I have Internal Jira and Confluence nURL's and I want to expose them externally to individual users.

Hi Ann,

in this instance we are not using our NGINX firewall and we have Jira in use internally. We have Jira installed on Windows 2012 R2 running internally. what we want to do is have our external user have the ability too log on externally so that we do not have to provide an SSL VPN so that they can log in internally. The server is not running any web services and will just be Natted externally with port forwarding. If I install the SSL cert into the JRE directory will this suffice for our users to log on extarnally?

Thanks,

Mark

You have to add the certs to a keystore and define the location of the keystore in the server.xml file for each app. If Confluence and Jira will be connecting to one another for user management or application links and you are using a self signed cert, the certificate for each app will need to be added to the Java trust store of the other app. 

Our docs say it better than I do:

Running Confluence Over SSL or HTTPS

Running JIRA applications over SSL or HTTPS

Thanks Ann. It is making sense and I am having difficulty with using the Java Keytool. My question now is if I make the modifications<confluence-install-directory>/conf/server.xml  prior to the firewall cutover, will there be any affect on the internal URL's which everyone is using on a daily basis while we make it public. In other words, will this effort in making Jira public affect in any way the current production instance used on a daily basis. Also, the documentation seems to be for Confluence, would Jira follow the same instructions? Is there support available to assist us in doing this change to public?

Best Regards,

Mark

Hi Ann,

I am moving forward. Would I have to do anything with the config.bat file?

https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

Also, would Jira follow the same sequence of events?

 Thank you in advance for your response

Hi Mark,

I am not sure which sequence of events you mean as far as configuring SSL for Jira - the kb you posted is the right one, though.

Confluence doesn't have a configuration tool for SSL like config.bat (in Jira running on Windows) but if keytool is hard to use, Portecle can be a graphical alternative.

As far as whether the existing URL on port 8090 will still be accessible, it will be if you add a second connector directive to the server.xml, on port 443, and leave the existing one in place. (Also, if you configure a security constraint in web.xml as documented that will force requests to go to https and the 8090 URL will be unavailable.)

However, the base URL must either be the https one or the http one for several reasons, for example, XSRF errors and invalid URLs being built based on the base URL: Configuring the Server Base URL

Using different URLs. If you configure a different base URL or if visitors use some other URL to access Confluence, it is possible that you may encounter errors while viewing some pages.

Since this is a Production instance I recommend you spin up a test environment that is set up the same way, and test the SSL cutover there before doing it on your "live" system. Here are the docs for Confluence and Jira:

Restoring a Test Instance from Production

Establishing staging server environments for JIRA applications

Atlassian support is available to recommend SSL configurations but if you need real- time support during the cutover, please consider paying for an Atlassian Solution Partner. To find Solution Partners near you, please try the search tool: Find Solution Partners

regards,

Ann