Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

SSL connection

Sebastian Benz
Sebastian Benz
Contributor
July 2, 2019

We are trying to set up confluence over SSL by using this two tutorials:

https://confluence.atlassian.com/doc/running-confluence-over-ssl-or-https-161203.html

https://github.com/richstokes/lets-encrypt-confluence

We can't connect over SSL. At the moment we didn't change the Base-URL.

Is this step necessary or should the connection work for both HTTP and HTTPS?

Is it possible to change the Base-Url via console, if there are problems after changing it to https?

 

Answer
Watch
Like Be the first to like this
1274 views

1 answer

1 accepted

0 votes
Answer accepted
Shankar Asam {Appfire}
Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 3, 2019

Hi,

You can alway change base url from confluence console to https or http depending the connection access you have. The BASE url step is necessary otherwise the plugin system will not work properly but you can still access confluence and browse admin area and do the most of the work.

 

-Shankar

View More Comments
Sebastian Benz
Sebastian Benz
Contributor
July 3, 2019

OK, thanks for your answer. I change it in the server.xml in this section?

<Engine name="Standalone" defaultHost="localhost" debug="0">

            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">

                <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">  --> change to false?

                    <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->

                    <Manager pathname=""/>

                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>

                </Context>

 

                <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"

                         reloadable="false" useHttpOnly="true"> --> change to false?

                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>

                </Context>

            </Host>

        </Engine>

Like
Shankar Asam {Appfire}
Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 3, 2019

If you want to change the base url, it can only done through confluence UI - not through any files.

But if you want to make confluence accessible on HTTPS, you will need to change the following section in server.xml (uncomment these);

<Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"
                   keystoreFile="<MY_CERTIFICATE_LOCATION>"/>

keystorePass and keystoreFile - these values to changed to the actual password and file you use. I am hoping that you have already imported SSL certs in to keystore.

-Shankar

Like
Sebastian Benz
Sebastian Benz
Contributor
July 3, 2019

Hi,

yes we imported keystore files and edited the server.xml, in that way you described. But it's not possible to access the site via https.

Like
Shankar Asam {Appfire}
Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 3, 2019

Please let me know how you're accessing the confluence? I mean the URL in the browser and also attach the complete server.xml file. And do you access confluence with http (prior to this https change)

-Shankar

Like
Sebastian Benz
Sebastian Benz
Contributor
July 3, 2019

Actually we can access  the site via http://domain:8090, but not via https://domain:8443

Here is the complete server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">

    <Service name="Tomcat-Standalone">

        <!--

         ==============================================================================================================

         DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.




         If using a http/https proxy, comment out this connector.

         ==============================================================================================================

        -->

        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"

                   maxThreads="48" minSpareThreads="10"

                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"

                   protocol="org.apache.coyote.http11.Http11NioProtocol"/>

        <!--

         ==============================================================================================================

         HTTP - Proxying Confluence via Apache or Nginx over HTTP




         If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.

         Make sure you provide the right information for proxyName and proxyPort.




         For more information see:

            Apache - https://confluence.atlassian.com/x/4xQLM

            nginx  - https://confluence.atlassian.com/x/TgSvEg




         ==============================================================================================================

        -->



  <!--

        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"

                   maxThreads="48" minSpareThreads="10"

                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"

                   protocol="org.apache.coyote.http11.Http11NioProtocol"

                   scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>

        -->




        <!--

         ==============================================================================================================

         HTTPS - Direct connector with no proxy, for unproxied HTTPS access to Confluence.




         For more info see https://confluence.atlassian.com/x/s3UC

         ==============================================================================================================

        -->







        <Connector port="8443" maxHttpHeaderSize="8192"

                   maxThreads="150" minSpareThreads="25"

                   protocol="org.apache.coyote.http11.Http11Nio2Protocol"

                   enableLookups="false" disableUploadTimeout="true"

                   acceptCount="100" scheme="https" secure="true"

                   clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"

                   URIEncoding="UTF-8" keystorePass="<password>" keystoreFile="/path/to/keystore/letsencrypt.jks"/>







        <!--

         ==============================================================================================================

         HTTPS - Proxying Confluence via Apache or Nginx over HTTPS




         If you're proxying traffic to Confluence over HTTPS, uncomment the connector below and comment out the others.

         Make sure you provide the right information for proxyName and proxyPort.




         For more information see:

            Apache - https://confluence.atlassian.com/x/PTT3MQ

            nginx  - https://confluence.atlassian.com/x/cNIvMw

         ==============================================================================================================

        -->

        <!--

        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"

                   maxThreads="48" minSpareThreads="10"

                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"

                   protocol="org.apache.coyote.http11.Http11NioProtocol"

                   scheme="https" secure="true" proxyName="<subdomain>.<domain>.com" proxyPort="443"/>

        -->




        <Engine name="Standalone" defaultHost="localhost" debug="0">

            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">

                <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">

                    <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->

                    <Manager pathname=""/>

                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>

                </Context>




                <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"

                         reloadable="false" useHttpOnly="true">

                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>

                </Context>

            </Host>

        </Engine>

    </Service>

</Server>

 
Like
Shankar Asam {Appfire}
Shankar Asam {Appfire}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 3, 2019

The configuration looks to be correct. Can you just make sure that you have 8443 port listening on the server by running netstat command and make sure your firewalls not blocking this to access. 

If it's not listening then - there must be SSL certs or keystore related issue. What if you're trying to access with https://domain:8090 and check

-Shankar

Like
Sebastian Benz
Sebastian Benz
Contributor
July 9, 2019

Hi, sorry for the delayed answer. It was a firewall problem with port 8443 and when we try to configure port 443, we have to configure permissions for the confluence-user.

 

Thanks for your support

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.