Apache2 Reverse Proxy for Confluence with Letsencrypt

DS August 13, 2019


Hello,
using Ubuntu Linux with Apache 2.4.18 as reverse Proxy for Confluence. SSL Certifiacte is from letsencrypt.
SSL works partially.
All URLs with a "#" in it, did not work but all other.
Did not understand what is the Problem.

The default-ssl.conf is active too.

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName myserver.tld
SSLCertificateFile /etc/letsencrypt/live/myserver.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

 

/etc/apache2/sites-available/confluence.conf

<VirtualHost *:443>
TimeOut 1000
ServerName myserver.tld
DocumentRoot /var/www/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPass /.well-known !
ProxyPass / http://myserver.tld:8090/
ProxyPassReverse / http://myserver.tld:8090/
SSLCertificateFile /etc/letsencrypt/live/myserver.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>


SSL nOK
https://myserver.tld/#all-updates


SSL OK
https://myserver.tld/display/DEN/Apache

 

 

2 answers

0 votes
DS August 14, 2019

Looks like this was the solution:

 

BaseURL need to be fixed

 

../conf/server.xml

 

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"

maxThreads="48" minSpareThreads="10"

enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"

protocol="org.apache.coyote.http11.Http11NioProtocol"

scheme="https" secure="true" proxyName="myserver.tld" proxyPort="443"/>

DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 14, 2019

Yes forgot to mention,

scheme="https" secure="true" proxyName="myserver.tld" proxyPort="443"

inside Connector is also required.

0 votes
DPKJ
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
August 13, 2019

If your certificate is generated for `mail.nochricht.de` it will only work for this domain and not for any other domain like `myserver.tld`

Also when setting up reverse proxy with Apache HTTPD `VirtualHost` config, value of `ProxyPass` and `ProxyPassReverse` has to be same.

ProxyPass / http://mail.nochricht.de:8090/
ProxyPassReverse / http://mail.nochricht.de:8090/

You can also use `localhost` or `127.0.0.1` in place of `mail.nochricht.de` if you are running Conflunce on same server (using internal IP is best) in `ProxyPass` and `ProxyPassReverse` config.

DS August 13, 2019

Thanks forgot to rename the orginal FQDN

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events