Configuration with SSL reverse proxy

This does work fine... until... a user clicks on a link in Confluence with an incomplete URL like:

https://confluence.example.com/display/ABCD/

in which case Confluence issues a 302 for the correct page BUT uses http instead:

http://confluence.example.com/display/ABCD/this+is+the+intended+page

Since my server does not accept connections on 80 it times out and dies.

Wes,

Can you provide more info? How did you create such 'incomplete' links?

Alex

Hi Alexander, sure. By incomplete, I mean URLs that don't point to documents but instead point to the directory that contains the document. These URLs appear in the dashboard view and represent the 'spaces'.

I've turned on mod_log_forensics on the proxy server, and I see a log entry similar to this:

GET /display/SRUD HTTP/1.1|User-Agent:...

I can't see the response headers with mod_log_forensics but I'm sure that it is Confluence that is responding to this request with a 302. Here are my full request and response headers with a few things obfuscated to protect the innocent:

Request URL:https://help.example.com/display/SRUD
Request Method:GET
Status Code:302 Found
---Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Connection:keep-alive
Cookie:PHPSESSID=xxxxxxxxxxxxxx; JSESSIONID=xxxxxxxxxxxxxx
Host:help.example.com
Referer:https://help.example.com/
User-Agent:Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36
---Response Headersview source
Cache-Control:no-cache, must-revalidate
Connection:close
Content-Length:0
Content-Type:text/html;charset=UTF-8
Date:Mon, 10 Mar 2014 19:29:38 GMT
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Location:http://help.example.com/display/SRUD/Stocks+Registration
Pragma:no-cache
Server:Apache/2.2.15 (CentOS)
X-Ausername:supplier_read
X-Confluence-Request-Time:1394479778339
X-Content-Type-Options:nosniff
X-Powered-By:PHP/5.5.7 ZendServer/6.3.0
X-Seraph-Loginreason:OK
X-Xss-Protection:1; mode=block

I'm sorry. We figured out that it was our reverse proxy that was rewriting the urls.

Really??

This could make the links presented to users not functioning, right?

We use https://docs.netic.dk through a Traffic Manager - and this is base URL in confluence, so I also have the warning. Confluence actually runs on port http://host:8080

Changing the base Url to http://docs.netic.dk/ could make links end up being http://docs.netic.dk/display/spacename, which is not accessible

Absolutely, otherwise your urls in the emails and links are broken, not to mention reporting and other stuff.

Our system:

Confluence runs on a host called server011, presenting SSL connections on port 8999. The url https://server011:8999 is the base address, but is actually only accessible on that one server, the port is blocked to remote interfaces.

Apache proxies that to https://confluence.somewhere.co.uk and a user lands on the dashboard if they use that url, so we set the base url to https://confluence.somewhere.co.uk hso that emails, gadgets, reports and so-on all refer to the correct, externally accessible url. We don't use server011:8999 for anything other than the Apache connection.

If you've got a different base url, I actually suspect it's wrong, and your http://docs.netic.dk/display/spacename is right - that's where your users should be landing, and it is accessible if your proxies are set up correctly and permissions right.