Haproxy configuration with Confluence

Blair M November 10, 2017

Hi, Wondering if anyone might be able to help out there we are running a test server and not able to get Synchrony working properly.  If I turn off Synchrony it works.

 

https://website.com:10443

this get redirected and gets passed to the server on 443 

 

server.xml 

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="website" proxyPort="10443" scheme="https"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
<!-- <Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto"/> -->
</Context>

</Host>

</Engine>
</Service>
</Server>

 

haproxy.cfg

 

defaults

log global
mode http
option httplog
option dontlognull
retries 3
option redispatch
option http-server-close
option forwardfor
timeout connect 5000
timeout client 10000
timeout server 10000
default-server inter 3s rise 2 fall 3

 


##---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend website.com
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/website.com
mode http
# option socket-stats
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
acl is_synchrony path_beg /synchrony
use_backend synchrony if is_synchrony

# redirect prefix https://website.com code 301 if { hdr(host) -i confluence }
use_backend confluence #if { hdr_beg(host) -i confluence }

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend confluence
mode http
#redirect scheme https code 301 if !{ ssl_fc }
#option httpchk OPTIONS * HTTP/1.1\r\nHost:\ website.com
server localhost 127.0.0.1:8090 check


backend synchrony
mode http
option forwardfor
server localhost 127.0.0.1:8091 check

 

 

Any help would be great!

 

1 answer

0 votes
Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 10, 2017

We have the following setup working:

In DNS JIRA, Confluence etc points to a virtual IP.

Keepalived is runnning on two servers with that virtual IP.

Haproxy is running on port 80/443 listening on all interfaces, including the virtual IP.

Nginx is also running the same server at port 4443. Nginx is used as a reverse proxy for the atlassian applications.

Haproxy forwards requests to nginx which proxies JIRA, Confluence etc.

SO:

Virtual IP floats between two servers, if one goes does or is taken down, the IP is moved to the other server within 1-2 seconds. Haproxy forwards request to both servers (if both is up and running)

 

This gives load balance and fault tolerance. 

Lars Olav Velle
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
November 10, 2017

Have you considered adding a proxy server to your config? Nginx/apache is then used to upgrade connections to http2 which is needed by synchrony

Blair M November 14, 2017

We basically want to get haproxy working with Synchrony if possible and not add in a proxy server at this time. 

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events