Confluence redirectPort Change Not Redirecting

When configuring Confluence behind NGINX proxy, when you update the server.xml under /opt/atlassian/confluence/conf/server.xml.

Changing:

<Connector port="8090" connectionTimeout="20000" redirectPort="8444"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="guide.example.com" proxyPort="443" scheme="https"/>

Then reloading confluence.

NGINX contains:

 server {

   listen 10.10.1.2:8444 ssl;

   server_name guide.example.com

   .... SSL STUFF

}

 Then reloading nginx.

When visiting the site the following behavior occurs:

https://guide.example.com:8444/login.action?os_destination=%2Findex.action&permissionViolation=true

Desired behavior:

https://guide.example.com/

Loads confluence.

 

Currently JIRA and BitBucket are configured with NGINX and therefore I cannot use 8443 to redirect as JIRA is using it.

 

What am I not looking at properly? 

2 answers

1 accepted

Howdy Bill!

From what I can see here, we want to forward requests made on 443 for Confluence, Git, and Jira to their respective open ports (8090, 8080, and 7990). Additionally we want to redirect from 80 to 443.

Currently JIRA and BitBucket are configured with NGINX and therefore I cannot use 8443 to redirect as JIRA is using it.

 

What am I not looking at properly?

I think the confusion we're seeing here is from the redirect settings in Tomcat's server.xml configuration file. This is only used when SSL is terminated at the Tomcat level and we're using security-constraints to perform redirection. In this instance it looks like you're performing the redirect and terminating SSL at the proxy level.

I took a look at your NGINX configuration and I suggest the following changes to get this working and follow best practices:

  1. Remove all server blocks from /etc/nginx/nginx.conf it should look something like:
    user www-data;
    worker_processes auto;
    pid /run/nginx.pid;

    events {
     worker_connections 768;
     # multi_accept on;
    }

    http {
        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$http_x_forwarded_for"';

        access_log /var/log/nginx/access.log main;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        client_max_body_size 100m;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        # Load modular configuration files from the /etc/nginx/conf.d directory.
        # See http://nginx.org/en/docs/ngx_core_module.html#include
        # for more information.
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
    }
  2. Create a ssl-params.conf file in /etc/nginx/snippets with the following:
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;


    # modern configuration. tweak to your needs.
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;

    ssl_stapling on;
    ssl_stapling_verify on;

    ## verify chain of trust of OCSP response using Root CA and Intermediate certs
    ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    resolver <IPADDRESS> valid=300s;
    • Make sure you replace <IPADDRESS> with the domain/IP used to resolve upstream servers (in your configuration it appeared to be 10.10.1.3)
    • Make sure you replace /path/to/root_CA_cert_plus_intermediates with the correct path for the root CA certificate
  3. Create individual configuration files in /etc/nginx/sites-enabled for:
    • Confluence (confluence.conf):
      # Confluence configuration
      server {
          # Enable HTTP/2
          listen 443 ssl http2;
          listen [::]:443 ssl http2;
          server_name confluence.example.com;

          # Enable SSL
           ssl_certificate /path/to/example.com_ssl_certificate.cer;
           ssl_certificate_key /path/to/example.com_private_key.key;

          # Include the SSL configuration
          include /etc/nginx/snippets/ssl-params.conf;

         location /synchrony {
              proxy_set_header        Host $host;
              proxy_set_header        X-Forwarded-Host $host;
              proxy_set_header        X-Forwarded-Server $host;
              proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header        X-Real-IP  $remote_addr;
              proxy_pass              http://localhost:8091/synchrony;
              proxy_http_version      1.1;
              proxy_set_header        Upgrade $http_upgrade;
              proxy_set_header        Connection "upgrade";
          }

          location / {
              proxy_set_header        Host $host;
              proxy_set_header        X-Forwarded-Host $host;
              proxy_set_header        X-Forwarded-Server $host;
              proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header        X-Real-IP  $remote_addr;
              proxy_pass              http://localhost:8090/;
          }
      }
    • Jira (jira.conf):
      # Jira configuration
      server {
          # Enable HTTP/2
          listen 443 ssl http2;
          listen [::]:443 ssl http2;
          server_name jira.example.com;

          # Enable SSL
           ssl_certificate /path/to/example.com_ssl_certificate.cer;
           ssl_certificate_key /path/to/example.com_private_key.key;

          # Include the SSL configuration file
          include /etc/nginx/snippets/ssl-params.conf;

          location / {
              proxy_set_header        Host $host;
              proxy_set_header        X-Forwarded-Host $host;
              proxy_set_header        X-Forwarded-Server $host;
              proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header        X-Real-IP  $remote_addr;
              proxy_pass              http://localhost:8080/;
              client_max_body_size 10M;
          }
      }
    • Git (git.conf):
      # Git configuration
      server {
          # Enable HTTP/2
          listen 443 ssl http2;
          listen [::]:443 ssl http2;
          server_name git.example.com;

