On server.xml file:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="changeit" keystoreFile="/path/to/myKey.jks"/>


Restart confluence

Change base url

Reply
0 vote
Nic Brough [Adaptavist]
Nic Brough [Adaptavist] Community Champion Aug 20, 2017

You'll need to decide on what route you want to take first.  You can either try to run Confluence's Tomcat with SSL, or take the recommended route of setting up a simple reverse proxy that handles all the SSL stuff.  (There are other routes, but these are more than a little unusual, and I'm only really familiar with the 97% of cases that go with a proxy).

Do you have a preference?  If so, and it's a proxy, which web server would you choose as the proxy?  (Nginx, Apache, Lighttpd etc)

View More Comments
Rafal Niznik
Rafal Niznik Aug 21, 2017

currently I use Sophos XG firewall that has option to protect webservers but not really sure hot to set this up

Nic Brough [Adaptavist]
Nic Brough [Adaptavist] Community Champion Aug 21, 2017

That's nothing to do with SSL or proxies.  Although you may have to configure it to allow traffic on the port you want to run on.

Reply

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Kesha Thillainayagam
 Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

2,856 views 27 11
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you