It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Apache2 Reverse Proxy for Confluence with Letsencrypt Edited


Hello,
using Ubuntu Linux with Apache 2.4.18 as reverse Proxy for Confluence. SSL Certifiacte is from letsencrypt.
SSL works partially.
All URLs with a "#" in it, did not work but all other.
Did not understand what is the Problem.

The default-ssl.conf is active too.

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName myserver.tld
SSLCertificateFile /etc/letsencrypt/live/myserver.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

 

/etc/apache2/sites-available/confluence.conf

<VirtualHost *:443>
TimeOut 1000
ServerName myserver.tld
DocumentRoot /var/www/
ProxyPreserveHost On
ProxyRequests Off
RequestHeader set X-Forwarded-Proto "https"
RequestHeader set X-Forwarded-Port "443"
ProxyPass /.well-known !
ProxyPass / http://myserver.tld:8090/
ProxyPassReverse / http://myserver.tld:8090/
SSLCertificateFile /etc/letsencrypt/live/myserver.tld/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myserver.tld/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>


SSL nOK
https://myserver.tld/#all-updates


SSL OK
https://myserver.tld/display/DEN/Apache

 

 

2 answers

0 votes
DPK_J Community Leader Aug 13, 2019

If your certificate is generated for `mail.nochricht.de` it will only work for this domain and not for any other domain like `myserver.tld`

Also when setting up reverse proxy with Apache HTTPD `VirtualHost` config, value of `ProxyPass` and `ProxyPassReverse` has to be same.

ProxyPass / http://mail.nochricht.de:8090/
ProxyPassReverse / http://mail.nochricht.de:8090/

You can also use `localhost` or `127.0.0.1` in place of `mail.nochricht.de` if you are running Conflunce on same server (using internal IP is best) in `ProxyPass` and `ProxyPassReverse` config.

Thanks forgot to rename the orginal FQDN

Looks like this was the solution:

 

BaseURL need to be fixed

 

../conf/server.xml

 

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"

maxThreads="48" minSpareThreads="10"

enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"

protocol="org.apache.coyote.http11.Http11NioProtocol"

scheme="https" secure="true" proxyName="myserver.tld" proxyPort="443"/>

DPK_J Community Leader Aug 14, 2019

Yes forgot to mention,

scheme="https" secure="true" proxyName="myserver.tld" proxyPort="443"

inside Connector is also required.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

How is your team having fun and bonding, remotely, utilizing Confluence?

Thanks everyone for answering last week’s question. The winner of the random drawing from those who commented is: @LarryBrock I’ll contact you separately with your prize details. This wee...

283 views 9 7
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you