          # Enable SSL
           ssl_certificate /path/to/example.com_ssl_certificate.cer;
           ssl_certificate_key /path/to/example.com_private_key.key;

          # Include the SSL configuration file
          include /etc/nginx/snippets/ssl-params.conf;

          location / {
              proxy_set_header        Host $host;
              proxy_set_header        X-Forwarded-Host $host;
              proxy_set_header        X-Forwarded-Server $host;
              proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header        X-Real-IP  $remote_addr;
              proxy_pass              http://localhost:7990/;
              client_max_body_size 10M;
          }
      }
    • 80 to 443 redirect (ssl-redirect.conf):
      server {
             listen         80;
             server_name    git.example.com jira.example.com confluence.example.com;
             return         301 https://$host$request_uri;
      }
    • Ensure you replace the server_name, ssl_certificate, and ssl_certificate_key variables with their actual values. Note, we load the ssl-params.conf values through an include so we can have one place to make changes.
  4. Restart NGINX to load the changes

For the Jira and Confluence Tomcat connectors (the <connector ... /> blocks in their respective server.xml files, the redirect is essentially ignored and we only have to worry about configuring the proxyName, proxyPort, and scheme. They should look something like:

  • Confluence
    <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                    maxThreads="48" minSpareThreads="10"
                    enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                    protocol="org.apache.coyote.http11.Http11NioProtocol"
                    proxyName="confluence.example.com" proxyPort="443" scheme="https" />
  • Jira
    <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8080" protocol="HTTP/1.1" redirectPort="8443" useBodyEncodingForURI="true" proxyName="jira.example.com" proxyPort="443" scheme="https"/>

If any changes were made to the Confluence or Jira Tomcat configurations to match my recommendation above, make sure Confluence and Jira are restarted to load any changes.

This configuration should allow NGINX to properly redirect requests on port 80 to 443, and then handle those requests to serve the respective applications.

Cheers

Hi Stephen,

Happy New Year!

I followed the instructions to a T and have everything running, the only error I have now is the below:

Tomcat config is incorrect

The Tomcat server.xml has an incorrect configuration:

scheme should be 'https'
proxyName should be 'confluence.example.com'
proxyPort should be '443'

I read the help guide and the link from the troubleshoot item in the dialog box, I seem to have everything properly inserted.

Everything else is working great. I have the exact server.xml for confluence as posted here, I've looked over it multiple times but cannot seem to find any errors:

 <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="confluence.example.com" proxyPort="443" scheme="https" />
<Engine name="Standalone" defaultHost="localhost" debug="0">

 

Spot anything out of place with the above item?

 

Thanks,

Bill

Bill,

What version of Confluence are you running and can I get a look at your full Confluence server.xml?

Version - 6.6.0

 

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="confluence.example.com" proxyPort="443" scheme="https" />
<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->
</Service>
</Server> 

Bill,

I believe the message you're seeing is from a health check in Confluence. Specifically, the one described in Can't check base URL warning in Confluence 6.6 or later.

This indicates that Confluence doesn't believe Tomcat is configured correctly, but I can confirm your server.xml looks like it should work.

The only way this makes any sense is if Confluence hasn't loaded the current configuration.

Please try stopping and starting Confluence.

From an external source it seems to be fine without the error, intranet is experiencing the error.

I'm pretty sure that it's all setup properly now, wish I could disable that prompt, it's annoying to close it every time.

Bill,

Are you using a different fully qualified domain name (something other than confluence.example.com) to access Confluence internally?

Daniel Eads Community Champion Jan 03, 2018

It's also worth checking the base URL to make sure it's HTTPS (didn't see any mention of this elsewhere in the thread yet). Because of the 301 redirect in nginx your requests are still getting served if it's just http, but Confluence isn't getting the address it's expecting during a healthcheck. We've seen that warning in the past when tweaking settings, always good to take a peek and rule that out!

image.png

Thanks Guys,

So it was late when I posted about external not receiving the error, I tested externally today from my laptop with fresh browser cache and received the misconfigured proxy error.

Is it possible to do a screen share with someone to see the behavior I'm experiencing?

I double checked the base url and it was set to https. I altered the domain to mask it here, but it is correct.

I restarted the server and let everything come up fresh, the confluence error is now gone.

This solves the problem I had and I am very thankful for the assistance.

I'll open a new ticket for the application links issues I'm experiencing now. I added the certificate to the trust but that only fixed bitbucket. 

Fun stuff here :)

0 vote
Ann Worley Atlassian Team Dec 27, 2017

Hi Bill,

Please check your NGINX configuration against this guide: Running Confluence behind NGINX with SSL

 I look forward to hearing whether you find any differences between the guide and your NGINX configuration.

The proxyName and proxyPort look correct in your server.xml snippet. This doc explains the settings: Proxy Support 

The Apache Tomcat 8 Configuration Reference also explains the redirect port as being related to the security constraint in web.xml as described in Step 5. Add a Security Constraint to Redirect All URLs to HTTPS

Please update this thread if you find a resolution and of course any follow up questions are welcome.

