redirecting Confluence SSL URL https://<website> to https://<website>:8443

Hi,

I've got Confluence working via https on Centos6 (following https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html) and it currently redirects http://<website> to https://<website>:8443 fine.

What I'd also like to do is forward https://<website> (i.e. not port specified but https specified) to https://<website>:8443. At the moment if you specify https without specifying a port it cannot display the page. I suspect a few users will expect to get to the website if this way.

Cheers,

Tim

2 answers

0 vote
Christoph Thomas Community Champion Jul 05, 2017

Hi Tim,

usually https://<website> should listen on :443 so it should be sufficient to redirect incoming request on :443 or https://<website>:443 to https://<website>:8443 in your vhosts file. Hope that helps?

Cheers

Christoph

Christoph - I was thinking along those lines but I'm not sure where (or how) to do that. I'm still learning linux (somewhere between beginner and intermediate) and am definitely a beginner as far as Confluence goes.

Would this be done in the firewall (iptables) rules or in server.xml? Perhaps even somewhere different?

Cheers,

Tim

Christoph Thomas Community Champion Jul 06, 2017

Tim - stupid question maybe but why don't you just change the port for Confluence to 443 (if using https, to 80 if not)? This should be possible in the server.xml. For the future I definitely recommend you to use Apache or ngninx as a proxy as Lars described as it is the usual setup.. 

yum groupinstall webserver
chkconfig httpd on

Add the following to /etc/httpd/conf.d/wiki.example.com.conf

<VirtualHost *:80>
ServerName wiki.example.com
ServerAlias wiki

ProxyPreserveHost On
RewriteEngine on
# Redirect http traffic to https
RewriteRule ^/(.*)$ https://wiki.example.com/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
ServerName wiki.example.com

ProxyPreserveHost On
ProxyRequests Off

ErrorLog /var/log/httpd/wiki.example.com-ssl_error_log
TransferLog /var/log/httpd/wiki.example.com-ssl_access_log
CustomLog /var/log/httpd/wiki.example.com-ssl_request_log ssl_combined

ErrorDocument 503 "<center><br><br><h1>We are down for some maintenance. Bla bla... </h1></center>"

ProxyPass /synchrony http://localhost:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>

ProxyPass / http://localhost:8090/ retry=2 acquire=3000 timeout=120 Keepalive=On
ProxyPassReverse / http://localhost:8090/

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/pki/tls/certs/wildcard.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private//wildcard.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-CA.crt
</VirtualHost>

Edit confluence server.xml if you are using SSL:


<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
secure="true"
scheme="https" ProxyPort="443" ProxyName="wiki.example.com" maxHttpHeaderSize="32768" />

 

-Lars

Something like this. Then you will not have to deal with keytool, cacerts and things like that :)

-Lars

Christoph - not a stupiud question but I'm trying to follow Atlassian instructions  - I was assuming there's a reason they specify 8443 not 443, and also it means the instructions can be referred to in the future. I was hoping it shopuld be realtively easy to just have a line or two to make anything going to https://<website> redirect to port 8443.

Lars - will have a look at that but as mentioned I was hoping there might be a an easy line or two of code (would be easier than setting-up a proxy) but perhaps there isn't.

Christoph Thomas Community Champion Jul 10, 2017

Tim - I guess it is just that they want a configuration which should work by default even if there is already one ssl application running which would probably run on the ssl default port 443 ;) good luck! 

Christoph - I was looking into this yesterday and I think it's because non-root users are not able to bind to ports below 1024 on Linux.

I think I found part of the answer in https://confluence.atlassian.com/jirakb/how-do-i-use-port-80-or-443-on-my-jira-server-as-a-non-root-user-on-linux-890079490.html - this at least redirects to port 8443 but then causes issues with gadgets on JIRA, and on both JIRA/confluence then also causes issues with base url if users use http rather than https.

I'm getting closer but it's a bit cyclic where it fixes somethings but breaks others. I may just advise users to go to https://<server>:8443

Christoph Thomas Community Champion Jul 10, 2017

Tim thanks for sharing and all the best to you! 

I`d strongly recommend proxying your Confluence with either Apahce or Nginx.

Here is Atlassians documentation on it. 

https://confluence.atlassian.com/doc/using-apache-with-virtual-hosts-and-mod_proxy-173685.html

I also like that you give your users a friendly (simple) URL. That will definitly make the applicaiton more used.

Cheers,

Lars, Kantega Single Sign-on

Lars - will look at that I think for the future but does it add  another layer of complexity?

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Published 14 hours ago in Confluence

Think you know shares vs. @mentions in Confluence? Take this collab quiz.

To anyone who doubts that Atlassians are a little too obsessed with collaboration, and tools related thereto, let me describe a recent discussion we had (which took place on our internal Confluence, ...

99 views 2 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you