Use SSL to log in to Jira, Confluence, and Bamboo

Matthew Campbell October 27, 2012

Hi,

Before I describe my problem, I would like to tell you what I am trying to achieve. I am running Jira, Confluence, and Bamboo on a single server on an internal network. I would like to access them from the outside over SSL. (Currently I have custom ports for each app and have those ports open on the firewall). I would like to only open up port 443 on the firewall and have an SSL proxy somehow tunnel to each server.. (note, I'm not very good with server IT stuff..)

After reading through all the documentation, I currently have Jira, Confluence, and Bamboo accessible through Apache where I can type https://<server>/jira, https://<server>/confluence, etc. but it immediately gets proxied back to port 80 (apache port) so I have to have both port 80 and 443 open on the firewall for it to work.

For starters, can I do what I want to do? If so, what did I do wrong? I thought I had the ssl proxy set up to forward to normal http but only inside the network and use ssl for everything outside... but that does not appear to be the case.

Thanks.

-Matt

1 answer

1 accepted

0 votes
Answer accepted
Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 27, 2012

Why not do everything over SSL or https? Why fool around with http access internally? From the issues you are describing, you do not seem to have an internal and external firewalls/routers. If you did, the external firewall/redirector would not need port 80 open. The external firewall/redirector would route to your internal firewall/router or to your host service directly.

If you still want http access then you can modify your web services to have a redirect/security constraint http to https.

Matthew Campbell October 28, 2012

I certainly could just do everything over ssl. Perhaps I will give that a try. I just saw in the documentation I could terminate the ssl connection and am just fine with using normal http on the internal network.

With regards to the firewalls, I have a wireless router controlling access to the external network (internet). I have the virtual server/port forwarding setup currently to forward the specific ports for jira, bamboo, and confluence to my internal server. The firewall on my internal server has the same ports open as well.

My goal in using SSL is to just have port 443 open on the wireless router and have 443 open on the internal server's firewall in addition to having port 80 open on the internal server with the caviot that only machines on the LAN can get through on port 80.

So from the outside, I can get to any one of jira, confluence, and bamboo by only having port 443 open to the internet instead of using 3 separate ports.

Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 28, 2012

Can you tell which type of packets are getting to the wireless router that are on port 80? I am guessing your web service on the internal server is not returning packets back on the return path correctly. Is your web service configured subdomain redirection for both ports?

Matthew Campbell October 28, 2012

So, again, forgive me for not being a good IT guy.. I have not checked the packet traffic as of yet.. also I didn't think I was using subdomains? e.g. Jira for example is on <server>/jira and not jira.<server>

I decided to just drop SSL for now and get back to it later.. so, as it stands now I can access the various Atlassian services on the local network via http using the proxy stuff to send it to <server>/jira and such and just access them from the outside using their ports..

Eventually, I'll get back to trying it again.

Norman Abramovitz
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
October 28, 2012

Using subdirectories is another form of subdomains from the web service point of view. You can redirect on them.

Suggest an answer

Log in or Sign up to answer