Secure development on Atlassian SDK using useHttps

Check the <useHttps>true</useHttps> configuration item. It appears to be a bit of a secret that could handle some more exposure. It starts Atlassian SDK running over HTTPS/SSL on port 443 without the need for a proxy server. Nice.

You can add it here:


<plugin>

    <groupId>com.atlassian.maven.plugins</groupId>

    <artifactId>maven-confluence-plugin</artifactId>

    <version>${amps.version}</version>

    <extensions>true</extensions>

    <configuration>

        <productVersion>${confluence.version}</productVersion>

        <productDataVersion>${confluence.data.version}</productDataVersion>

        <useHttps>true</useHttps>

     </configuration>

</plugin>

You'll need to start the server like so:

sudo atlas-run

Otherwise, you'll likely get the following error trying to bind to port 443 as a non-root user:


[INFO] [talledLocalContainer] SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-443"]

[INFO] [talledLocalContainer] java.net.BindException: Permission denied <null>:443

[INFO] [talledLocalContainer] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:406)

[INFO] [talledLocalContainer] 	at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:610)

[INFO] [talledLocalContainer] 	at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:429)

[INFO] [talledLocalContainer] 	at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119)

[INFO] [talledLocalContainer] 	at org.apache.catalina.connector.Connector.initInternal(Connector.java:981)

[INFO] [talledLocalContainer] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

[INFO] [talledLocalContainer] 	at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559)

[INFO] [talledLocalContainer] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

[INFO] [talledLocalContainer] 	at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:814)

[INFO] [talledLocalContainer] 	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102)

[INFO] [talledLocalContainer] 	at org.apache.catalina.startup.Catalina.load(Catalina.java:633)

[INFO] [talledLocalContainer] 	at org.apache.catalina.startup.Catalina.load(Catalina.java:658)

[INFO] [talledLocalContainer] 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

[INFO] [talledLocalContainer] 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

[INFO] [talledLocalContainer] 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[INFO] [talledLocalContainer] 	at java.lang.reflect.Method.invoke(Method.java:606)

[INFO] [talledLocalContainer] 	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)

[INFO] [talledLocalContainer] 	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)

[INFO] [talledLocalContainer] Caused by: java.net.BindException: Permission denied

[INFO] [talledLocalContainer] 	at java.net.PlainSocketImpl.socketBind(Native Method)

[INFO] [talledLocalContainer] 	at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:376)

[INFO] [talledLocalContainer] 	at java.net.ServerSocket.bind(ServerSocket.java:376)

[INFO] [talledLocalContainer] 	at java.net.ServerSocket.<init>(ServerSocket.java:237)

[INFO] [talledLocalContainer] 	at java.net.ServerSocket.<init>(ServerSocket.java:181)

[INFO] [talledLocalContainer] 	at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:136)

[INFO] [talledLocalContainer] 	at sun.security.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:107)

[INFO] [talledLocalContainer] 	at sun.security.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:84)

[INFO] [talledLocalContainer] 	at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:182)

[INFO] [talledLocalContainer] 	at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:393)

[INFO] [talledLocalContainer] 	... 17 more

[INFO] [talledLocalContainer]

Does this work well?

Yes and no. It's super easy to get going provided you remember about root permissions, but there are drawbacks.

You have to sudo on redeploys, and well, pretty much everything you do.

This seems like overkill though:

sudo atlas-package

atlas-install-plugin or sudo atlas-install-plugin doesn't work as it tries to install to port 1990 for Confluence, 2990 for JIRA and so forth.

I ended up uploading the plugin via the UPM each time it was redeployed. That's just rubbish.

This however, should work nicely:

sudo atlas-install-plugin --http-port 443

Will I continue to use this?

I'm not sure at the moment, unless its just for a very quick test or for JIRA development. Proxying with nginx is so easy. It's setup and forget easy, at least for Confluence.