redirecting Confluence SSL URL https://<website> to https://<website>:8443

Hi,

I've got Confluence working via https on Centos6 (following https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html) and it currently redirects http://<website> to https://<website>:8443 fine.

What I'd also like to do is forward https://<website> (i.e. not port specified but https specified) to https://<website>:8443. At the moment if you specify https without specifying a port it cannot display the page. I suspect a few users will expect to get to the website if this way.

Cheers,

Tim

2 answers

Hi Tim,

usually https://<website> should listen on :443 so it should be sufficient to redirect incoming request on :443 or https://<website>:443 to https://<website>:8443 in your vhosts file. Hope that helps?

Cheers

Christoph

Christoph - I was thinking along those lines but I'm not sure where (or how) to do that. I'm still learning linux (somewhere between beginner and intermediate) and am definitely a beginner as far as Confluence goes.

Would this be done in the firewall (iptables) rules or in server.xml? Perhaps even somewhere different?

Cheers,

Tim

Tim - stupid question maybe but why don't you just change the port for Confluence to 443 (if using https, to 80 if not)? This should be possible in the server.xml. For the future I definitely recommend you to use Apache or ngninx as a proxy as Lars described as it is the usual setup.. 

yum groupinstall webserver
chkconfig httpd on

Add the following to /etc/httpd/conf.d/wiki.example.com.conf

<VirtualHost *:80>
ServerName wiki.example.com
ServerAlias wiki

ProxyPreserveHost On
RewriteEngine on
# Redirect http traffic to https
RewriteRule ^/(.*)$ https://wiki.example.com/$1 [L,R]
</VirtualHost>

<VirtualHost *:443>
ServerName wiki.example.com

ProxyPreserveHost On
ProxyRequests Off

ErrorLog /var/log/httpd/wiki.example.com-ssl_error_log
TransferLog /var/log/httpd/wiki.example.com-ssl_access_log
CustomLog /var/log/httpd/wiki.example.com-ssl_request_log ssl_combined

ErrorDocument 503 "<center><br><br><h1>We are down for some maintenance. Bla bla... </h1></center>"

ProxyPass /synchrony http://localhost:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>

ProxyPass / http://localhost:8090/ retry=2 acquire=3000 timeout=120 Keepalive=On
ProxyPassReverse / http://localhost:8090/

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
SSLCertificateFile /etc/pki/tls/certs/wildcard.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private//wildcard.example.com.key
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-CA.crt
</VirtualHost>

Edit confluence server.xml if you are using SSL:


<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
secure="true"
scheme="https" ProxyPort="443" ProxyName="wiki.example.com" maxHttpHeaderSize="32768" />

 

-Lars

Something like this. Then you will not have to deal with keytool, cacerts and things like that :)

-Lars

Christoph - not a stupiud question but I'm trying to follow Atlassian instructions  - I was assuming there's a reason they specify 8443 not 443, and also it means the instructions can be referred to in the future. I was hoping it shopuld be realtively easy to just have a line or two to make anything going to https://<website> redirect to port 8443.

Lars - will have a look at that but as mentioned I was hoping there might be a an easy line or two of code (would be easier than setting-up a proxy) but perhaps there isn't.

Tim - I guess it is just that they want a configuration which should work by default even if there is already one ssl application running which would probably run on the ssl default port 443 ;) good luck! 

Christoph - I was looking into this yesterday and I think it's because non-root users are not able to bind to ports below 1024 on Linux.

I think I found part of the answer in https://confluence.atlassian.com/jirakb/how-do-i-use-port-80-or-443-on-my-jira-server-as-a-non-root-user-on-linux-890079490.html - this at least redirects to port 8443 but then causes issues with gadgets on JIRA, and on both JIRA/confluence then also causes issues with base url if users use http rather than https.

I'm getting closer but it's a bit cyclic where it fixes somethings but breaks others. I may just advise users to go to https://<server>:8443

Tim thanks for sharing and all the best to you! 

I`d strongly recommend proxying your Confluence with either Apahce or Nginx.

Here is Atlassians documentation on it. 

https://confluence.atlassian.com/doc/using-apache-with-virtual-hosts-and-mod_proxy-173685.html

I also like that you give your users a friendly (simple) URL. That will definitly make the applicaiton more used.

Cheers,

Lars, Kantega Single Sign-on

Lars - will look at that I think for the future but does it add  another layer of complexity?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 29, 2018 in New to Confluence

How to use Confluence Cloud for stakeholder management

Most of us don’t need much convincing that stakeholder management is important. It just makes sense that keeping everyone in-the-know on projects and assigning clearly defined roles is key to having ...

1,132 views 2 6
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you