Running Confluence with firewall on Linux

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Atlassian applications allow the use of Firewalls within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian cannot guarantee providing any support for it.

  • If assistance with conversions of certificates is required, please consult with the vendor who provided the certificate.
  • If assistance with configuration is required, please raise a question on Atlassian Answers.

Overview

This documentation describes how to allow Confluence to run behind a firewall (Iptables) on Linux. 

Verifying the firewall rules

1- To make sure your firewall is enable, run the following command:

iptables -nL


2 - Allowing the Confluence's port to be reached behind the firewall:

iptables -I INPUT -p tcp --dport 8090 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8090 -j ACCEPT
iptables -P OUTPUT ACCEPT


3 - Add these lines if you are running Confluence on port 8443:

iptables -I INPUT -p tcp --dport 8443 -j ACCEPT
iptables -I FORWARD -p tcp --dport 8443 -j ACCEPT


4 - Allowing the forward connections:

Add the following line on /etc/sysctl.conf
net.ipv4.ip_forward = 1


5 - The last thing to do is reboot your Linux.

reboot


(info) If you are running Centos 7, the management of firewall has changed. To disable the firewall follow the steps below:

Disable Firewalld

To disable firewalld, run the following command as root:

systemctl disable firewalld

Stop Firewalld

To stop firewalld, run the following command as root:

systemctl stop firewalld

Check the Status of Firewalld

To check the status of firewalld, run the following command as root:

systemctl status firewalld


(info) If you prefer to keep Firewalld active, there are a few more steps to be taken:

1- Allowing ports and make the change permanent with the following commands: 

firewall-cmd --add-port=8090/tcp
firewall-cmd --permanent --add-port=8090/tcp
firewall-cmd --add-port=8443/tcp
firewall-cmd --permanent --add-port=8443/tcp

2- Add the services:

firewall-cmd --add-service=http
firewall-cmd --permanent --add-service=http
firewall-cmd --add-service=https
firewall-cmd --permanent --add-service=https

3- To finish, the following commands are required to configure the forwarding:

firewall-cmd --add-masquerade
firewall-cmd --permanent --add-masquerade

firewall-cmd --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443
firewall-cmd --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d <confluence-ip> --dport 443 -j REDIRECT --to-ports 8443




Last modified on Dec 30, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.