Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

NGINX Reverse Proxy for Confluence

Neil Schulz
Neil Schulz February 1, 2017

Hello,

I followed the documentation for using NGINX to reverse proxy to port 80, however, when I go to the FQDN without the port, I receive the default NGINX page. This may have to do with the example using www.example.com/conflunece, while ours is confluence.domain.com. Could anyone assist me with this? I'm setting up a POC for us. Management does not want to have to remember the port number to append it to the URL.

Answer
Watch
Like ekkarat_w_gmail_com likes this
9083 views

1 answer

1 accepted

1 vote
Answer accepted
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 1, 2017

Hi Neil,

Based on the instructions here: https://confluence.atlassian.com/confkb/how-to-use-nginx-to-proxy-requests-for-confluence-313459790.html, and assuming you are on Confluence 6.0+) try something like this in your NGINX server block (replace your-domain.com with your POC domain):

server {
        listen confluence.your-domain.com:80;
        server_name confluence.your-domain.com;
        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:8090;
        }
        location /synchrony {
                proxy_set_header X-Forwarded-Host $host:
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:8091/synchrony;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
        }
}

Make sure the context path in <CONFLUENCE-INSTALL>/conf/server.xml is empty (i.e. not "/confluence"):

&lt;Context path="" docBase="../confluence" debug="0" reloadable="false"&gt;

Make sure proxyName and proxyPort are set in <CONFLUENCE-INSTALL>/conf/server.xml:

&lt;Connector port="8090" connectionTimeout="20000" redirectPort="8443"
           maxThreads="48" minSpareThreads="10"
           enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           proxyName="confluence.your-domain.com" proxyPort="80"/&gt;

Hope this helps.

Sam

View More Comments
Neil Schulz
Neil Schulz February 2, 2017

Sam,

 

Thank you for the help. I'm still having an issue though. When visiting the page without the port I'm getting "This site can’t be reached, confluence.domain.com refused to connect." I can still access it via :8090 though.

Edit: Nevermind, for some reason, it wasn't running. I started the service and it is working properly now. Thank you again!

Like
Neil Schulz
Neil Schulz February 3, 2017

Sam,

I got the site up and working, however, now there are issues with editing anything on the Wiki. There was issues with Synchrony, so I disabled collaborative editing, but there's also issues when trying to select page templates and use macros. Any idea why?

The above was running reverse proxy with NGINX over SSL. I have since switched to mod_proxy with apache. Everything is working at the moment, but I'm going to try and use SSL as well.

Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 3, 2017

For SSL with NGINX you'd need to update a couple of things.

Make sure proxyName is set to "443" and scheme is set to "https" in <CONFLUENCE-INSTALL>/conf/server.xml. Something like:

&lt;Connector port="8090" connectionTimeout="20000" redirectPort="8443"
           maxThreads="48" minSpareThreads="10"
           enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           proxyName="confluence.your-domain.com" proxyPort="443" scheme="https"/&gt;

Then you'd have to set up your NGNIX server block something like the example given at https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html, but adjusted to use a sub-domain, rather than a "/confluence" context path. Something like:

server {
    listen confluence.your-domain.com:80;
    server_name confluence.your-domain.com;
 
    listen 443 default ssl;
    ssl_certificate     /usr/local/etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key;
 
    ssl_session_timeout  5m;
 
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8090;
    }
    location /synchrony {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8091/synchrony;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

A Confluence and NGINX restart would be needed after making these changes.

Like
Neil Schulz
Neil Schulz February 3, 2017

I actually made some changed. I switched to Ubuntu so I could get apache version > 2.4.10 and switched from NGINX to using mod_proxy. The issue still persists though. 

My configs are below:

Apache (The rewrites below SSL block was something I was testing as it helped someone else)

&lt;VirtualHost *:443&gt;
    ServerName example.domain.com
        ProxyRequests Off
        &lt;Proxy *&gt;
          Require all granted
        &lt;/Proxy&gt;

#        ProxyPass / http://example.domain.com:8090/
#        ProxyPassReverse / example.domain.com:8090/


        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/cert.pem
        SSLCertificateKeyFile /etc/ssl/private/key.key


       RewriteEngine On
       RewriteCond %{REQUEST_URI} !^/synchrony
       RewriteRule ^/(.*) http://example.domain.com:8090/$1 [P]


        &lt;Location /&gt;
                Require all granted
        &lt;/Location&gt;
 
        ProxyPass /synchrony http://example.domain.com:8091/synchrony
        &lt;Location /synchrony&gt;
                Require all granted
                RewriteEngine on
                RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
                RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
                RewriteRule .* ws://example.domain.com:8091%{REQUEST_URI} [P]
        &lt;/Location&gt;
&lt;/VirtualHost&gt;
&lt;VirtualHost *:80&gt;
    ServerName example.domain.com
    Redirect Permanent /  https://example.domain.com/
    Redirect Permanent /synchrony   https://example.domain.com/synchrony
&lt;/VirtualHost&gt;
&lt;Server port="8000" shutdown="SHUTDOWN" debug="0"&gt;
    &lt;Service name="Tomcat-Standalone"&gt;
&lt;!--        &lt;Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol"/&gt;  --&gt;
        &lt;Connector port="8090"
        maxThreads="48"
        minSpareThreads="10"
        connectionTimeout="20000"
        enableLookups="false"
        maxHttpHeaderSize="8192"
        protocol="org.apache.coyote.http11.Http11NioProtocol"
        useBodyEncodingForURI="UTF-8"
        redirectPort="8443"
        acceptCount="10"
        disableUploadTimeout="true"
        proxyName="example.domain.com"
        proxyPort="443"
        secure="true"
        scheme="https"/&gt;
        &lt;Engine name="Standalone" defaultHost="localhost" debug="1"&gt;
            &lt;Host name="example.domain.com" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4"&gt;
                &lt;Context path="" docBase="../confluence" debug="0" reloadable="false"&gt;
                    &lt;!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties --&gt;
                    &lt;Manager pathname="" /&gt;
                    &lt;Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" /&gt;
                &lt;/Context&gt;
            &lt;/Host&gt;
        &lt;/Engine&gt;
        &lt;!--
            To run Confluence via HTTPS:
             * Uncomment the Connector below
             * Execute:
                 %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
                 $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
               with a password value of "changeit" for both the certificate and the keystore itself.
             * Restart and visit https://localhost:8443/
             For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
        --&gt;
&lt;!--
        &lt;Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="&lt;MY_CERTIFICATE_PASSWORD&gt;"/&gt;
--&gt;
    &lt;/Service&gt;
&lt;/Server&gt;

 

In the end, it still does this:

 

 

 

Like
Sam Hall
Sam Hall
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 3, 2017

Ah right. Sorry, I thought you were asking for help on NGINX + SSL. 

If you've switched to Apache, can you create a new question with the details of the issue you are currently having? 

That way it will have more visibility to other members of the community here who use Apache, and you are more likely to get a good answer for your current issue.

This thread is getting a bit difficult to follow. When you say the issue still persists, I'm not sure if you mean the original issue (i.e. can't access at the URL you expect), problems with Synchrony or problems with user macros/page templates. So probably best for you to start a new, unanswered question with clear details.

Sam

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events