Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to integrate Jira, Confluence & Stash on the same Ubuntu server with Apache using SSL ?

Alexis Barta
Alexis Barta April 26, 2013

Hi everybody,

I installed Jira, Confluence and Stash on the same server (for money reason) with Apache behind the firewall.

We have a domain name (eg. www.my-domain.com) and I managed to configure the mod_proxy module of Apache to redirect :

- confluence.my-domain.com to http://192.168.0.1:8090

- stash.my-domaine.com to http://192.168.0.1:7990

- jira.my-domaine.com to http://192.168.0.1:8080

With 192.168.0.1 the local IP of our Ubuntu server.

The configuration was the following :

Client Browser -> http -> Apache Proxy -> http -> Tomcat (Jira, Confluence and Stash)

To do that, I wrote this in /etc/apache2/sites-available/default :

<VirtualHost *:80>
    ServerName confluence.my-domain.com
 	
 	ProxyRequests Off
	ProxyVia Block
	ProxyPreserveHost On
	
	<Proxy *>
		Order deny,allow
		Allow from All
	</Proxy>

    ProxyPass / http://localhost:8090/
    ProxyPassReverse / http://localhost:8090/
</VirtualHost>
<VirtualHost *:80>
    ServerName stash.my-domain.com
 	
 	ProxyRequests Off
	ProxyVia Block
	ProxyPreserveHost On
	
	<Proxy *>
		Order deny,allow
		Allow from All
	</Proxy>

    ProxyPass / http://localhost:7990/
    ProxyPassReverse / http://localhost:7990/
</VirtualHost>
<VirtualHost *:80>
    ServerName jira.my-domain.com
 	
 	ProxyRequests Off
	ProxyVia Block
	ProxyPreserveHost On
	
	<Proxy *>
		Order deny,allow
		Allow from All
	</Proxy>

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>

Everything, worked well, until I tried to use SSL.

Now, I don't know how to configure :

- /etc/apache2/sites-available/default

- /etc/apache2/sites-available/default-ssl

- Jira, Confluence and Stash server.xml to make it work with ssl.

I want this configuration :

Client Browser -> https -> Apache Proxy -> http -> Tomcat (Jira, Confluence and Stash)

To avoid Man in the middle attack.

FYI

I'm using a self-signed SSL Certificate, that I have created using the following tutorial : https://help.ubuntu.com/10.04/serverguide/certificates-and-security.html

And I already read https://confluence.atlassian.com/display/JIRA/Integrating+JIRA+with+Apache+using+SSL but I didn't succeed to operate the redirection with https, even if I tried it with Jira only.

Thank you for your help.

Alexis

Answer
Watch
Like Be the first to like this
1936 views

6 answers

2 votes
Ryan Goodwin
Ryan Goodwin
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 26, 2013

Hi Alexis,

Have a look at the Confluence doc and see if it provides better steps for you to follow:

https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS

You'll need to make some changes to the server.xml and web.xml for each tomcat instance.

View More Comments
Alexis Barta
Alexis Barta April 26, 2013

Thanks for the quick answer.

I'm going to try this.

Like
Alexis Barta
Alexis Barta April 26, 2013

I have read it, but this is not what I want.

I want this configuration :

Client Browser -> https -> Apache Proxy -> http -> Tomcat (Jira, Confluence and Stash)

To avoid Man in the middle attack.

Apache and Tomcat are on the same server, so I have no problem to let them communicate without encryption.

P.S: I have edited my question to make it more clear.

Like
Reply
0 votes
Javier Molina3
Javier Molina
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 12, 2014

Did you manage to get this configuration working?

Reply
0 votes
B. Normann P. Nielsen
B. Normann P. Nielsen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2014

a second point - after getting HTTPS to work, remember to redirect all http requests to https

Reply
0 votes
Radu Dumitriu
Radu Dumitriu
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2014

See Norman's answer. The problem that you are facing is very simple, it's the old SSL chicken and the egg. To apply a virtual host config over a SSL it's pretty tricky: to see what virtual host it is, you need to decript the message, but to decript the message you need to know what certificate to use.

So, you really need to read carefully all the document here: http://wiki.apache.org/httpd/NameBasedSSLVHosts

You need a wildcard certificate, not the usual, host-bounded !

View More Comments
Radu Dumitriu
Radu Dumitriu
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2014

Yeap, that's another solution, if this is acceptable.

Like
B. Normann P. Nielsen
B. Normann P. Nielsen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2014

Regarding the wildcard issue - this SSL type is quite expensive , so move JIRA, Confluence and Stash from

jira.domain.dk to domain.dk/jira

confluence.domain.dk to domain.dk/confluence

Like
Reply
0 votes
B. Normann P. Nielsen
B. Normann P. Nielsen
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2014

Hi,

I think if You "double" all entries in the existing file pated above, and change

<VirtualHost *:80>

to

<VirtualHost *:433>

And add:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/www.domain.dk.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.domain.dk.key

for each -> You are pretty close :-)
Reply
0 votes
Anand Unadkat
Anand Unadkat
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 9, 2014

Hi,

I am trying to do the same thing, but I can't get it to work the same way as you did. Did you register you domain somewhere? If so, could you please tell me where?

Thanks

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.