What do you think? Discuss, post comments, or ask questions at the end of this article [More about me]

Install notes for installing a Confluence instance on Amazon EC2

Steps adapted from this excellent guide at wiki2.easycloudsolutions.com.

Setup LAMP on server

We first need to setup a LAMP (Linux-Apache-MySQL-PHP) server.  For Amazon Linux we can follow this tutorial on AWS.

Initialise and Run MySQL

Do an update on your Amazon Linux AMI

sudo yum update

Start MySQL:

sudo service mysqld start

Secure MySQL (enter root password for MySQL instance when prompted)

sudo mysql_secure_installation

Make sure to do (see below) to ensure service starts on reboot

sudo chkconfig mysqld on

Configure MySQL for confluence

Login to MySQL using terminal and your admin details

mysql -u root -p

Create the Confluence DB

CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;

Create a user for Confluence, and give them full access

GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceuser'@'localhost' IDENTIFIED BY '<PASSWORD>';

NOTE: replace '<PASSWORD>' with a secure password.

Refresh MySQL privileges:

FLUSH PRIVILEGES;

Set remaining settings according to here.

Install Confluence

See wiki entry for help.

  1. Download confluence install .bin file directly from Atlassian.
  2. Make it executable.
  3. Install by running bin (e.g. sudo ./xxx.bin).
  4. If using MySQL will need to install plaftform independent connector/J to
    1. cp <connectorJ.jar> /opt/atlassian/confluence/lib
    2. restart confluence
  5. Access confluence on http://<domain>:8090

Confluence and related services

sudo service mysqld status
sudo service mysqld start
sudo service mysqld stop
sudo service confluence start
sudo service confluence stop
sudo service confluence restart


The below directions for redirecting ports and setting up SSL on confluence are deprecated. Please see Apache reverse-proxy SSL to multiple server applications for a better solution to both port redirection and SSL.

Redirecting port 443 to 8443

We can iptables to route from https (443) to the confluence secured port as outlined here.

HTTPS (SSL) on Confluence

Confluence uses tomcat so we can use the Java .keystore method as outlined here.

Once installed, you need to modify the `server.xml` file located at <CONFLUENCE_INSTALL>/conf/server.xml.

Here is an example of enabling https on port 8443:

<CONFLUENCE_INSTALL>/conf/server.xml 
<Server port="8000" shutdown="SHUTDOWN" debug="0">
    <Service name="Tomcat-Standalone">
        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol" />

        <Engine name="Standalone" defaultHost="localhost" debug="0">

            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
                <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
                    <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
                    <Manager pathname="" />
                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
                </Context>

                <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
                </Context>
            </Host>

        </Engine>

        <!--
            To run Confluence via HTTPS:
             * Uncomment the Connector below
             * Execute:
                 %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
                 $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
               with a password value of "changeit" for both the certificate and the keystore itself.
             * Restart and visit https://localhost:8443/

             For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
        -->
        <Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="<PASSWORD>"/>
    </Service>
</Server>

Where <PASSWORD> is the secure password you used when creating the .keystore file (see here for details).