Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Apache2 Reverse Proxy for Confluence with Letsencrypt

DS
DS August 13, 2019 edited


Hello,
using Ubuntu Linux with Apache 2.4.18 as reverse Proxy for Confluence. SSL Certifiacte is from letsencrypt.
SSL works partially.
All URLs with a "#" in it, did not work but all other.
Did not understand what is the Problem.

The default-ssl.conf is active too.

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName myserver.tld
SSLCertificateFile /etc/letsencrypt/live/myserver.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

 

/etc/apache2/sites-available/confluence.conf

<VirtualHost *:443>
TimeOut 1000
ServerName myserver.tld
DocumentRoot /var/www/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPass /.well-known !
ProxyPass / http://myserver.tld:8090/
ProxyPassReverse / http://myserver.tld:8090/
SSLCertificateFile /etc/letsencrypt/live/myserver.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>


SSL nOK
https://myserver.tld/#all-updates


SSL OK
https://myserver.tld/display/DEN/Apache

 

 

Answer
Watch
Like Be the first to like this
803 views

2 answers

0 votes
DS
DS August 14, 2019

Looks like this was the solution:

 

BaseURL need to be fixed

 

../conf/server.xml

 

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"

maxThreads="48" minSpareThreads="10"

enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"

protocol="org.apache.coyote.http11.Http11NioProtocol"

scheme="https" secure="true" proxyName="myserver.tld" proxyPort="443"/>

View More Comments
DPKJ
DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 14, 2019

Yes forgot to mention,

scheme="https" secure="true" proxyName="myserver.tld" proxyPort="443"

inside Connector is also required.

Like
Reply
0 votes
DPKJ
DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
August 13, 2019

If your certificate is generated for `mail.nochricht.de` it will only work for this domain and not for any other domain like `myserver.tld`

Also when setting up reverse proxy with Apache HTTPD `VirtualHost` config, value of `ProxyPass` and `ProxyPassReverse` has to be same.

ProxyPass / http://mail.nochricht.de:8090/
ProxyPassReverse / http://mail.nochricht.de:8090/

You can also use `localhost` or `127.0.0.1` in place of `mail.nochricht.de` if you are running Conflunce on same server (using internal IP is best) in `ProxyPass` and `ProxyPassReverse` config.

View More Comments
DS
DS August 13, 2019

Thanks forgot to rename the orginal FQDN

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
atlassian, atlassian community events, ace, engineering, confluence feed, power of feed, atlassian ask me anything, atlassian confluence answers, ace rsvp, atlassian community events rsvp, atlassian magic

“How We Built This” ft. Atlassian Confluence Engineers

Meet the engineers who are making the Confluence magic happen at Atlassian ✨

RSVP now!
AUG Leaders

Upcoming Confluence Events