Thanks,
Ann

Hi Ann,

The NGINX with SSL link you provided was the original link I used to configure the proxy, again this is already working fine with JIRA and bitbucket. I added a stanza for Confluence listening on the custom 'redirectPort' assigned in the server.xml file.

The remaining links you sent me do not go into any specific detail with the 'redirectPort' except for a one liner explanation. It's not giving me any direction to find out why it's not redirecting appropriately.

Since NGINX is handling the SSL portion, there is no need to configure confluence for Step 5. Add a Security... [The redirect works fine as well from the proxy side.]

So, I'm still landing at the original question. Why does the redirectPort not trigger appropriately?

Ann Worley Atlassian Team Dec 28, 2017

From your description it sounds like the desired behavior is:

The redirect port in server.xml is only useful if you are using a security constraint in the web.xml file. This is only configured when the redirect is happening at the Tomcat level. It is my understanding that you are redirecting requests via NGINX and not Tomcat.

Some tips on redirecting http to https in NGINX are on this page: I want to rewrite all http requests on my web server to be https requests

Please let me know if I am missing anything about your case.

Hi Ann,

Thank you so much for your patience. I took some time to go over each link you've sent my way. All the information is correct, and I've went over the configuration line by line.

I'm currently running JIRA and Bitbucket behind the NGINX Proxy without any issues, they both use the redirectPort of 8445 and 9443 respectively.

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 100m;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;

server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;

# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;

# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /var/www/ssl-cert/example.com_ssl_certificate.cer;
ssl_certificate_key /var/www/ssl-cert/example.com_private_key.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2 SSLv2 SSLv3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA$
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /var/www/ssl-cert/example.com.chained.pem;

resolver 10.10.1.3;
}

server {
listen 10.10.1.5:8445 ssl;
server_name jira.example.com;

ssl_certificate /var/www/ssl-cert/example.com_ssl_certificate.cer;
ssl_certificate_key /var/www/ssl-cert/example.com_private_key.key;

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8080/;
client_max_body_size 10M;
}
}

server {
listen 10.10.1.5:9443 ssl;
server_name git.example.com;

ssl_certificate /var/www/ssl-cert/example.com_ssl_certificate.cer;
ssl_certificate_key /var/www/ssl-cert/example.com_private_key.key;

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:7990/;
client_max_body_size 10M;
}
}

server {
listen 10.10.1.5:8443 ssl;
server_name confluence.example.com;

ssl_certificate /var/www/ssl-cert/example.com_ssl_certificate.cer;
ssl_certificate_key /var/www/ssl-cert/example.com_private_key.key;

location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/;
client_max_body_size 100M;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 So, just like JIRA and BitBucket, I'd like Confluence to operate in the same manner.

Currently when I attempt to visit https://confluence.example.com I am re-directed to https://confluence.example.com:8443/login.action?os_destination=%2Findex.action&permissionViolation=true

Confluence server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090"

maxThreads="48"
minSpareThreads="10"
connectionTimeout="20000"
debug="0"
enableLookups="false"
maxHttpHeaderSize="8192"
protocol="org.apache.coyote.http11.Http11NioProtocol"
URIEncoding="UTF-8"
useBodyEncodingForURI="true"
redirectPort="8443"
acceptCount="10"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="confluence.example.com"
scheme="https"
proxyPort="443"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0" reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->
</Service>
</Server>

So, this is why I'm asking about the redirectPort, it's how JIRA and BitBucket operate and I didn't have to do anything extra with them for them to startup and function properly.

Please advise on what I may be missing?

Ann Worley Atlassian Team Dec 29, 2017

Based on our docs the following:

server {
listen 10.10.1.5:8443 ssl;
server_name confluence.example.com;

should be:

server {
listen confluence.example.com:80;
server_name confluence.example.com

listen 443 default ssl;

I am curious how the connectors are set up in the server.xml file for Jira. If you have time to redact and post it, it may help me understand why it works when the Confluence setup does not.

Thanks Ann,

Default bind on port 80 redirects all requests to https.

 # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;

So I can't bind port 80 as in your example, it would prevent nginx from starting.

JIRA Connector

<?xml version="1.0" encoding="utf-8"?>

<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

<Service name="Catalina">

<Connector port="8080"

maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"

enableLookups="false"
maxHttpHeaderSize="8192"
protocol="HTTP/1.1"
useBodyEncodingForURI="true"
redirectPort="8445"
acceptCount="100"
disableUploadTimeout="true"
bindOnInit="false"
proxyName="jira.example.com"
scheme="https"
secure="true"
proxyPort="443"/>

<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

<Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">


<!--
====================================================================================

Note, you no longer configure your database driver or connection parameters here.
These are configured through the UI during application setup.

====================================================================================
-->

<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
</Context>

</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.ass$

</Engine>
</Service>
</Server>

I've removed much of the commentary from the file to cut down on how much space it would take up here.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

583 views 20 11
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you