We have Jira and Confluence hosted on the same server at different port(Jira:8080 and Confluence:8090) and currently accessible through servername and port.
Now the business requirement is to run both the applications over https, at atlassian site a basic document is available but it is mentioned in the doc that "It is by no means a definitive or comprehensive guide to configuring HTTPS and may not apply to your environment."
I would request you all if anyone have completed this activity with same setup, please guide me.
Even your little help would be appreciated.
Thanks for your help in advance.
There are a lot of possibilities here, however you do it, and there's probably an entire book that could be written. To avoid that, could you give us an idea of your broader goal?
Https, yes, good, you should be doing that for any system that people might write to. Http is, nowadays, only for static read-only sites where security is not needed.
I'm thinking more of structure and https. My personal preference is "one url, with different areas", so you end up with https://somewhere.com , https://somewhere.com/confluence , https://somewhere.com/jira , https://somewhere.com/otherstuff , and so-on.
I mostly use a proxy server to do that sort of stuff though. And I offload SSL to the proxy, to get better performance on the back-end.
As you can tell, this could be quite a long discussion, but let's try to keep it simple.
Thanks for your help.
Considering our current setup, it would be fine If we can setup a structure where Jira and Confluence exists on separate URLs. Something like the following:
I am exploring what the SSL costs would be if we chose different domains though so in that sense, the first option is more preferable.
We are working with NetScaler for some other applications so using a proxy server would be feasible.
What do you think would be a good starting point here?
Thanks a lot for your help.
A reverse proxy is my personally preferred route, probably because it's what I'm most familiar with (it's also good to offload the SSL on to the proxy, is easier to integrate into larger web sites, and it's very similar to load balancers when you scale up to data-centre, and most of our clients are doing it, so it's good to practice)
Is that what you are aiming for?
Ok, I would break this task into two parts. First, get a proxy working with http, then, second, add httpS to the proxy.
There's a lot there, but if you follow each step, it will work fine. Most of the text is really more about giving you a sample than actual instructions. It comes down to making sure your web-server has the right modules to support it, then editing the "site" files for the web-server to add the proxy server settings and the Jira server's server.xml to match the context, and telling Jira what the new base url is.
The second step is confusing. SSL is not simple (if it were, it probably wouldn't be secure enough). Do NOT even start on this step until you have Jira working ok through a simple http proxy, that way lies madness. But assuming you have that, your next steps are reading two docs:
These try too hard, imho, and could do with a summary (assuming you have an http proxy setup working ok)
Sorry for the late reply, I was on leave.
Now we have proxy enabled with expired cert as we are configuring QA environment first.
But getting Gadget error "MSG_gadget_name" and "gadget.common.error.500".
Do you know what could be the cause?
Installation of cert on jira server(this cert will be same cert that we will be using on proxy server or different cert), please share if there is any doc for installing cert on jira server.
Thanks a lot!
We have configured the reverse proxy with netscaler at network end, but business did not agree to use this approach.
Now we are using apache as reverse proxy and with http both the application is working fine with apache as reverse proxy, but when we are enabling the SSLengine service(jira and Confluence) site is not reachable.
We have been struggling for two days but still not able to figure out the root cause.
Could you please help where we are missing something?
Thanks and Regards
It's impossible to say without a description of the problem.
You say the service is "unreachable" - that implies that the service is not resolving, which is a DNS problem. I don't think that's the whole problem though, if it works without SSL, I suspect its reachable but firewalled or misconfigured.
Could you tell us what the browser errors are?
Above issue is resolved now, both the application is running over https.
Again we are getting errors of gadgets "__MSG_gadget.created.vs.resolved.title__", while configuring the applications with http this error was not occurring.
I read some of the Atlassian article and found that we need to place certificate in JRE. My opinion is if we are offloading Certificate in Apache, do we need to place cert in JRE folder also?
Thanks for your help.
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events