It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Confluence Server behind Apache proxy not working with SSL?

Trying to set up Confluence behind Apache with SSL but am hitting a wall. As per this guide, I can get confluence accessable extenrally. But when following this for SSL, it won't connect. But, if I connect with <domain>:8090 I can access confluence.

Running on Windows Server 2016, firewall is allowing ports 80, 443, 8090, and 8091, and the router is port forwarding as well. My SSL certs from from Let's Encrypt using letsencrypt-win-simple

httpd-vhosts.conf:

<VirtualHost *:443>
ServerName <domain>

ProxyRequests Off

<Proxy *>
Require all granted
</Proxy>

ProxyPass / http://<domain>:8090
ProxyPassReverse / http://<domain>:8090

SSLEngine On
SSLCertificateFile "C:/path/to/crt.pem"
SSLCertificateKeyFile "C:/path/to/key.pem"
SSLCertificateChainFile "C:/path/to/chain.pem"

<Location />
Require all granted
</Location>

ProxyPass /synchrony http://<domain>:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://<domain>:8091%{REQUEST_URI} [P]
</Location>
</VirtualHost>

<VirtualHost *:80>
ServerName <domain>
Redirect Permanent / https://<domain>
Redirect Permanent /synchrony https://<domain>/synchrony
</VirtualHost>

server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="<domain>" proxyPort="443" secure="true" scheme="https"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>

</Engine>
</Service>
</Server>

 

1 answer

1 accepted

0 votes
Answer accepted
Thomas Deiler Community Leader Feb 06, 2018

Dear @Nick Welsh,

what's the error message when you connect to https://<domain>:443?

So long

Thomas

This site can’t be reached, <domain> took too long to respond. ERR_CONNECTION_TIMED_OUT

Thomas Deiler Community Leader Feb 06, 2018

Ok - the port is most probably not opened.

Have you loaded the following modules in apache?

mod_proxy
mod_proxy_http
proxy_wstunnel
mod_rewrite

and

mod_ssl

And, have you set the directive "Listen 443" in apache config?

So long

Thomas

Ah, I never set Listen 443 in apache config. I can connect and the SSL is issued properly. But instead of seing the login screen I'm greeted with this lovely little error... 

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /login.action.

Reason: DNS lookup failure for: <domain>:8090login.action

Thomas Deiler Community Leader Feb 06, 2018

ok - one step further. It starts to make fun ;)

The reason menas, that either apache or confluence (or both) are not able to resolve a domain name, that is somewhere configured.

Just to be sure: <domain>:8090 <--- this is the notation for a placeholder. If Google would install Confluence, they would write following:

confluence.google.com:8090

So you replaced <domain> with the real domain name of you server, right?

So long

Thomas

Yes, the actual domain is in both configs. I just replaced the actual domain with the placeholder here for privacy.

Thomas Deiler Community Leader Feb 06, 2018

Ok, ok.

So please log on this server and type on command line (powershell)

nslookup <domain>

Does it get resolved?

So long

Thomas

Yes, the correct IP address is resolved.

It was a simple mistake. I was missing a "/"

Looking at the error again it says

DNS lookup failure for: <domain>:8090login.action

and I noticed that the "/" was missing. Looking at my httpd-vhosts.conf file....

<VirtualHost *:443>
...
ProxyPass / http://<domain>:8090
ProxyPassReverse / http://<domain>:8090
...
</VirtualHost>

<VirtualHost *:80>
...
Redirect Permanent / https://<domain>
...
</VirtualHost>

 I was also missing the trailing "/"s.

It works, I can login, and the Base URL updated successfully. Thank you for your help!!

Thomas Deiler Community Leader Feb 06, 2018

Good - that's an "accept" worth, or?

Suggest an answer

Log in or Sign up to answer
Community showcase
Published in Confluence

Introducing Confluence Cloud and Jira Software Cloud Premium

Wherever you are in your team’s journey , our goal is to support your big ambitions. We’re a cloud-first company with the mission of unleashing the potential of every team, and to address the range ...

614 views 4 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you