Confluence with Reverse Proxy (IIS) and SSL? Edited

Hello,

I'm moving our current Confluence Server from Debian to a Windows Server 2016.

I've set up a Windows SQL and the Confluence already and all works fine but I want to do it secure.

How would it be possible with Confluence and SSL over an Reverse Proxy?

 

I've used this Documentation for the IIS Reverse Proxy Configuration:

 

https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-microsoft-internet-information-services-iis-833931378.html

 

 

Will be great if someone can help me who have already do it with an Windows Server and an IIS SSL Reverse Proxy

 

# Update: #

I have reinstalled the Confluence and reinstalled the IIS and I see that it doesn't work with the Reverse Proxy, I think there is a special configuration for Confluence with IIS

2 answers

0 vote

The knowledge base article you have found covers a standard IIS setup for terminating SSL at an IIS proxy server, so you've started at exactly the right place.

You also have exactly the right approach - get the server working so you're happy Conlfuence works.  Then get it running behind a plain http proxy, then add SSL.

So the question is where you're stuck?

Hello Nic and thanks for your response.

it looks like the confluence works now but I’ve found out that now I can’t write any pages or blogs. (Problem with the Websocket) but I’ve installed the packages for IIS 8 or above too.

 

Are there any other settings I need for WebSocket?

Ok, that sounds like you're having problems with Synchrony, rather than the core Confluence stuff.

If you turn off "collaborative editing" in the Admin section, can you write stuff with the old-style editor?

Okay it's very weird, it works on my iPhone but not on my computer?

 

And without collaborative editing all works fine but it would be great to use this feature to for us.

Your iPhone doesn't try to use collaborative editing, so that's not a surprise.

If Confluence is working, but the collaborative editing fails, then there is definitely something wrong with your proxy.  I'd be looking at the Synchrony and Confluence logs to see what they report as the errors, then the proxy logs to say what that says is happening.

But what can it be?

 

I'm using the rewrite part for the web.xml too:

 <rewrite>
<rules>
<clear />
<rule name="Synchrony HTTP" stopProcessing="true">
<match url="synchrony/(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:8091/synchrony/{R:1}" />
</rule>
<rule name="Synchrony Web Sockets Reverse Proxy" stopProcessing="true">
<match url="ws://(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="ws://localhost:8091/{R:1}" />
</rule>
<rule name="Confluence Reverse Proxy" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="http://localhost:8090/{R:1}" />
</rule>
</rules>
</rewrite>

I'm still thinking it's a misconfigured proxy.  But you'll need to read the logs to get any further with working this out.

In Instance-Health Check is all green :(

And the logs?  What are they saying?

atlassian-synchrony.log:

