Hi,

I am struggling to make confluence run with synchrony on an ssh tunnel reverse proxy. 

The setup and requirement is as follows

• http://localhost:8080/c confluence (notice that the context path is /c
• localhost:8091 synchrony (default no change done)
• with a local apache HTTP proxy this is routed to https 443 on localhost
• I have a proper SSL certificate for my website ( say myconfluence.com as an example) which allows me to access the website with https with the browser having no issues. 

This is my localhost apache httpd config and it works without any issues and locally I am able to use synchrony. (I am windows 10)

Listen 80
Listen 443
<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot c:/Apache24/htdocs/myconfluence.com_80
ErrorLog logs/myconfluence.com_80/error.log
CustomLog logs/myconfluence.com_80/access.log combined
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
RewriteEngine on
SSLEngine On
SSLProxyEngine On 
Include f:/etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile f:/etc/letsencrypt/myconfluence.com/fullchain.pem
SSLCertificateKeyFile f:/etc/letsencrypt/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
# https://confluence.atlassian.com/conf74/using-apache-with-mod_proxy-1003129518.html
ProxyPass /synchrony http://localhost:8090/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>
<Proxy *>
Require all granted
</Proxy>
DocumentRoot f:/data/myconfluence.com
ProxyPass /c http://localhost:8090/c
ProxyPassReverse /c http://localhost:8090/c
ProxyRequests off
ErrorLog F:/data/myconfluence.com_logs/error.log
CustomLog F:/data/myconfluence.com_logs/access.log combined
</VirtualHost>
</IfModule>

The above works flawlessly.

To test it I just add the following line in my c:\Windows\System32\drivers\etc\hosts file

#123.123.123.123 myconfluence.com
localhost myconfluence.com

it works without any issues and locally I am able to use synchrony. Because I have a proper SSL certificate installed both locally and in the external server, I am able to access it both ways. All this works perfectly until synchrony is enabled. Actually locally synchrony works behind the above proxy without any issues.

Now here is where the problem starts. 

After this, I have a remote server that allows me to access the same globally with a static IP. I open an ssh reverse tunnel to make this happen. The command is something like this.

ssh 123.123.123.123 -R 7789:localhost:443

The remote server is a  Ubuntu Linux, and this is the apache config file

<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot /var/www/html/myconfluence.com
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
RewriteEngine on
SSLEngine On
SSLProxyEngine On 
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myconfluence.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony https://localhost:7789/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:7789%{REQUEST_URI} [P]
</Location>
ProxyPass / https://localhost:7789/
ProxyPassReverse / https://localhost:7789/
<Location /c>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/myconfluence.com_443/error.log
CustomLog ${APACHE_LOG_DIR}/myconfluence.com_443/access.log combined
</VirtualHost>
</IfModule>

This is not working. Confluence is just working fine, but synchrony is not. 

And after this, I have one more layer which is a Cloudflare, that I didn't even try yet, but I hope it works out of the box if I can get the can fix this. 

Please note confluence is working fine as it is, I am struggling only with synchrony. 

Also, I am wondering, why I have to rewrite and proxy WebSocket, earlier I don't remember I had to ever configure confluence like this. I think I made it overcomplicated by doing something fundamentally wrong. 

People will notice that in the tunnel I am tunnel 443 which is apachehttpd not the tomcat. This is because in this website I want to host a few other things and wanted all traffic to go cleanly through a single tunnel. Which is another reason why context path is /c and not /

Please have a look and help me.

Thank you

Edit 

I was able to get this working by forwarding both the ports, one for confluence and other for synchrony and it works fine even behind cloudflare. It is a fix for sure. But if cloudflare is able to work, even my mirror server with static IP (as an example shown as 123.123.123.123 ) should also be able to do this. 

So this is the additional tunnel I created.

ssh 123.123.123.123 -R 7791:localhost:8091

And this is which worked

<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot /var/www/html/myconfluence.com
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
SSLEngine On
SSLProxyEngine On 
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myconfluence.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony http://localhost:7791/synchrony
<Location /synchrony>
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:7791%{REQUEST_URI} [P]
</Location>
ProxyPass / https://localhost:7789/
ProxyPassReverse / https://localhost:7789/
<Location /c>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/myconfluence.com_443/error.log
CustomLog ${APACHE_LOG_DIR}/myconfluence.com_443/access.log combined
</VirtualHost>
</IfModule>

So the modified question is

• Is this correct way it should be done?
• Is there a way of not having to open 2 tunnels?

Thank you