Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence 7.0.3 over HTTPS (Windows) Edited

Hello,

I want to start using our Confluence over HTTPS. We are using Confluence with synchrony.

I have certificate which I added to keystore. I tried to change httpd-vhosts.conf configuration and server.xml configuration files,...

 

Here is my httpd-vhosts.conf (We hosts JIRA and Confluence on the same server). JIRA works fine over HTTPS:

<VirtualHost *:443>
ServerName domainaddress_of_our_JIRA

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>
ProxyPass / http://Internal_IP_of_our_JIRA:8080/
ProxyPassReverse / Internal_IP_of_our_JIRA:8080/

SSLEngine On

SSLCertificateFile "C:\Apache24\conf\our_jira_certificate.cer"
SSLCertificateKeyFile "C:\Apache24\conf\our_jira_privatekey.key"
SSLProxyEngine Off

RemoteIPHeader X-Forwarded-For
</VirtualHost>

<VirtualHost *:80>
ServerName domainaddress_of_our_JIRA
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#Redirect / https://domainaddress_of_our_JIRA/
</VirtualHost>



<VirtualHost *:443>
ServerName domainaddress_of_our_Confluence


ProxyRequests Off
ProxyPreserveHost On

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://Internal_IP_of_our_Confluence:8090/$1 [P]

<Proxy *>
Require all granted
</Proxy>

SSLEngine On

SSLCertificateFile "C:\Apache24\conf\our_Confluence_certificate.cer"
SSLCertificateKeyFile "C:\Apache24\conf\our_Confluence_privatekey.key"


ProxyPass /synchrony http://Internal_IP_of_our_Confluence:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://Internal_IP_of_our_Confluence:8091%{REQUEST_URI} [P]
</Location>

ProxyPass / http://Internal_IP_of_our_Confluence:8090
ProxyPassReverse / http://Internal_IP_of_our_Confluence:8090

<Location />
Require all granted
</Location>
</VirtualHost>
<VirtualHost *:80>
ServerName domainaddress_of_our_Confluence
Redirect Permanent /synchrony https://domainaddress_of_our_Confluence/synchrony
</VirtualHost>

 

Here is serwer.xml configuration (I changed proxyport to "443", and scheme to "https" at the top of file, uncommented "Connector" at the bottom and added paths to keystore):

 

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="domainaddress_of_our_Confluence" proxyport="443" sheme="https"/>

<Connector port="8099" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol" sheme="http"/>
<Engine name="Standalone" defaultHost="domainaddress_of_our_Confluence" debug="0">

<Host name="domainaddress_of_our_Confluence" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="48" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystoreFile="C:\Program Files\Atlassian\Confluence\jre\lib\security\cacerts" keystorePass="password_for_keystore" keyAlias="name_of_certificate_alias"/>

</Service>

</Server>

 

When I change something in httpd-vhosts.conf I restart Apache service, and when I change something in serwer.xml I restart Confluence service.

After the above changes Confluence is running over HTTPS, but I still have the same error:

https://confluence.atlassian.com/confkb/can-t-check-base-url-warning-in-confluence-6-6-or-later-939718433.html

and my Application links from JIRA don't work (Network Error - JIRA says that propably because of misconigured proxy).

Could You please check my configuration and tell wehere is the problem ?

 

Thank You,

Mr Zee

1 answer

1 accepted

0 votes
Answer accepted
Steven Behnke Community Leader Sep 09, 2020

The additional 8443 connector you enabled in Tomcat can and should be disabled. You're proxying only to the 8090 connector (the one you added 'proxyName' to).

In the server.xml file, there are minor spelling/case sensitivity errors. Are these to blame?

proxyport="443" sheme="https"

Should be:

proxyPort="443" scheme="https"

Now I can see spelling error - thanks:

 

<Connector port="8090" ..................
........proxyName="domainaddress_of_our_Confluence" proxyport="443" sheme="https"/>

I will change it and check later - after working hours...

 

So..., should i disable/comment

<Connector port="8443".............

section at the bottom of the server.xml file ?

 

Mr Zee.

Please note:

  • proxypass SHOULD BE proxyPass
  • sheme SHOULD BE scheme

 

Regarding the extra connector:

<Connector port="8443"

Yes, disable it again. You have enabled SSL at Apache -- This is sufficient for most environments. This additional connector is hosted at https://domainaddress_of_our_Confluence:8443 -- You likely do NOT want the additional connector. You would only use this SSL connector if you were NOT using Apache for some reason.

Like ASI Sp_ z o_o_ likes this

Thank you for Your answer. I will let You know for few hours...

 

Mr Zee

You meant:

 

  • proxyport SHOULD BE proxyPort

 

not "proxypass SHOULD BE proxyPass".... ?

 

Mr Zee

Like Steven Behnke likes this

Everything works fine now! Thank you Steven once more.

 

Mr Zee

Steven Behnke Community Leader Sep 09, 2020

Yes, it was quite late for me, good catch. I'm very glad things are working well for you now. 

Another thought, you may want to give this document a read: 
https://confluence.atlassian.com/kb/how-to-configure-apache-for-caching-and-http-2-972332210.html

Like ASI Sp_ z o_o_ likes this

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

Announcing Team Calendars in Confluence Data Center

Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond.  A long time favorite,  Team Cale...

82 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you