Confluence 10.x doesn't include SSLHostConfig parameters by default in server.xml

XMLWordPrintable

    • 20
    • Severity 2 - Major
    • 172

      Note

      Resolving this issue (for both upgrade or fresh install) requires manually update of <confluence_install>/conf/server.xml, as Tomcat 10.x requires new ssh config element. Please follow the below workaround or refer to the Tomcat 10.x official documentation here

       

      Issue Summary

      Confluence 10.x doesn't include the SSLHostconfig parameters by default in server.xml file as per the latest changes with Tomcat 10

      Steps to Reproduce

      1. Install a Confluence version prior to 10.x
      2. Run Confluence over HTTPS as per Running Confluence over SSL/HTTPS
      3. Upgrade Confluence to version 10.1

      Expected Results

      Confluence should come up after once upgrade is completed.

      Actual Results

      Confluence fails to start and in the application logs we see below error. This indicates that server.xml configuration for the HTTPS connector is missing or incorrectly configured an SSLHostConfig element.
      The below exception is thrown in the atlassian.confluence.log file:

      java.lang.IllegalArgumentException: No SSLHostConfig element was found with the hostName [_default_] to match the defaultSSLHostConfigName for the connector [https-jsse-nio2-9443]

      Workaround

      • Stop Confluence
      • Take back up of <confluence_install>/conf/server.xml
      • Add SSL config parameters similar to below and restart Confluence:
      <Connector port="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
                    protocol="org.apache.coyote.http11.Http11NioProtocol"
                    maxHttpHeaderSize="8192" SSLEnabled="true" maxThreads="150" minSpareThreads="25"
                    enableLookups="false" disableUploadTimeout="true"
                    acceptCount="100" scheme="https" secure="true"
                    useBodyEncodingForURI="true">
                    <SSLHostConfig protocols="TLSv1.2,TLSv1.3" certificateVerification="none">
                     <Certificate
                        certificateKeyAlias="KeyAliasName"
                        certificateKeystoreFile="/opt/atlassian/confluence/confluence_home/certs/keystore.jks"
                        certificateKeystorePassword="changeit"
                        certificateKeystoreType="JKS"
                      />
                    </SSLHostConfig>

       

              Assignee:
              Jeffery Xie
              Reporter:
              Sushree Shailaja Satapathy (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: