Confluence does not respect HTTPS in Server Base URL when 301 redirecting

XMLWordPrintable

    • Severity 2 - Major

      We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence...

      Confluence should respect the Server Base URL setting and use the proper URL when redirecting.

      I'm attaching a series of 8 images showing how cumbersome this can get when logging in and then getting redirected many times when trying to visit the homepage. (best viewed in order from 0->7)

      I'm also attaching two relevant Apache Config files.

      • The first redirects all non-SSL requests to be SSL requests
      • The second actually handles the proxying to localhost over SSL

        1. confluence-ssl-proxy.conf
          0.9 kB
        2. confluence-to-ssl.conf
          0.3 kB
        3. homepage_0.png
          homepage_0.png
          114 kB
        4. homepage_1.png
          homepage_1.png
          120 kB
        5. homepage_2.png
          homepage_2.png
          120 kB
        6. homepage_3.png
          homepage_3.png
          136 kB
        7. homepage_4.png
          homepage_4.png
          124 kB
        8. homepage_5.png
          homepage_5.png
          140 kB
        9. homepage_6.png
          homepage_6.png
          118 kB
        10. homepage_7.png
          homepage_7.png
          132 kB

              Assignee:
              Unassigned
              Reporter:
              Brandon Carl
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: