Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

redirecting Confluence SSL URL https://<website> to https://<website>:8443

tim wilkinson
tim wilkinson July 5, 2017

Hi,

I've got Confluence working via https on Centos6 (following https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html) and it currently redirects http://<website> to https://<website>:8443 fine.

What I'd also like to do is forward https://<website> (i.e. not port specified but https specified) to https://<website>:8443. At the moment if you specify https without specifying a port it cannot display the page. I suspect a few users will expect to get to the website if this way.

Cheers,

Tim

Answer
Watch
Like Be the first to like this
2115 views

2 answers

0 votes
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 5, 2017

I`d strongly recommend proxying your Confluence with either Apahce or Nginx.

Here is Atlassians documentation on it. 

https://confluence.atlassian.com/doc/using-apache-with-virtual-hosts-and-mod_proxy-173685.html

I also like that you give your users a friendly (simple) URL. That will definitly make the applicaiton more used.

Cheers,

Lars, Kantega Single Sign-on

View More Comments
tim wilkinson
tim wilkinson July 6, 2017

Lars - will look at that I think for the future but does it add  another layer of complexity?

Like
Reply
0 votes
Christoph Schötz
Christoph Schötz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 5, 2017

Hi Tim,

usually https://<website> should listen on :443 so it should be sufficient to redirect incoming request on :443 or https://<website>:443 to https://<website>:8443 in your vhosts file. Hope that helps?

Cheers

Christoph

View More Comments
tim wilkinson
tim wilkinson July 6, 2017

Christoph - I was thinking along those lines but I'm not sure where (or how) to do that. I'm still learning linux (somewhere between beginner and intermediate) and am definitely a beginner as far as Confluence goes.

Would this be done in the firewall (iptables) rules or in server.xml? Perhaps even somewhere different?

Cheers,

Tim

Like
Christoph Schötz
Christoph Schötz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 6, 2017

Tim - stupid question maybe but why don't you just change the port for Confluence to 443 (if using https, to 80 if not)? This should be possible in the server.xml. For the future I definitely recommend you to use Apache or ngninx as a proxy as Lars described as it is the usual setup.. 

Like
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2017

yum groupinstall webserver
chkconfig httpd on

Add the following to /etc/httpd/conf.d/wiki.example.com.conf

<VirtualHost *:80>
ServerName wiki.example.com
ServerAlias wiki

ProxyPreserveHost On
RewriteEngine on
# Redirect http traffic to https
RewriteRule ^/(.*)$ https://wiki.example.com/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
ServerName wiki.example.com

ProxyPreserveHost On
ProxyRequests Off

ErrorLog /var/log/httpd/wiki.example.com-ssl_error_log
TransferLog /var/log/httpd/wiki.example.com-ssl_access_log
CustomLog /var/log/httpd/wiki.example.com-ssl_request_log ssl_combined

ErrorDocument 503 "<center><br><br><h1>We are down for some maintenance. Bla bla... </h1></center>"

ProxyPass /synchrony http://localhost:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>

ProxyPass / http://localhost:8090/ retry=2 acquire=3000 timeout=120 Keepalive=On
ProxyPassReverse / http://localhost:8090/

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/pki/tls/certs/wildcard.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private//wildcard.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-CA.crt
</VirtualHost>

Edit confluence server.xml if you are using SSL:


<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
secure="true"
scheme="https" ProxyPort="443" ProxyName="wiki.example.com" maxHttpHeaderSize="32768" />

 

-Lars

Like
Lars Olav Velle
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 7, 2017

Something like this. Then you will not have to deal with keytool, cacerts and things like that :)

-Lars

Like
tim wilkinson
tim wilkinson July 9, 2017

Christoph - not a stupiud question but I'm trying to follow Atlassian instructions  - I was assuming there's a reason they specify 8443 not 443, and also it means the instructions can be referred to in the future. I was hoping it shopuld be realtively easy to just have a line or two to make anything going to https://<website> redirect to port 8443.

Lars - will have a look at that but as mentioned I was hoping there might be a an easy line or two of code (would be easier than setting-up a proxy) but perhaps there isn't.

Like
Christoph Schötz
Christoph Schötz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 10, 2017

Tim - I guess it is just that they want a configuration which should work by default even if there is already one ssl application running which would probably run on the ssl default port 443 ;) good luck! 

Like
tim wilkinson
tim wilkinson July 10, 2017

Christoph - I was looking into this yesterday and I think it's because non-root users are not able to bind to ports below 1024 on Linux.

I think I found part of the answer in https://confluence.atlassian.com/jirakb/how-do-i-use-port-80-or-443-on-my-jira-server-as-a-non-root-user-on-linux-890079490.html - this at least redirects to port 8443 but then causes issues with gadgets on JIRA, and on both JIRA/confluence then also causes issues with base url if users use http rather than https.

I'm getting closer but it's a bit cyclic where it fixes somethings but breaks others. I may just advise users to go to https://<server>:8443

Like
Christoph Schötz
Christoph Schötz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 10, 2017

Tim thanks for sharing and all the best to you! 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events