Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,553,369
Community Members
 
Community Events
184
Community Groups

Issues in running synchrony behind 2 reverse proxies

Edited

Hi,

I am struggling to make confluence run with synchrony on an ssh tunnel reverse proxy. 

The setup and requirement is as follows

  • http://localhost:8080/c confluence (notice that the context path is /c
  • localhost:8091 synchrony (default no change done)
  • with a local apache HTTP proxy this is routed to https 443 on localhost
  • I have a proper SSL certificate for my website ( say myconfluence.com as an example) which allows me to access the website with https with the browser having no issues. 

This is my localhost apache httpd config and it works without any issues and locally I am able to use synchrony. (I am windows 10)

Listen 80
Listen 443
<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot c:/Apache24/htdocs/myconfluence.com_80
ErrorLog logs/myconfluence.com_80/error.log
CustomLog logs/myconfluence.com_80/access.log combined
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
RewriteEngine on
SSLEngine On
SSLProxyEngine On
Include f:/etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile f:/etc/letsencrypt/myconfluence.com/fullchain.pem
SSLCertificateKeyFile f:/etc/letsencrypt/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
# https://confluence.atlassian.com/conf74/using-apache-with-mod_proxy-1003129518.html
ProxyPass /synchrony http://localhost:8090/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>
<Proxy *>
Require all granted
</Proxy>
DocumentRoot f:/data/myconfluence.com
ProxyPass /c http://localhost:8090/c
ProxyPassReverse /c http://localhost:8090/c
ProxyRequests off
ErrorLog F:/data/myconfluence.com_logs/error.log
CustomLog F:/data/myconfluence.com_logs/access.log combined
</VirtualHost>
</IfModule>

The above works flawlessly.

To test it I just add the following line in my c:\Windows\System32\drivers\etc\hosts file

#123.123.123.123 myconfluence.com
localhost myconfluence.com

it works without any issues and locally I am able to use synchrony. Because I have a proper SSL certificate installed both locally and in the external server, I am able to access it both ways. All this works perfectly until synchrony is enabled. Actually locally synchrony works behind the above proxy without any issues.

Now here is where the problem starts. 

After this, I have a remote server that allows me to access the same globally with a static IP. I open an ssh reverse tunnel to make this happen. The command is something like this.

ssh 123.123.123.123 -R 7789:localhost:443

The remote server is a  Ubuntu Linux, and this is the apache config file

<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot /var/www/html/myconfluence.com
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
RewriteEngine on
SSLEngine On
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myconfluence.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony https://localhost:7789/synchrony
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:7789%{REQUEST_URI} [P]
</Location>
ProxyPass / https://localhost:7789/
ProxyPassReverse / https://localhost:7789/
<Location /c>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/myconfluence.com_443/error.log
CustomLog ${APACHE_LOG_DIR}/myconfluence.com_443/access.log combined
</VirtualHost>
</IfModule>

This is not working. Confluence is just working fine, but synchrony is not. 

And after this, I have one more layer which is a Cloudflare, that I didn't even try yet, but I hope it works out of the box if I can get the can fix this. 

Please note confluence is working fine as it is, I am struggling only with synchrony. 

Also, I am wondering, why I have to rewrite and proxy WebSocket, earlier I don't remember I had to ever configure confluence like this. I think I made it overcomplicated by doing something fundamentally wrong. 

People will notice that in the tunnel I am tunnel 443 which is apachehttpd not the tomcat. This is because in this website I want to host a few other things and wanted all traffic to go cleanly through a single tunnel. Which is another reason why context path is /c and not /

Please have a look and help me.

Thank you

 

 

Edit 

I was able to get this working by forwarding both the ports, one for confluence and other for synchrony and it works fine even behind cloudflare. It is a fix for sure. But if cloudflare is able to work, even my mirror server with static IP (as an example shown as 123.123.123.123 ) should also be able to do this. 

So this is the additional tunnel I created.

ssh 123.123.123.123 -R 7791:localhost:8091

And this is which worked

<VirtualHost *:80>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
DocumentRoot /var/www/html/myconfluence.com
Redirect Permanent / https://myconfluence.com/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName myconfluence.com
ServerAlias www.myconfluence.com
ServerAdmin admin@myconfluence.com
SSLEngine On
SSLProxyEngine On
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/myconfluence.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/myconfluence.com/privkey.pem
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Require all granted
</Proxy>
ProxyPass /synchrony http://localhost:7791/synchrony
<Location /synchrony>
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:7791%{REQUEST_URI} [P]
</Location>
ProxyPass / https://localhost:7789/
ProxyPassReverse / https://localhost:7789/
<Location /c>
Require all granted
</Location>
ErrorLog ${APACHE_LOG_DIR}/myconfluence.com_443/error.log
CustomLog ${APACHE_LOG_DIR}/myconfluence.com_443/access.log combined
</VirtualHost>
</IfModule>

So the modified question is

  • Is this correct way it should be done?
  • Is there a way of not having to open 2 tunnels?

 

Thank you

1 answer

0 votes
Fabian Lim
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Dec 26, 2021

Hi Nithya,

I recommend you review the KB articles here on collaborative editing: https://confluence.atlassian.com/doc/possible-confluence-and-synchrony-configurations-958779064.html

If you still have issues, please contact Atlassian support.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.4
TAGS
AUG Leaders

Atlassian Community Events