It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

SSL(HTTPS) for Jira & Confluence

Narayan May 24, 2017

Hello -  We have recently enabled SSL for jira and confluence (test environment), through limited validation it looks like https site is working as expected. However we want to test thoroughly before it's rolled off to prod.

SSL is enabled at HAPROXY (SSL off-loading @ haproxy) and hence very limited changes are done at Jira and Conf side.

We have setup haproxy in a way all http connections are redirected to https and jira,confluence setup knows the proxy details. PFB details -

haproxy setup:

=========

frontend jira_uat
bind *:80 name http
bind *:443 ssl crt /root/certs/corp.pem
mode http
option socket-stats
redirect prefix https://testjira.corp.com code 301 if { hdr(host) -i testjira }
acl jira hdr_end(host) -i testjira.corp.com
acl homepath path /
redirect location /jira/secure/Dashboard.jspa if jira homepath
use_backend jiraapp if jira
redirect prefix https://testconflu.corp.com code 301 if { hdr(host) -i testconflu }
acl conflu hdr_end(host) -i testconflu.corp.com
acl homepath path /
redirect location /confluence/login.action?login.action if conflu homepath
use_backend confluapp if conflu

backend jiraapp
mode http
redirect scheme https code 301 if !{ ssl_fc }
server jira 192.1.1.1:8080 check

backend confluapp
mode http
redirect scheme https code 301 if !{ ssl_fc }
server conflu 192.1.1.1:8090 check

 

JIRA (Server.xml) Setup

===============

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="100"
disableUploadTimeout="true"
secure="true"
scheme="https"
proxyName="haproxy.corp.com"
proxyPort="443"/>

 

Can you pl suggest on -

1. Does the above setup look good?

2. Is updating base URL to HTTPS necessary as HTTP TO HTTPS redirection is taken care of at haproxy level?

3. We have no. of custom plugins on both jira and confluence, do we need to test the functionality post https enablement? i.e is there any change of custom plugins braking post ssl

4. There numerous images having hard coded (http) link on jira and confluence database. Do we need to change them to https?

5. One minor issue observed is - post https enablement, after login - default dashborad page isn't loaded properly, we had to cliear cache or access in incognito to get proper dashbooard page rendered. Is there a method to clear cache at application level after ssl enablement?

 

Thanks in advance.

 

- Regards

Narayan

1 answer

0 votes
Jan-Peter Rusch Jun 06, 2017

Hi,

what Confluence / Jira version are you refering to?

I cant't tell you anything about haproxy, but with the supported proxys you should change the base URL to https, otherwise you will have certain image URLs (you already found that out) that will render with http protocol. This will lead to a security warning in variuos browsers (Insecure content).

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Posted in United States

Topic Tuesday: Agile

Another week, another Topic Tuesday!  Agile has been on my mind a lot lately because I've seen good implementations and bad implementations, but now as a Jira admin it matters more to me whether...

14 views 0 0
View post

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you