Getting confluence setup with a reverse apache proxy

Dalton Tidwell March 9, 2018

Hi everyone, I would really appreciate any help that can be offered. I am experiencing several problems right now that I believe can all be traced back to the reverse proxy setup, but I am unsure where the issue is.

The issues are:

A warning that the base url cannot be checked.

AD Synchronization fails with "The following URL does not specify a valid Crowd User Management REST service".

I cannot update the license key from the GUI.

 

===Apache Configuration===
<VirtualHost *:443>
ServerName ohsejiradev01.domain.com

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on

SSLProtocol all -SSLv2

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLHonorCipherOrder     on

SSLCertificateFile (Verified to exist)

SSLCertificateKeyFile (Verified to exist)


<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

#   SSL Protocol Adjustments:
BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

#   Per-Server Logging:
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

RedirectMatch ^/$ https://ohsejiradev01.domain.com/jira
# JIRA Proxy Configuration:
<Proxy *>
        Require all granted
</Proxy>

SSLProxyEngine          On
ProxyRequests           Off
ProxyPreserveHost       On

ProxyPass /synchrony http://ohsejiradev01.domain.com:8091/synchrony
<Location /synchrony>
    Require all granted
    RewriteEngine on
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
    RewriteRule .* ws://<domain>:8091%{REQUEST_URI} [P]
</Location>

ProxyPass               /jira       http://ohsejiradev01.domain.com:8080/jira
ProxyPassReverse        /jira       http://ohsejiradev01.domain.com:8080/jira
<Location /jira>
    Require all granted
</Location>

ProxyPass /confluence http://ohsejiradev01.domain.com:8090/confluence
ProxyPassReverse /confluence http://ohsejiradev01.domain.com:8090/confluence
<Location /confluence>
    Require all granted
</Location>

</VirtualHost>

###HTTP###
<VirtualHost *:80>
    ServerName ohsejiradev01.domain.com
    Redirect Permanent /  https://ohsejiradev01.domain.com/jira
    Redirect Permanent /jira  https://ohsejiradev01.domain.com/jira
    Redirect Permanent /confluence  https://ohsejiradev01.domain.com/confluence
    Redirect Permanent /synchrony   https://ohsejiradev01.domain.com/synchrony
</VirtualHost>

 

===server.xml===

<Server port="8000" shutdown="SHUTDOWN" debug="0">
    <Service name="Tomcat-Standalone">
        <Connector proxyName="ohsejiradev01.domain.com"
                scheme="https" secure="true"
                proxyport="443"
                port="8090" redirectPort="8443"
                minSpareThreads="10" maxThreads="48"
                acceptCount="100"
                debug="0"
                connectionTimeout="20000"
                disableUploadTimeout="true"
                enableLookups="false"
                maxHttpHeaderSize="8192"
                URIEncoding="UTF-8"
                protocol="HTTP/1.1" />

                <Connector protocol="HTTP/1.1"
                port="8091" redirectPort="8443"
                minSpareThreads="25" maxThreads="150"
                acceptCount="100"
                connectionTimeout="20000"
                disableUploadTimeout="true"
                enableLookups="false"
                maxHttpHeaderSize="8192"
                useBodyEncodingForURI="true"/>


        <Engine name="Standalone" defaultHost="localhost" debug="0">

            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
                <Context path="/confluence" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
                    <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
                    <Manager pathname="" />
                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
                </Context>

                <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
                </Context>
            </Host>

        </Engine>
    </Service>
</Server>

 

===setenv.sh (I appended the following two lines)===

CATALINA_OPTS="-Dhttp.nonProxyHosts=*.domain.com\|ohsejiradev01.domain.com/confluence\|ohsejiradev01.domain.com/jira\|ohsejiradev01\|localhost\|127.0.0.1 ${CATALINA_OPTS}"
CATALINA_OPTS="-Dhttps.proxyHost=(PROXY IP to OUTSIDE WORLD) -Dhttps.proxyPort=3128 ${CATALINA_OPTS}"

1 comment

Shaun S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
April 6, 2018

Looking at the Tomcat connector for port 8090 I see  proxyport="443" . If you change this to  proxyPort="443" and restart the Confluence service do you see any change in behavior? 

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events