It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Configuration with SSL reverse proxy

Alexander Afonyashin Aug 12, 2012

Is there any documentation to configure Confluence behind SSL reverse proxy server? Currently I use the following scheme:

user<-(https)->nginx<-(http)->conluence

All work fine but whet 'Server Base Url' is set to https:// prefix then UPM warns me with 'The base URL configuration of your instance is inconsistent with the URL in your browser'. How can I get rid of this warning?

Best regards,

Alexander Afonyashin

5 answers

3 votes
Alexander Afonyashin Oct 03, 2012

The solution is as follows. Edit server.xml file and find Connector port= element. At the end of it, before /> symbols add: proxyName="external_https_server_name" proxyPort="443" scheme="https"

This works both for JIRA and Confluence.

Wesley Grant Mar 06, 2014

This does work fine... until... a user clicks on a link in Confluence with an incomplete URL like:

https://confluence.example.com/display/ABCD/

in which case Confluence issues a 302 for the correct page BUT uses http instead:

http://confluence.example.com/display/ABCD/this+is+the+intended+page

Since my server does not accept connections on 80 it times out and dies.

Alexander Afonyashin Mar 06, 2014

Wes,

Can you provide more info? How did you create such 'incomplete' links?

Alex

Wesley Grant Mar 06, 2014

Hi Alexander, sure. By incomplete, I mean URLs that don't point to documents but instead point to the directory that contains the document. These URLs appear in the dashboard view and represent the 'spaces'.

0 votes
Nic Brough [Adaptavist] Community Leader Aug 12, 2012

Change the base url in Confluence to be consistent with the one Apache is presenting to the outside world.

Normann P. Nielsen Sep 27, 2012

Really??

This could make the links presented to users not functioning, right?

We use https://docs.netic.dk through a Traffic Manager - and this is base URL in confluence, so I also have the warning. Confluence actually runs on port http://host:8080

Changing the base Url to http://docs.netic.dk/ could make links end up being http://docs.netic.dk/display/spacename, which is not accessible

Nic Brough [Adaptavist] Community Leader Sep 27, 2012

Absolutely, otherwise your urls in the emails and links are broken, not to mention reporting and other stuff.

Our system:

Confluence runs on a host called server011, presenting SSL connections on port 8999. The url https://server011:8999 is the base address, but is actually only accessible on that one server, the port is blocked to remote interfaces.

Apache proxies that to https://confluence.somewhere.co.uk and a user lands on the dashboard if they use that url, so we set the base url to https://confluence.somewhere.co.uk hso that emails, gadgets, reports and so-on all refer to the correct, externally accessible url. We don't use server011:8999 for anything other than the Apache connection.

If you've got a different base url, I actually suspect it's wrong, and your http://docs.netic.dk/display/spacename is right - that's where your users should be landing, and it is accessible if your proxies are set up correctly and permissions right.

0 votes
Wesley Grant Mar 06, 2014

Hi Alexander, sure. By incomplete, I mean URLs that don't point to documents but instead point to the directory that contains the document. These URLs appear in the dashboard view and represent the 'spaces'.

0 votes
Alexander Afonyashin Mar 06, 2014

Hi Wes,

(second try - the previos post failed) I wonder if got this problem. I would like you to check your proxy settings (or even better) check if it rewrites answers from upstreams in Headers section.

Alex

Wesley Grant Mar 10, 2014

I've turned on mod_log_forensics on the proxy server, and I see a log entry similar to this:

GET /display/SRUD HTTP/1.1|User-Agent:...

I can't see the response headers with mod_log_forensics but I'm sure that it is Confluence that is responding to this request with a 302. Here are my full request and response headers with a few things obfuscated to protect the innocent:

Request URL:https://help.example.com/display/SRUD
Request Method:GET
Status Code:302 Found
---Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:PHPSESSID=xxxxxxxxxxxxxx; JSESSIONID=xxxxxxxxxxxxxx
Host:help.example.com
Referer:https://help.example.com/
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36
---Response Headersview source
Cache-Control:no-cache, must-revalidate
Connection:close
Content-Length:0
Content-Type:text/html;charset=UTF-8
Date:Mon, 10 Mar 2014 19:29:38 GMT
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Location:http://help.example.com/display/SRUD/Stocks+Registration
Pragma:no-cache
Server:Apache/2.2.15 (CentOS)
X-Ausername:supplier_read
X-Confluence-Request-Time:1394479778339
X-Content-Type-Options:nosniff
X-Powered-By:PHP/5.5.7 ZendServer/6.3.0
X-Seraph-Loginreason:OK
X-Xss-Protection:1; mode=block

Wesley Grant Mar 12, 2014

I'm sorry. We figured out that it was our reverse proxy that was rewriting the urls.

0 votes
Alexander Afonyashin Mar 12, 2014

Hi Wes,

Good news, since I was unable to catch such redirect at our servers.

Regards,

Alex

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Confluence

Confluence CVEs and common questions

Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...

946 views 0 19
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you