redirecting Confluence SSL URL https://<website> to https://<website>:8443


I've got Confluence working via https on Centos6 (following and it currently redirects http://<website> to https://<website>:8443 fine.

What I'd also like to do is forward https://<website> (i.e. not port specified but https specified) to https://<website>:8443. At the moment if you specify https without specifying a port it cannot display the page. I suspect a few users will expect to get to the website if this way.



2 answers

Hi Tim,

usually https://<website> should listen on :443 so it should be sufficient to redirect incoming request on :443 or https://<website>:443 to https://<website>:8443 in your vhosts file. Hope that helps?



Christoph - I was thinking along those lines but I'm not sure where (or how) to do that. I'm still learning linux (somewhere between beginner and intermediate) and am definitely a beginner as far as Confluence goes.

Would this be done in the firewall (iptables) rules or in server.xml? Perhaps even somewhere different?



Tim - stupid question maybe but why don't you just change the port for Confluence to 443 (if using https, to 80 if not)? This should be possible in the server.xml. For the future I definitely recommend you to use Apache or ngninx as a proxy as Lars described as it is the usual setup.. 

yum groupinstall webserver
chkconfig httpd on

Add the following to /etc/httpd/conf.d/

<VirtualHost *:80>
ServerAlias wiki

ProxyPreserveHost On
RewriteEngine on
# Redirect http traffic to https
RewriteRule ^/(.*)$$1 [L,R]

<VirtualHost *:443>

ProxyPreserveHost On
ProxyRequests Off

ErrorLog /var/log/httpd/
TransferLog /var/log/httpd/
CustomLog /var/log/httpd/ ssl_combined

ErrorDocument 503 "<center><br><br><h1>We are down for some maintenance. Bla bla... </h1></center>"

ProxyPass /synchrony http://localhost:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]

ProxyPass / http://localhost:8090/ retry=2 acquire=3000 timeout=120 Keepalive=On
ProxyPassReverse / http://localhost:8090/

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCertificateFile /etc/pki/tls/certs/
SSLCertificateKeyFile /etc/pki/tls/private//
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-CA.crt

Edit confluence server.xml if you are using SSL:

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
scheme="https" ProxyPort="443" ProxyName="" maxHttpHeaderSize="32768" />



Something like this. Then you will not have to deal with keytool, cacerts and things like that :)


Christoph - not a stupiud question but I'm trying to follow Atlassian instructions  - I was assuming there's a reason they specify 8443 not 443, and also it means the instructions can be referred to in the future. I was hoping it shopuld be realtively easy to just have a line or two to make anything going to https://<website> redirect to port 8443.

Lars - will have a look at that but as mentioned I was hoping there might be a an easy line or two of code (would be easier than setting-up a proxy) but perhaps there isn't.

Tim - I guess it is just that they want a configuration which should work by default even if there is already one ssl application running which would probably run on the ssl default port 443 ;) good luck! 

Christoph - I was looking into this yesterday and I think it's because non-root users are not able to bind to ports below 1024 on Linux.

I think I found part of the answer in - this at least redirects to port 8443 but then causes issues with gadgets on JIRA, and on both JIRA/confluence then also causes issues with base url if users use http rather than https.

I'm getting closer but it's a bit cyclic where it fixes somethings but breaks others. I may just advise users to go to https://<server>:8443

Tim thanks for sharing and all the best to you! 

I`d strongly recommend proxying your Confluence with either Apahce or Nginx.

Here is Atlassians documentation on it.

I also like that you give your users a friendly (simple) URL. That will definitly make the applicaiton more used.


Lars, Kantega Single Sign-on

Lars - will look at that I think for the future but does it add  another layer of complexity?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Mar 12, 2019 in Confluence

Confluence Admin Certification now $150 for Community Members

More and more people are building their careers with Atlassian, and we want you to be at the front of this wave! Important Dates Start the Certification Prep Course by 2 April 2019 Take your e...

1,494 views 4 13
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you