Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SSL(HTTPS) for Jira & Confluence

Hello -  We have recently enabled SSL for jira and confluence (test environment), through limited validation it looks like https site is working as expected. However we want to test thoroughly before it's rolled off to prod.

SSL is enabled at HAPROXY (SSL off-loading @ haproxy) and hence very limited changes are done at Jira and Conf side.

We have setup haproxy in a way all http connections are redirected to https and jira,confluence setup knows the proxy details. PFB details -

haproxy setup:

=========

frontend jira_uat
bind *:80 name http
bind *:443 ssl crt /root/certs/corp.pem
mode http
option socket-stats
redirect prefix https://testjira.corp.com code 301 if { hdr(host) -i testjira }
acl jira hdr_end(host) -i testjira.corp.com
acl homepath path /
redirect location /jira/secure/Dashboard.jspa if jira homepath
use_backend jiraapp if jira
redirect prefix https://testconflu.corp.com code 301 if { hdr(host) -i testconflu }
acl conflu hdr_end(host) -i testconflu.corp.com
acl homepath path /
redirect location /confluence/login.action?login.action if conflu homepath
use_backend confluapp if conflu

backend jiraapp
mode http
redirect scheme https code 301 if !{ ssl_fc }
server jira 192.1.1.1:8080 check

backend confluapp
mode http
redirect scheme https code 301 if !{ ssl_fc }
server conflu 192.1.1.1:8090 check

 

JIRA (Server.xml) Setup

===============

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
secure="true"
scheme="https"
proxyName="haproxy.corp.com"
proxyPort="443"/>

 

Can you pl suggest on -

1. Does the above setup look good?

2. Is updating base URL to HTTPS necessary as HTTP TO HTTPS redirection is taken care of at haproxy level?

3. We have no. of custom plugins on both jira and confluence, do we need to test the functionality post https enablement? i.e is there any change of custom plugins braking post ssl

4. There numerous images having hard coded (http) link on jira and confluence database. Do we need to change them to https?

5. One minor issue observed is - post https enablement, after login - default dashborad page isn't loaded properly, we had to cliear cache or access in incognito to get proper dashbooard page rendered. Is there a method to clear cache at application level after ssl enablement?

 

Thanks in advance.

 

- Regards

Narayan

1 answer

0 votes

Hi,

what Confluence / Jira version are you refering to?

I cant't tell you anything about haproxy, but with the supported proxys you should change the base URL to https, otherwise you will have certain image URLs (you already found that out) that will render with http protocol. This will lead to a security warning in variuos browsers (Insecure content).

Suggest an answer

Log in or Sign up to answer
TAGS

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you