Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL(HTTPS) for Jira & Confluence

Deleted user May 24, 2017

Hello -  We have recently enabled SSL for jira and confluence (test environment), through limited validation it looks like https site is working as expected. However we want to test thoroughly before it's rolled off to prod.

SSL is enabled at HAPROXY (SSL off-loading @ haproxy) and hence very limited changes are done at Jira and Conf side.

We have setup haproxy in a way all http connections are redirected to https and jira,confluence setup knows the proxy details. PFB details -

haproxy setup:

=========

frontend jira_uat
bind *:80 name http
bind *:443 ssl crt /root/certs/corp.pem
mode http
option socket-stats
redirect prefix https://testjira.corp.com code 301 if { hdr(host) -i testjira }
acl jira hdr_end(host) -i testjira.corp.com
acl homepath path /
redirect location /jira/secure/Dashboard.jspa if jira homepath
use_backend jiraapp if jira
redirect prefix https://testconflu.corp.com code 301 if { hdr(host) -i testconflu }
acl conflu hdr_end(host) -i testconflu.corp.com
acl homepath path /
redirect location /confluence/login.action?login.action if conflu homepath
use_backend confluapp if conflu

backend jiraapp
mode http
redirect scheme https code 301 if !{ ssl_fc }
server jira 192.1.1.1:8080 check

backend confluapp
mode http
redirect scheme https code 301 if !{ ssl_fc }
server conflu 192.1.1.1:8090 check

 

JIRA (Server.xml) Setup

===============

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
secure="true"
scheme="https"
proxyName="haproxy.corp.com"
proxyPort="443"/>

 

Can you pl suggest on -

1. Does the above setup look good?

2. Is updating base URL to HTTPS necessary as HTTP TO HTTPS redirection is taken care of at haproxy level?

3. We have no. of custom plugins on both jira and confluence, do we need to test the functionality post https enablement? i.e is there any change of custom plugins braking post ssl

4. There numerous images having hard coded (http) link on jira and confluence database. Do we need to change them to https?

5. One minor issue observed is - post https enablement, after login - default dashborad page isn't loaded properly, we had to cliear cache or access in incognito to get proper dashbooard page rendered. Is there a method to clear cache at application level after ssl enablement?

 

Thanks in advance.

 

- Regards

Narayan

Answer
Watch
Like Be the first to like this
670 views

1 answer

0 votes
JP _AC Bielefeld Leader_
JP _AC Bielefeld Leader_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 6, 2017

Hi,

what Confluence / Jira version are you refering to?

I cant't tell you anything about haproxy, but with the supported proxys you should change the base URL to https, otherwise you will have certain image URLs (you already found that out) that will render with http protocol. This will lead to a security warning in variuos browsers (Insecure content).

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events