I will answer my own question.
In our environment we wanted to change from using port 8443 to just 443 to eliminate the use of a trailing :8443 behind the url.
I understand the security risk by running stuff as root, we are internal behind our corp firewall.
What I ended up doing is this:
1. Add "Connector" entries to /opt/atlassian/xx/conf/server.xml for 80,8443, 8080 or 8090 and redirect them to 443
2. Change the redirected "Connector" to 443 <-- this redirects any http to https
3. Add the following to web.xml:
<!-- Require HTTPS for everything except /img (favicon) and /css. -->
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOrHTTP</web-resource-name>
<url-pattern>*.ico</url-pattern>
<url-pattern>/img/*</url-pattern>
<url-pattern>/css/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
4. Add the following to /etc/ufw/before.rules before the "filter" section <-- this was needed to route 8443 to 443... have to figure out why...
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 8443 -j REDIRECT --to-port 443
COMMIT
5. Reboot
Now every possible iteration of the url that someone has used in the past will be redirected to the new intended URL
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.