It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How can I use Confluence on a subdomain Edited

Hello community,

as mentioned above I'm trying to make my confluence server accessible by typing "https://sub.domain.tld" in my browser bar.

I googled a lot, searched the community & the Atlassian documentation - but I'm still far from getting it to work. So I hope someone can "take me by the hand" or at least point me at my mistakes to get it running.

So here's an overview on my environment and the steps I took:

  • Server
    • Hoster: Strato (DE)
    • OS: Ubuntu 16.04.3 LTS
    • Plesk Onyx 17.5.3
    • Confluence 6.6.2
    • Apache 2.4.18
    • Subdomain certified trough Let's encrypt (Plesk)
  • Status quo
  • What I did so far
    • Created an 'vhost.conf' located at /var/www/vhosts/system/sub.domain.tld/conf wich contains:
<VirtualHost XXX.XXX.XXX.XXX:7080>
ServerName sub.domain.tld
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/synchrony
RewriteRule ^/(.*) http://sub.domain.tld:8090/$1 [P]
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony http://sub.domain.tld:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC] RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://sub.domain.tld:8091%{REQUEST_URI} [P]
</Location>
ProxyPass / http://sub.domain.tld:8090
ProxyPassReverse / http://sub.domain.tld:8090
<Location />
Require all granted
</Location>
</VirtualHost>

XXX.XXX.XXX.XXX = Ip of my server / sub.domain.tld = my subdomain

It would be create if you can help me out and point me to my mistakes!

 

Regards Nic

4 answers

  • Confluence not accessible with "https://sub.domain.tld:8090" (Error: SSL_ERROR_RX_RECORD_TOO_LONG)

    That's right. SSL is on the apache and is best used there.

Since you are proxying the confluence, meaning that you should also declare this to the server.xml. Append to the <Connector section:

proxyName="sub.domain.tld"
proxyPort="80"
scheme="http"

As above poster, and without much knowledge of plesk, you are exposing port 7080 but you are expecting to connect to 443. 

Hi Nicolas,

Try changing to (reason there is error: SSL_ERROR_RX_RECORD_TOO_LONG)

<VirtualHost _default_:80>

This will forward http://sub.domain.tld to ProxyPass http://sub.domain.tld:8090

For SSL, you'll have to forward 80 to https://sub.domain.tld and create

<VirtualHost _default_:443>

to forward 443 to http://sub.domain.tld:8090

 

More examples here https://community.atlassian.com/t5/Jira-questions/Jira-with-https-using-apache/qaq-p/706209

@Edwin Kyalangalilwa [Mumo Systems] & @Panagiotis Karampis

Thanks for your hints! Tested them along with some more googled - but it just didn't work. By chance I found out that the content of my 'vhost.conf' (mentioned above) is displayed in Plesk under

Subscriptions -> Websites&Domains -> <your.domain> -> Apache & nginx Settings -> Additional directives for HTTP.

There's also a section for Additional directives for HTTPS wich was empty.

So I pasted the Code from HTTP to HTTPS and tried to save. Plesk gave me an Error pointing out that <VirtualHost XXX.XXX.XXX.XXX:80> is not allowed in this directive. (I didn't get the Error earlier because I edited the code in 'vhost.conf' directly) -
what should I say, after removing the incipient and the concluding <VirtualHost XXX.XXX.XXX.XXX:80> code in both directives my instance is finally reachable under 'https://sub.domain.tld'.

So this problem is solved - but I ran in a new one:

Whenever using the editor sooner or later I get the Error described in this KNB Article . As I understand using a reverse proxy could cause this.

Does anyone see a mistake in the ProxyPass /synchrony part of my directive?

In the mentioned KNB Article there's a diagnostic step that recommends to visit http://websocket.org/echo.html to test the ability to establish a websocket connection.
They provide html code to perform your own tests.
I made an html document out of it wich I uploaded to the web root on my server.

When I try to access it the server returns a '403 Forbidden' Error.
(When opening it locally it works properly)

Does this hint to an firewall rule on the server that prevents synchrony to work proper?

How are you accessing the synchrony from internet? You should use yourdomain/synchrony and not yourdomain:8091

You mean through the browser? Never tried this actually - only used it inside confluence.

In my apache conf I use this part of the directive:

<Proxy *>
Require all granted
</Proxy>

ProxyPass /synchrony http://sub.domain.tld:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://sub.domain.tld:8091%{REQUEST_URI} [P]
</Location>

When trying to access 'https://sub.domain.tld/synchrony' I get 

{"message":"Not Found"}

diplayed.

Probably i misunderstood what you wrote apologies. Taking a second look in your configuration, it seems that you are not proxying the /synchrony rather round it to the sub.domain.tld:8091 which should not be open.

Do not open 8091, change the settings to proxy the /synchrony:

ProxyPass /synchrony http://localhost:8091/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>

No matter - thanks for your quick help primarily!

I applied the changes but the behavior stays the same.

Does it make sense to use 

RewriteRule .* wss://localhost:8091%{REQUEST_URI} [P]

instead of

RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]

 due to the use of https?

Did you also change the ProxyPass?


No, your tomcat server is not having any SSL. wss would break even more. 

Check that you have 

LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

modules enabled. Location may varies. If you have selinux set permissive temporary and start scavenging logs for the 403 error.

Yes I applied both changes you suggested.

The modules are activated trough Plesk - but I'll dig in the system to find my LoadModule Directives.

selinux is not present on my server and I'm not familiar with it so I'm a bit afraid activating it.

Are there any other ways to find significant logs?

 

Edit: Could this guide help me any further? https://confluence.atlassian.com/confkb/how-to-configure-apache-mod_jk-to-proxy-confluence-6-x-or-later-867351565.html

mod_jk is enabled but I'm not sure if used to proxy confluence

I am not a plesk expert, you should check though apache logs for why the 403 and atlassian-confluence.log along with synchrony.log in the application-data folder. 

(Names are indicative, can't remember exact filenames)

Can you give me hints what to search for in synchrony.log?

Sorry no, i use older version of confluence myself. Anyhow, something indicative of permission denied.

Thanks for your help!

Because it doesn't really correspondend to the original question I started a new one for this problem.

It can be found here: https://community.atlassian.com/t5/Confluence-questions/How-can-I-get-Synchrony-to-work-behind-a-reverse-Proxy/qaq-p/715495

What if your using centos7 64 bit with cPanel using nginx and want to use auto SSL that cPanel issues
I want to remove access to ip: xxx.xxx.xx.x:8090
And change it to
https://docs.domain.com

What would be the best easiest way ?
Thanks I'm new to all this and a little confused. Totally appreciate any help .

im all set had a friend fix this for me

abobakr I'm New Here Wednesday

Appreciate if you could explain the details here so others could benefit from.

I am looking for instruction on how to install Jira, Confluence and bitbucket on Cpanel server.

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published Thursday in Confluence

Confluence CVEs and common questions

Two vulnerabilities have been published for Confluence Server and Data Center recently: March 20, 2019 CVE-2019-3395 / CVE-2019-3396 April 17, 2019 CVE-2019-3398 The goal of this article is...

254 views 0 12
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you