Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Issues in running synchrony behind 2 reverse proxies

Edited

Hi,

I am struggling to make confluence run with synchrony on an ssh tunnel reverse proxy. 

The setup and requirement is as follows

  • http://localhost:8080/c confluence (notice that the context path is /c
  • localhost:8091 synchrony (default no change done)
  • with a local apache HTTP proxy this is routed to https 443 on localhost
  • I have a proper SSL certificate for my website ( say myconfluence.com as an example) which allows me to access the website with https with the browser having no issues. 

This is my localhost apache httpd config and it works without any issues and locally I am able to use synchrony. (I am windows 10)

Listen 80
Listen 443
<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot c:/Apache24/htdocs/myconfluence.com_80
ErrorLog logs/myconfluence.com_80/error.log
CustomLog logs/myconfluence.com_80/access.log combined
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
RewriteEngine on
SSLEngine On
SSLProxyEngine On
Include f:/etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile f:/etc/letsencrypt/myconfluence.com/fullchain.pem
SSLCertificateKeyFile f:/etc/letsencrypt/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
# https://confluence.atlassian.com/conf74/using-apache-with-mod_proxy-1003129518.html
ProxyPass /synchrony http://localhost:8090/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>
<Proxy *>
Require all granted
</Proxy>
DocumentRoot f:/data/myconfluence.com
ProxyPass /c http://localhost:8090/c
ProxyPassReverse /c http://localhost:8090/c
ProxyRequests off
ErrorLog F:/data/myconfluence.com_logs/error.log
CustomLog F:/data/myconfluence.com_logs/access.log combined
</VirtualHost>
</IfModule>

The above works flawlessly.

To test it I just add the following line in my c:\Windows\System32\drivers\etc\hosts file

#123.123.123.123 myconfluence.com
localhost myconfluence.com

it works without any issues and locally I am able to use synchrony. Because I have a proper SSL certificate installed both locally and in the external server, I am able to access it both ways. All this works perfectly until synchrony is enabled. Actually locally synchrony works behind the above proxy without any issues.

Now here is where the problem starts. 

After this, I have a remote server that allows me to access the same globally with a static IP. I open an ssh reverse tunnel to make this happen. The command is something like this.

ssh 123.123.123.123 -R 7789:localhost:443

The remote server is a  Ubuntu Linux, and this is the apache config file

<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot /var/www/html/myconfluence.com
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
RewriteEngine on
SSLEngine On
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myconfluence.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony https://localhost:7789/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:7789%{REQUEST_URI} [P]
</Location>
ProxyPass / https://localhost:7789/
ProxyPassReverse / https://localhost:7789/
<Location /c>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/myconfluence.com_443/error.log
CustomLog ${APACHE_LOG_DIR}/myconfluence.com_443/access.log combined
</VirtualHost>
</IfModule>

This is not working. Confluence is just working fine, but synchrony is not. 

And after this, I have one more layer which is a Cloudflare, that I didn't even try yet, but I hope it works out of the box if I can get the can fix this. 

Please note confluence is working fine as it is, I am struggling only with synchrony. 

Also, I am wondering, why I have to rewrite and proxy WebSocket, earlier I don't remember I had to ever configure confluence like this. I think I made it overcomplicated by doing something fundamentally wrong. 

People will notice that in the tunnel I am tunnel 443 which is apachehttpd not the tomcat. This is because in this website I want to host a few other things and wanted all traffic to go cleanly through a single tunnel. Which is another reason why context path is /c and not /

Please have a look and help me.

Thank you

 

 

Edit 

I was able to get this working by forwarding both the ports, one for confluence and other for synchrony and it works fine even behind cloudflare. It is a fix for sure. But if cloudflare is able to work, even my mirror server with static IP (as an example shown as 123.123.123.123 ) should also be able to do this. 

So this is the additional tunnel I created.

ssh 123.123.123.123 -R 7791:localhost:8091

And this is which worked

<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot /var/www/html/myconfluence.com
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
SSLEngine On
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myconfluence.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony http://localhost:7791/synchrony
<Location /synchrony>
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:7791%{REQUEST_URI} [P]
</Location>
ProxyPass / https://localhost:7789/
ProxyPassReverse / https://localhost:7789/
<Location /c>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/myconfluence.com_443/error.log
CustomLog ${APACHE_LOG_DIR}/myconfluence.com_443/access.log combined
</VirtualHost>
</IfModule>

So the modified question is

  • Is this correct way it should be done?
  • Is there a way of not having to open 2 tunnels?

 

Thank you

1 answer

0 votes
Fabian Lim Community Leader Dec 26, 2021

Hi Nithya,

I recommend you review the KB articles here on collaborative editing: https://confluence.atlassian.com/doc/possible-confluence-and-synchrony-configurations-958779064.html

If you still have issues, please contact Atlassian support.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.4
TAGS
Community showcase
Published in Confluence Cloud

🏠 Say hello to the new Confluence Home!

Hi Atlassian Community, My name is DJ Chung, and I’m a Product Manager on the Confluence Cloud team. Today, I’m excited to share a new and improved version of Home. The new Home helps you ...

1,047 views 8 42
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you