Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Configuring Confluence with Apache Proxy

dpliatsios
dpliatsios September 27, 2018

Hello,

I am trying to configure Confluence through an Apache Proxy, using this guide but I have some issues.

In server.xml if I use the direct HTTPS connector as:

<Connector port="9443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="*****" keystoreFile="*******"/>

Confluence starts without any problems.

If I select HTTPS through proxy by setting:

<Connector port="9443" connectionTimeout="20000"
                   maxThreads="48" minSpareThreads="10"
                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   scheme="https" secure="true" proxyName="my.domain.gr" proxyPort="443"/>

I have also tried proxyName="localhost"

I receive the following error in catalina.out:

27-Sep-2018 12:47:38.030 INFO [http-nio-9443-exec-3] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
 java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
        at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:412)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:298)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1385)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

 

Any suggestions on how to resolve this issue?

Thank you for your time,

Dimitris

Answer
Watch
Like Be the first to like this
2520 views

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 27, 2018

Those are two totally different connectors and they're trying to do different things - one has Tomcat encryption, the other is set for no encryption and running via a proxy.  The second one is not expecting Tomcat to be encrypted and hence getting the wrong headers and falling over.

You need to decide what you're trying to do with SSL.  Do you want it done by the proxy or by Tomcat?

View More Comments
dpliatsios
dpliatsios September 27, 2018

Thank you for your fast reply.

Here is the scenario:

Confluence is running on port 9443 with SSL encryption. If I have enabled the first connector I visit the site using the URL: https://my.domain.gr:9443/.

As there are some firewall issues I want to setup an Apache proxy so the user behind the firewall can visit the site as: https://my.domain.gr/confluence

Whether the encryption is done by the proxy or Tomcat has little importance. I would prefer the easiest one.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 27, 2018

Ok, the easier route is the one described in the document you mentioned originally.

I'm not sure what lead you to partially set up SSL on the Tomcat end and then start looking at the wrong connectors, but it's not needed for the easier route, so remove all of that, reverting back to a plain http Confluence installation.

Then follow the doc you pointed to before - set up apache, tell it to proxy to your confluence server and add the four proxy settings to the Tomcat server.xml's existing connector as you did before (scheme/secure/proxy/proxyport)

Like
dpliatsios
dpliatsios September 27, 2018

Everything worked out!

Thank you very much for your valuable help!

Like
Reply
0 votes
Dovid Bender
Dovid Bender April 22, 2019

When using mod_proxy for server.xml what is the correct setting for  protocol ? Is it still "org.apache.coyote.http11.Http11NioProtocol" ?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events