Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence Server behind Apache proxy not working with SSL?

Nick Welsh
Nick Welsh February 6, 2018

Trying to set up Confluence behind Apache with SSL but am hitting a wall. As per this guide, I can get confluence accessable extenrally. But when following this for SSL, it won't connect. But, if I connect with <domain>:8090 I can access confluence.

Running on Windows Server 2016, firewall is allowing ports 80, 443, 8090, and 8091, and the router is port forwarding as well. My SSL certs from from Let's Encrypt using letsencrypt-win-simple

httpd-vhosts.conf:

<VirtualHost *:443>
 ServerName <domain>
 
 ProxyRequests Off
 
 <Proxy *>
 Require all granted
 </Proxy>
 
 ProxyPass / http://<domain>:8090
 ProxyPassReverse / http://<domain>:8090
 
 SSLEngine On
 SSLCertificateFile "C:/path/to/crt.pem"
 SSLCertificateKeyFile "C:/path/to/key.pem"
 SSLCertificateChainFile "C:/path/to/chain.pem"
 
 <Location />
 Require all granted
 </Location>

 ProxyPass /synchrony http://<domain>:8091/synchrony

 <Location /synchrony>
 Require all granted 
 RewriteEngine on
 RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
 RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
 RewriteRule .* ws://<domain>:8091%{REQUEST_URI} [P]
 </Location>
</VirtualHost>

<VirtualHost *:80>
 ServerName <domain>
 Redirect Permanent / https://<domain>
 Redirect Permanent /synchrony https://<domain>/synchrony
</VirtualHost>

server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
 <Service name="Tomcat-Standalone">
 <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
 maxThreads="48" minSpareThreads="10"
 enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
 protocol="org.apache.coyote.http11.Http11NioProtocol" 
 proxyName="<domain>" proxyPort="443" secure="true" scheme="https"/>

 <Engine name="Standalone" defaultHost="localhost" debug="0">

 <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
 <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
 <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
 <Manager pathname="" />
 <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
 </Context>

 <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
 <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
 </Context>
 </Host>

 </Engine>
 </Service>
</Server>

 

Answer
Watch
Like Jennifer likes this
9137 views

1 answer

1 accepted

0 votes
Answer accepted
Thomas Deiler
Thomas Deiler
Community Champion
February 6, 2018

Dear @Nick Welsh,

what's the error message when you connect to https://<domain>:443?

So long

Thomas

View More Comments
Nick Welsh
Nick Welsh February 6, 2018

This site can’t be reached, <domain> took too long to respond. ERR_CONNECTION_TIMED_OUT

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 6, 2018

Ok - the port is most probably not opened.

Have you loaded the following modules in apache?

mod_proxy
mod_proxy_http
proxy_wstunnel
mod_rewrite

and

mod_ssl

And, have you set the directive "Listen 443" in apache config?

So long

Thomas

Like
Nick Welsh
Nick Welsh February 6, 2018

Ah, I never set Listen 443 in apache config. I can connect and the SSL is issued properly. But instead of seing the login screen I'm greeted with this lovely little error... 

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /login.action.

Reason: DNS lookup failure for: <domain>:8090login.action

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 6, 2018

ok - one step further. It starts to make fun ;)

The reason menas, that either apache or confluence (or both) are not able to resolve a domain name, that is somewhere configured.

Just to be sure: <domain>:8090 <--- this is the notation for a placeholder. If Google would install Confluence, they would write following:

confluence.google.com:8090

So you replaced <domain> with the real domain name of you server, right?

So long

Thomas

Like
Nick Welsh
Nick Welsh February 6, 2018

Yes, the actual domain is in both configs. I just replaced the actual domain with the placeholder here for privacy.

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 6, 2018

Ok, ok.

So please log on this server and type on command line (powershell)

nslookup <domain>

Does it get resolved?

So long

Thomas

Like
Nick Welsh
Nick Welsh February 6, 2018

Yes, the correct IP address is resolved.

Like
Nick Welsh
Nick Welsh February 6, 2018

It was a simple mistake. I was missing a "/"

Looking at the error again it says

DNS lookup failure for: <domain>:8090login.action

and I noticed that the "/" was missing. Looking at my httpd-vhosts.conf file....

<VirtualHost *:443>
...
 ProxyPass / http://<domain>:8090
 ProxyPassReverse / http://<domain>:8090
...
</VirtualHost>

<VirtualHost *:80>
...
 Redirect Permanent / https://<domain>
...
</VirtualHost>

 I was also missing the trailing "/"s.

It works, I can login, and the Base URL updated successfully. Thank you for your help!!

Like
Thomas Deiler
Thomas Deiler
Community Champion
February 6, 2018

Good - that's an "accept" worth, or?

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security