Apache Config for Confluence 6

Hi,

I recently installed Confluence 6 with an Apache server frontending the communication.  I was following the instructions at https://confluence.atlassian.com/confeap/using-apache-with-mod_proxy-480346967.html and found them to be a bit inaccurate, so I thought I would publish my discovery.

In our configuration, we have the server url "https://confluence.company.com" which is hosted by Apache and backended with Confluence on the same server at port 8090.  The instructions talk about always having a context path - and I found that Example 2: Complex configuration without context path sort of described my scenario; however, it didn't work.  There are two issues.  First, the proxypath and proxypathrevers parameters should be pointing to the root "/" rather than "/confluence".  Second, the parameters for the ProxyHTMLURLMap are backwards. Lastly, when in practice, I found the ProxyHTMLURLMap was not processing all of the urls.  

What I did try was not setting a context in the tomcat configuration, then using the config below and that seems to be working fine.

<VirtualHost _default_:443>
    ServerAdmin scott_selberg@keysight.com
    ServerName confluence.keysight.com
    ErrorLog    "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/ssl_error_log.%Y%m%d"
    TransferLog "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/ssl_access_log.%Y%m%d"
    CustomLog   "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/ssl_custom_log.%Y%m%d" combined
    LogLevel warn
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    SSLCertificateFile <redacted>
    SSLCertificateChainFile <redacted>
    SSLCertificateChainFile <redacted>
    SSLCertificateChainFile <redacted>
    SSLCertificateKeyFile <redacted>
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy "*">
        Require all granted
    </Proxy>

    <Location />
        Require all granted
    </Location>

    ProxyPass /synchrony http://localhost:8091/synchrony
    <Location /synchrony>
        Require all granted
        RewriteEngine on
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
        RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
        RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
    </Location>

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>

    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    Alias "/video" "/confluence_videos"
    <Directory "/confluence_videos">
       Options +Indexes
       Require all granted
       SSLOptions +StdEnvVars
    </Directory>

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/video
    RewriteCond %{REQUEST_URI} !^/icons
    RewriteCond %{REQUEST_URI} !^/keysight
    RewriteCond %{REQUEST_URI} !^/notices
    RewriteCond %{REQUEST_URI} !^/synchrony
    RewriteRule ^/(.*) http://localhost:8090/$1 [P]
    ProxyPassReverse / http://localhost:8090
    #RewriteRule ^/(.*) /notices/maintenance.html
    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
</VirtualHost>

-Scott

2 answers

1 accepted

0 votes
Accepted answer

@Scott Selberg, I've followed their documentation and the config you laid out here, but I'm still having the same issue with Synchrony. I'm unable to edit and when looking at the console, I'm seeing this error, "GET https://confluence-01.domain.com/synchrony/v1/data/Synchrony-71030605-d…07-5177f63e4ec2/confluence-3506183?state-at=@head&state-format=type-tagged 404 (Not Found)"

Any idea?

Without seeing the apache configuration and the tomcat server.xml file, it's really hard to guess what could be going on.  If you post them, I'll take a look and let you know if I see anything.

I've been plugging different configs. I've tried yours, the wiki's, and other users. The one I'm currently using is:

Apache:

<VirtualHost *:443>
    ServerName confluence-01.domain.com
        ProxyRequests Off
        ProxyPass /synchrony http://confluence-01.domain.com:8091/synchrony
        <Location /synchrony>
                Require all granted
                RewriteEngine on
                RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
                RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
                RewriteRule .* ws://confluence-01.domain.com:8091%{REQUEST_URI} [P]
        </Location>

        <Proxy *>
          Require all granted
        </Proxy>
        ProxyPass / http://confluence-01.domain.com:8090/
        ProxyPassReverse / http://confluence-01.domain.com:8090/
        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/cert.pem
        SSLCertificateKeyFile /etc/ssl/private/key.key
#       RewriteEngine On
#       RewriteCond %{REQUEST_URI} !^/synchrony
#       RewriteRule ^/(.*) http://confluence.domain.com:8090/$1 [P]
        <Location />
                Require all granted
        </Location>
</VirtualHost>
<VirtualHost *:80>
    ServerName confluence-01.domain.com
    Redirect Permanent /  https://confluence-01.domain.com/
    Redirect Permanent /synchrony   https://confluence-01.domain.com/synchrony
</VirtualHost>

 

Confluence:

<Server port="8000" shutdown="SHUTDOWN" debug="0">
    <Service name="Tomcat-Standalone">
<!--        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol"/>  -->
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                proxyName="confluence-01.domain.com" proxyPort="443" secure="true" scheme="https"/>
        <Engine name="Standalone" defaultHost="confluence-01.domain.com" debug="1">
            <Host name="confluence-01.domain.com" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
                <Context path="" docBase="../confluence" debug="0" reloadable="false">
                    <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
                    <Manager pathname="" />
                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
                </Context>
            </Host>
        </Engine>
        <!--
            To run Confluence via HTTPS:
             * Uncomment the Connector below
             * Execute:
                 %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
                 $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
               with a password value of "changeit" for both the certificate and the keystore itself.
             * Restart and visit https://localhost:8443/
             For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
        -->
<!--
        <Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->
    </Service>
</Server>

I don't think you should redirect the port 80 synchrony calls to https - I believe they should get forwarded to the 8091 port.  I recall reading somewhere that https was not working with synchrony. That's just a guess on my part though.

... I just checked my config, and I redirect it.  So that's not the issue.

...
<VirtualHost _default_:80>
   Redirect permanent / https://confluence.keysight.com/
</VirtualHost>
...

Actually, by comment out the https part for synchrony, it is working!

Here are the differences I see.  

I set: ProxyPreserveHost On, you did not.  I don't know if that matters.

I'm using RewriteRule where you are using ProxyPass.  I think that may be the issue.

In your apache config, I see the following

...
ProxyPass / http://confluence-01.domain.com:8090/
ProxyPassReverse / http://confluence-01.domain.com:8090/
...

I think that will redirect all traffic to port 8090 - including that intended for synchrony.  In my redirect, I use

RewriteEngine On
 ...
 RewriteCond %{REQUEST_URI} !^/synchrony
 RewriteRule ^/(.*) http://localhost:8090/$1 [P]
 ProxyPassReverse / http://localhost:8090

Which should redirect all traffic just like the ProxyPass call you had - with the exception of the calls that start with /synchrony.  Those will not touched and I suspect then it will use the location information to send those calls to port 8091.

 

 

Hmm, I just saw your reply.  Glad to hear it's working - but I have no explaination.  

According to the apache manual for Redirect, "Additional path information beyond the matched URL-path will be appended to the target URL."

So, I think the synchrony line in the example below should be totally irrelevant as the first does the same thing.

<VirtualHost *:80>    ServerName confluence-01.domain.com
    Redirect Permanent /  https://confluence-01.domain.com/
    Redirect Permanent /synchrony   https://confluence-01.domain.com/synchrony
</VirtualHost>

However, since it's working something must be different - perhaps it's the missing slash at the end of the line...

0 votes

This is awesome, @Scott Selberg. It works like a charm.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,565 views 26 14
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you