Hi,
Before I describe my problem, I would like to tell you what I am trying to achieve. I am running Jira, Confluence, and Bamboo on a single server on an internal network. I would like to access them from the outside over SSL. (Currently I have custom ports for each app and have those ports open on the firewall). I would like to only open up port 443 on the firewall and have an SSL proxy somehow tunnel to each server.. (note, I'm not very good with server IT stuff..)
After reading through all the documentation, I currently have Jira, Confluence, and Bamboo accessible through Apache where I can type https://<server>/jira, https://<server>/confluence, etc. but it immediately gets proxied back to port 80 (apache port) so I have to have both port 80 and 443 open on the firewall for it to work.
For starters, can I do what I want to do? If so, what did I do wrong? I thought I had the ssl proxy set up to forward to normal http but only inside the network and use ssl for everything outside... but that does not appear to be the case.
Thanks.
-Matt
Why not do everything over SSL or https? Why fool around with http access internally? From the issues you are describing, you do not seem to have an internal and external firewalls/routers. If you did, the external firewall/redirector would not need port 80 open. The external firewall/redirector would route to your internal firewall/router or to your host service directly.
If you still want http access then you can modify your web services to have a redirect/security constraint http to https.
I certainly could just do everything over ssl. Perhaps I will give that a try. I just saw in the documentation I could terminate the ssl connection and am just fine with using normal http on the internal network.
With regards to the firewalls, I have a wireless router controlling access to the external network (internet). I have the virtual server/port forwarding setup currently to forward the specific ports for jira, bamboo, and confluence to my internal server. The firewall on my internal server has the same ports open as well.
My goal in using SSL is to just have port 443 open on the wireless router and have 443 open on the internal server's firewall in addition to having port 80 open on the internal server with the caviot that only machines on the LAN can get through on port 80.
So from the outside, I can get to any one of jira, confluence, and bamboo by only having port 443 open to the internet instead of using 3 separate ports.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Can you tell which type of packets are getting to the wireless router that are on port 80? I am guessing your web service on the internal server is not returning packets back on the return path correctly. Is your web service configured subdomain redirection for both ports?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So, again, forgive me for not being a good IT guy.. I have not checked the packet traffic as of yet.. also I didn't think I was using subdomains? e.g. Jira for example is on <server>/jira and not jira.<server>
I decided to just drop SSL for now and get back to it later.. so, as it stands now I can access the various Atlassian services on the local network via http using the proxy stuff to send it to <server>/jira and such and just access them from the outside using their ports..
Eventually, I'll get back to trying it again.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Using subdirectories is another form of subdomains from the web service point of view. You can redirect on them.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.