Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Is it possible to encrypt the traffic between the node and load-balancer?

Vishnu Samavedula
Vishnu Samavedula
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 10, 2018

Currently, in the middle of implementing Confluence Data Center.

In regards to implementing SSL using the SSL termination methodology, the traffic looks like:

User --https--> Load Balancer --http--> node1

Has there been a use case where the data interaction has been over https even between the load balancer and Node(s):

User --https--> Load Balancer --https--> node1 

The current instructions is only for running the Confluence over SSL and doesn't say much about encrypting the data interaction among the nodes and load-balancer

[Question has been updated]

Answer
Watch
Like # people like this
1753 views

3 answers

0 votes
DanaC
DanaC February 6, 2018

Our setup is exactly this.

 

https -> LB -> [https (Apache ) -> http (local) Node1]

Where [ ] is all running on each server node..

So before we ever went to Data Center, or using Load Balancers our best practice was to run apache as a reserve proxy on every server running an Atlassian product (or pretty much any application container) as the front door. We then proxy to the instance running the product.

We also set the node to only response to localhost traffic for http, but allow direct https for maintenance of node.

The trick so much you have to have your load balancer and your node all have the appropriate certs and keys so they all handle the SSL. 

Reply
0 votes
Davin Studer
Davin Studer
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 10, 2018

You could setup IPsec between your load balancer and your Confluence nodes. So the load balancer would still access the nodes over http, but the http access would be inside a secure tunnel.

View More Comments
Matt Doar
Matt Doar
Community Champion
January 10, 2018

True.

Like
Reply
0 votes
Matt Doar
Matt Doar
Community Champion
January 10, 2018

Do you mean the traffic between the Confluence nodes within gthe same physical data center? That's all cache syncs I think. And not visible to external users anyway.

View More Comments
Vishnu Samavedula
Vishnu Samavedula
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 10, 2018

Apologies Matt, I had to correct my question. I am looking at a use case where the traffic between node and load balancer is encrypted as well, if I were to choose the SSL Termination method.

Like
Matt Doar
Matt Doar
Community Champion
January 10, 2018

"doesn't say much about encrypting the data interaction among the nodes and load-balancer" yes, the DC docs don't go into details about specific load balancers.

But a good guideline is to never leave traffic unencrypted. And have the reverse proxy running on the same server as its Jira app

Like
Matt Doar
Matt Doar
Community Champion
January 10, 2018

Erm, Confluence

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security