Running QueryDSL sytem...
{"synchrony":{"message":"synchrony.querydsl.jdbc [info] connection pool test-connection-on-checkin: true idle-connection-test-period: 100 max-idle-time-excess-connections: 100 max-idle-time: 3600","ns":"synchrony.querydsl.jdbc"}}
MLog clients using slf4j logging.
Initializing c3p0-0.9.5.1 [built 16-June-2015 00:06:36 -0700; debug? true; trace: 10]
Initializing c3p0 pool... com.mchange.v2.c3p0.ComboPooledDataSource [ acquireIncrement -> 3, acquireRetryAttempts -> 30, acquireRetryDelay -> 1000, autoCommitOnClose -> false, automaticTestTable -> null, breakAfterAcquireFailure -> false, checkoutTimeout -> 0, connectionCustomizerClassName -> null, connectionTesterClassName -> com.mchange.v2.c3p0.impl.DefaultConnectionTester, contextClassLoaderSource -> caller, dataSourceName -> 1hge0w29q1ttvznuvsi2n|80a4fc9, debugUnreturnedConnectionStackTraces -> false, description -> null, driverClass -> net.sourceforge.jtds.jdbc.Driver, extensions -> {}, factoryClassLocation -> null, forceIgnoreUnresolvedTransactions -> false, forceSynchronousCheckins -> false, forceUseNamedDriverClass -> false, identityToken -> 1hge0w29q1ttvznuvsi2n|80a4fc9, idleConnectionTestPeriod -> 100, initialPoolSize -> 3, jdbcUrl -> jdbc:jtds:sqlserver://localhost:1433/Confluence, maxAdministrativeTaskTime -> 0, maxConnectionAge -> 0, maxIdleTime -> 3600, maxIdleTimeExcessConnections -> 100, maxPoolSize -> 15, maxStatements -> 0, maxStatementsPerConnection -> 0, minPoolSize -> 3, numHelperThreads -> 3, preferredTestQuery -> null, privilegeSpawnedThreads -> false, properties -> {user=******, password=******, uselobs=false, prop.uselobs=false}, propertyCycle -> 0, statementCacheNumDeferredCloseThreads -> 0, testConnectionOnCheckin -> true, testConnectionOnCheckout -> false, unreturnedConnectionTimeout -> 0, userOverrides -> {}, usesTraditionalReflectiveProxies -> false ]
{"synchrony":{"message":"synchrony.middleware.memoize-response [info] request for static resource","cache-key":["0.0.0.0","/synchrony/resources/js/vendor/sockjs.min.js",null],"ns":"synchrony.middleware.memoize-response"}}
{"synchrony":{"message":"synchrony.middleware.memoize-response [info] request for static resource","cache-key":["0.0.0.0","/synchrony/resources/js/synchrony.min.js",null],"ns":"synchrony.middleware.memoize-response"}}

Hello Nic, 

I think I have found an important part. Can you say me where the web.config file is located? Because I have used everytime the web.xml file from /confluence/conf/web.xml..

Isn't it in /confluence/conf ?  I've never needed to mess with that myself.

Hey Nic,

the File was in the Directory from the IIS. I have found out that it worked with Microsoft Edge but not with Vivaldi or Google Chrome.

Has someone using Confluence 6.3.3 with an IIS as Reverse Proxy with HTTPS, because this is very strange with an Windows Setup

Hi Pierre,

I know this is an older thread, so you probably already have gotten this working, but since I just spent two days on and off figuring it out I wanted to post my answer here.

Our configuration is using a windows 2016 server.  We installed IIS and Confluence 6.4.1 on the same machine.  IIS was configured according to the Atlassian instructions to work as a reverse proxy with SSL.  Everything went fine until we tried editing pages, where we saw the same error you reported.  To fix it, we had to take the following steps:

  1. Install websockets protocol (we followed the server 2012 procedure from this page)
  2. Opened port 8091 in our firewall.  Verified it was open by using telnet to connect to the port from another machine
  3. Added the synchrony re-write rules you listed above to the web.config file for our IIS reverse proxy site.  I just copied & pasted.  I doubt it matters, but instead of using localhost I used the actual machine name.
  4. I'm not sure this was necessary, but we also set "-Dsynchrony.proxy.enabled=false" in both the java options and set "<property name="synchrony.proxy.enabled">false</property>" in the confluence.cfg.xml file.  We had previously set this to true when we were trying to get synchrony-proxy to work, but since we decided to go the direct route I wanted to make sure our previous work didn't get in our way.
  5. Restart IIS and Confluence.

After that, we had no further issues.  I hope this helps!

 

Jason

Suggest an answer

Log in or Sign up to answer
Atlassian Community Anniversary

Happy Anniversary, Atlassian Community!

This community is celebrating its one-year anniversary and Atlassian co-founder Mike Cannon-Brookes has all the feels.

Read more
Community showcase
Kesha Thillainayagam
Posted Apr 13, 2018 in Confluence

We want to hear how your non-technical teams are using Confluence!

Hi Community! Kesha (kay-sha) from the Confluence marketing team here! Can you share stories with us on how your non-technical (think Marketing, Sales, HR, legal, etc.) teams are using Confluen...

2,694 views 26 10
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you