Check the <useHttps>true</useHttps>
configuration item. It appears to be a bit of a secret that could handle some more exposure. It starts Atlassian SDK running over HTTPS/SSL on port 443 without the need for a proxy server. Nice.
You can add it here:
<plugin>
<groupId>com.atlassian.maven.plugins</groupId>
<artifactId>maven-confluence-plugin</artifactId>
<version>${amps.version}</version>
<extensions>true</extensions>
<configuration>
<productVersion>${confluence.version}</productVersion>
<productDataVersion>${confluence.data.version}</productDataVersion>
<useHttps>true</useHttps>
</configuration>
</plugin>
You'll need to start the server like so:
sudo atlas-run
Otherwise, you'll likely get the following error trying to bind to port 443 as a non-root user:
[INFO] [talledLocalContainer] SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-443"]
[INFO] [talledLocalContainer] java.net.BindException: Permission denied <null>:443
[INFO] [talledLocalContainer] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)
[INFO] [talledLocalContainer] at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)
[INFO] [talledLocalContainer] at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)
[INFO] [talledLocalContainer] at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)
[INFO] [talledLocalContainer] at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)
[INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[INFO] [talledLocalContainer] at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)
[INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[INFO] [talledLocalContainer] at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)
[INFO] [talledLocalContainer] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)
[INFO] [talledLocalContainer] at org.apache.catalina.startup.Catalina.load(Catalina.java:633)
[INFO] [talledLocalContainer] at org.apache.catalina.startup.Catalina.load(Catalina.java:658)
[INFO] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[INFO] [talledLocalContainer] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
[INFO] [talledLocalContainer] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[INFO] [talledLocalContainer] at java.lang.reflect.Method.invoke(Method.java:606)
[INFO] [talledLocalContainer] at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
[INFO] [talledLocalContainer] at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
[INFO] [talledLocalContainer] Caused by: java.net.BindException: Permission denied
[INFO] [talledLocalContainer] at java.net.PlainSocketImpl.socketBind(Native Method)
[INFO] [talledLocalContainer] at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)
[INFO] [talledLocalContainer] at java.net.ServerSocket.bind(ServerSocket.java:376)
[INFO] [talledLocalContainer] at java.net.ServerSocket.<init>(ServerSocket.java:237)
[INFO] [talledLocalContainer] at java.net.ServerSocket.<init>(ServerSocket.java:181)
[INFO] [talledLocalContainer] at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)
[INFO] [talledLocalContainer] at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:107)
[INFO] [talledLocalContainer] at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:84)
[INFO] [talledLocalContainer] at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:182)
[INFO] [talledLocalContainer] at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)
[INFO] [talledLocalContainer] ... 17 more
[INFO] [talledLocalContainer]
Does this work well?
Yes and no. It's super easy to get going provided you remember about root permissions, but there are drawbacks.
You have to sudo
on redeploys, and well, pretty much everything you do.
This seems like overkill though:
sudo atlas-package
atlas-install-plugin
or sudo atlas-install-plugin
doesn't work as it tries to install to port 1990
for Confluence, 2990
for JIRA and so forth.
I ended up uploading the plugin via the UPM each time it was redeployed. That's just rubbish.
This however, should work nicely:
sudo atlas-install-plugin --http-port 443
Will I continue to use this?
I'm not sure at the moment, unless its just for a very quick test or for JIRA development. Proxying with nginx is so easy. It's setup and forget easy, at least for Confluence.