Running Confluence with firewall on Linux

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Atlassian applications allow the use of Firewalls within our products, however Atlassian Support does not provide assistance for configuring it. Consequently, Atlassian cannot guarantee providing any support for it.

  • If assistance with conversions of certificates is required, please consult with the vendor who provided the certificate.

  • If assistance with configuration is required, please raise a question on Atlassian Answers.

Solution

Overview

This documentation describes how to allow Confluence to run behind a firewall (Iptables) on Linux.

Verifying the firewall rules

1- To make sure your firewall is enable, run the following command:

1 iptables -nL

2 - Allowing the Confluence's port to be reached behind the firewall:

1 2 3 iptables -I INPUT -p tcp --dport 8090 -j ACCEPT iptables -I FORWARD -p tcp --dport 8090 -j ACCEPT iptables -P OUTPUT ACCEPT

3 - Add these lines if you are running Confluence on port 8443:

1 2 iptables -I INPUT -p tcp --dport 8443 -j ACCEPT iptables -I FORWARD -p tcp --dport 8443 -j ACCEPT

4 - Allowing the forward connections:

1 2 Add the following line on /etc/sysctl.conf net.ipv4.ip_forward = 1

5 - The last thing to do is reboot your Linux.

1 reboot

ℹ️ If you are running Centos 7, the management of firewall has changed. To disable the firewall follow the steps below:

Disable Firewalld

To disable firewalld, run the following command as root:

1 systemctl disable firewalld

Stop Firewalld

To stop firewalld, run the following command as root:

1 systemctl stop firewalld

Check the Status of Firewalld

To check the status of firewalld, run the following command as root:

1 systemctl status firewalld

ℹ️ If you prefer to keep Firewalld active, there are a few more steps to be taken:

1- Allowing ports and make the change permanent with the following commands:

1 2 3 4 firewall-cmd --add-port=8090/tcp firewall-cmd --permanent --add-port=8090/tcp firewall-cmd --add-port=8443/tcp firewall-cmd --permanent --add-port=8443/tcp

2- Add the services:

1 2 3 4 firewall-cmd --add-service=http firewall-cmd --permanent --add-service=http firewall-cmd --add-service=https firewall-cmd --permanent --add-service=https

3- To finish, the following commands are required to configure the forwarding:

1 2 3 4 5 firewall-cmd --add-masquerade firewall-cmd --permanent --add-masquerade firewall-cmd --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d 127.0.0.1 --dport 443 -j REDIRECT --to-ports 8443 firewall-cmd --direct --add-rule ipv4 nat OUTPUT 1 -p tcp -d <confluence-ip> --dport 443 -j REDIRECT --to-ports 8443

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummarySolution

Still need help?

The Atlassian Community is here for you.
Ask the Community