I have read the documentation on atlassian products behind Apache HTTPD 2.4 reverse proxy and I am still seeing the following in the httpd logs. There are DataCenter installs but single server for now. I am using a trial license as my goal is to migrate existing deployment from one AWS account to another but security is requiring all apps to sit behind a reverse proxy.
http://confluence.service.consul:8090/confluence/rest/mywork/latest/status/notification/count proxyname: (null) proxyport: 0, referer: https://gateway.org/confluence/plugins/servlet/troubleshooting/view/
In this scenario, the reverse proxy gateway.org is connected to an Amazon ALB that is publicly available via Route53. I have installed Jira, Confluence, Bitbucket and Bamboo in the private subnets and I am using consul for the internal DNS. Here are the two server.xml entries configured.
<Connector port="8050"
connectionTimeout="20000" maxThreads="200" minSpareThreads="10"
enableLookups="false" acceptCount="10" URIEncoding="UTF-8" />
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" proxyName="gateway.org" proxyPort="443"/>
Port 8090 is for the reverse proxy and I am using port 8050 for application links that bypass the reverse proxy per the following documents.
https://confluence.atlassian.com/kb/reverse-proxy-and-application-link-troubleshooting-guide-719095279.html
https://confluence.atlassian.com/kb/how-to-create-an-unproxied-application-link-719095740.html
Note: I did change the base URLs to the unproxied links when creating the application links. Even though the show network connection using https://gateway.org/confluence and https://gateway.org/jira respectively had a status of error. I was able to edit the Application Link in both http://jira.service.consul:8050/jira and http://confluence.service.consul:8050/confluence respectively on each app and the application links showed connected.
Here are the entries in httpd.conf
ProxyPreserveHost On
ProxyRequests Off (I have tried this with and without this entry)
ProxyVia Off (I have tried this with and without this entry)
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony/ http://confluence.service.consul:8091/synchrony/
ProxyPassReverse /synchrony/ http://confluence.service.consul:8091/synchrony/
<location /synchrony/>
ProxyPreserveHost On
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://confluence.service.consul:8091%{REQUEST_URI} [P]
</location>
ProxyPass /confluence/ http://confluence.service.consul:8090/confluence/
ProxyPassReverse /confluence/ http://confluence.service.consul:8090/confluence/
<location /confluence/>
ProxyPreserveHost On
Require all granted
</location>
<location /jira/>
ProxyPreserveHost On
AuthType openid-connect
Require valid-user
</location>
ProxyPass /jira/ https://jira.service.consul:8443/jira/
ProxyPassReverse /jira/ https://jira.service.consul:8443/jira/
Not that I am using SSL for Jira, so here are the applicable server.xml entries.
<Connector port="8050" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
connectionTimeout="20000" maxThreads="200" minSpareThreads="10"
enableLookups="false" acceptCount="10" URIEncoding="UTF-8" />
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="gateway.org" proxyPort="443"/>
<Connector port="8443" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
sslEnabledProtocols="TLSv1.2"
useBodyEncodingForURI="true"
keyAlias="1" keystoreFile="/data/1/atlassian/jira/jira.jks"
keystorePass="password" keystoreType="JKS"
proxyName="gateway.org" proxyPort="443"
redirectPort="443"/>
I have port 8080 in there in case I just need to use mod_proxy without SSL. Which I am going to try next.
Please not that the jira.consul.service, confluence.consul.service are resolvable via internal DNS provided by Consul.
I am assuming the proxyName and proxyPort not being defined are a real problem but everything appears to work except that when in Confluence, entering a Jira text, like, SAM-9 does not automatically link to Jira, I have to highlight it and the create a Jira Story/Epic/ect link. When I do that, in Jira, the Issues Link is populated but I expected it to automatically link. I did go the the Jira Project and create a Project link the the Confluence page I was referencing but still not auto linking if you will.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.