Confluence via IIS is slow

Thanks for the instructions! Everything listed worked, but I had to perform one additional step... In the conf\server.xml file, I had to add the ProxyName="your.web.address" and ProxyPort="your proxy port" to the connector element. After that, it just worked.

Quick question - did you put your URL Rewrite rules at the global or site level, and what led you to do it one way over the other?

The Rewrite rules are at the site level. The only thing at the global level is turning on the proxy and unchecking the "Reverse rewrite host in response headers" checkbox. The reason we did it at the site level is so that we already can limit the traffic going into the Rewrite rules via host headers in IIS thus making the Rewrite rules easier to configure. We did this because we are running Confluence and Fisheye on the same machine running through IIS as a proxy. Then we just use host headers to split them out as href="https://confluence.company.com%20">https://confluence.company.com and http://fisheye.company.com.

I have added 3 additional sections to my guide

1. Disable Output Caching --> we were seeing problems where users were suddenly logged in as other users and didn't know it, it was because IIS was caching output from the atlassian product, so if 2 people would log in at nearly the same time, one would get the tolken of the other.
2. Increase URL and Request length limits --> saw an issue where Text gadgets in JIRA were not being displayed because they had a lot of information in them. It is still not perfect, it will still prevent some Extremely long gadgets from being displayed, but if you are documenting information in JIRA gadgets, you should probably use something else like Confluence.
3. FishEye Only: File Extension Restrictions --> since the Fisheye web server is custom, it doesn't actually run file extensions that are in the URL, it displays them in the browser, but IIS doesn't know this, so you have to remove the restrictions so that it passes through fine and isn't blocked resulting in a 404 error.

Hope that helps some others.

Hi, I performed this config and it worked well. I was wondering if you have any idea on how to get it to work using https (SSL)

@Isaac, I have it working with SSL currently. All you have to do is set up SSL as per normal on the IIS site, and IIS will take care of all the SSL stuff. If you are using Host Headers to host multiple instances of Confluence or even other web services, then you will have to create a SAN (Subject Alternate Name) Cert or Wildcard cert to use with IIS. Also, you would then have to use the command line to set the host headers for the different sites in IIS because as of IIS7 it only allows a single Cert to be used for all sites, and does not allow the use of host headers.

Here is the command to set host headers with SSL on your IIS sites:

C:\Windows\System32\inetsrv\appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']

Thanks for the quick response, currently we only have one instace per server, so I'm guessing it should be a simple task. I'm not familiar with IIS at all thats why is taking me a bit of an effort. thanks again for the help

If you haven't done SSL in IIS before, i would start with the following guide: http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis#IISManager

This only shows how to do a self-signed cert, which means that users will get a certificate error unless they install the cert into their trusted store.

If you get a CA signed cert, then you can probably start with this guide in order to get the Cert onto your server. Then it will be available in the SSL Certificate dropdown in IIS. http://technet.microsoft.com/en-us/library/cc754489.aspx

Hope that leads you in the right direction.

I followed the instructions, added the https bind. Still nothing. I'm able to access it via http but https no I get this

502 - Web server received an invalid response while acting as a gateway or proxy server.

There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.

Did you do any other modification to the IIS settings or to the confluence server.xml??

You do have to tell Confluence Tomcat that you are accessing it via a proxy by adding the following lines to your Connector in your server.xml:

scheme="https"
proxyPort="443"
proxyName="confluence.company.com"

Other than that, i think i included everything in my guide above. Let me know if that helps.

Yes, that is the documentation that i explicitely followed in order to get isapi redirection working for confluence. I have reviewed that documentation many times over to try to see if there were any differences or any reasons why the performance would be noticably different. However, i have no idea why the performance is different.

Let me know if i need to provide any more information to help diagnose this issue. Thanks.

We explicitly turn off the windows firewall on our servers, and install a customized version of Symantec so that it does not monitor network traffic. The ISAPI redirection via IIS works, it is just extremely noticably slow. The reason we are needing to do this at all is because we have confluence and Fisheye on the same machine, and users of both systems want to access each via port 80. They also want an easily typed URL such as http://confluence or http://fisheye. Therefore, i would need to usehost headers in IIS to bind the separate sites to those names.

Even our own Engineers here don't know why this is slower, since they do the same process on our own software, and performance is as fast.

Any help would be appreciated. Thanks.