Use SSL to log in to Jira, Confluence, and Bamboo


Before I describe my problem, I would like to tell you what I am trying to achieve. I am running Jira, Confluence, and Bamboo on a single server on an internal network. I would like to access them from the outside over SSL. (Currently I have custom ports for each app and have those ports open on the firewall). I would like to only open up port 443 on the firewall and have an SSL proxy somehow tunnel to each server.. (note, I'm not very good with server IT stuff..)

After reading through all the documentation, I currently have Jira, Confluence, and Bamboo accessible through Apache where I can type https://<server>/jira, https://<server>/confluence, etc. but it immediately gets proxied back to port 80 (apache port) so I have to have both port 80 and 443 open on the firewall for it to work.

For starters, can I do what I want to do? If so, what did I do wrong? I thought I had the ssl proxy set up to forward to normal http but only inside the network and use ssl for everything outside... but that does not appear to be the case.



1 answer

1 accepted

0 votes
Accepted answer

Why not do everything over SSL or https? Why fool around with http access internally? From the issues you are describing, you do not seem to have an internal and external firewalls/routers. If you did, the external firewall/redirector would not need port 80 open. The external firewall/redirector would route to your internal firewall/router or to your host service directly.

If you still want http access then you can modify your web services to have a redirect/security constraint http to https.

I certainly could just do everything over ssl. Perhaps I will give that a try. I just saw in the documentation I could terminate the ssl connection and am just fine with using normal http on the internal network.

With regards to the firewalls, I have a wireless router controlling access to the external network (internet). I have the virtual server/port forwarding setup currently to forward the specific ports for jira, bamboo, and confluence to my internal server. The firewall on my internal server has the same ports open as well.

My goal in using SSL is to just have port 443 open on the wireless router and have 443 open on the internal server's firewall in addition to having port 80 open on the internal server with the caviot that only machines on the LAN can get through on port 80.

So from the outside, I can get to any one of jira, confluence, and bamboo by only having port 443 open to the internet instead of using 3 separate ports.

Can you tell which type of packets are getting to the wireless router that are on port 80? I am guessing your web service on the internal server is not returning packets back on the return path correctly. Is your web service configured subdomain redirection for both ports?

So, again, forgive me for not being a good IT guy.. I have not checked the packet traffic as of yet.. also I didn't think I was using subdomains? e.g. Jira for example is on <server>/jira and not jira.<server>

I decided to just drop SSL for now and get back to it later.. so, as it stands now I can access the various Atlassian services on the local network via http using the proxy stuff to send it to <server>/jira and such and just access them from the outside using their ports..

Eventually, I'll get back to trying it again.

Using subdirectories is another form of subdomains from the web service point of view. You can redirect on them.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Jan 08, 2019 in Jira

How to Jira for designers

I’m a designer on the Jira team. For a long time, I’ve fielded questions from other designers about how they should be using Jira Software with their design team. I’ve also heard feedback from other ...

1,234 views 5 10
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you