NGINX Reverse Proxy for Confluence

Hello,

I followed the documentation for using NGINX to reverse proxy to port 80, however, when I go to the FQDN without the port, I receive the default NGINX page. This may have to do with the example using www.example.com/conflunece, while ours is confluence.domain.com. Could anyone assist me with this? I'm setting up a POC for us. Management does not want to have to remember the port number to append it to the URL.

1 answer

1 accepted

This widget could not be displayed.
Sam Hall Community Champion Feb 01, 2017

Hi Neil,

Based on the instructions here: https://confluence.atlassian.com/confkb/how-to-use-nginx-to-proxy-requests-for-confluence-313459790.html, and assuming you are on Confluence 6.0+) try something like this in your NGINX server block (replace your-domain.com with your POC domain):

server {
        listen confluence.your-domain.com:80;
        server_name confluence.your-domain.com;
        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:8090;
        }
        location /synchrony {
                proxy_set_header X-Forwarded-Host $host:
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://localhost:8091/synchrony;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "Upgrade";
        }
}

Make sure the context path in <CONFLUENCE-INSTALL>/conf/server.xml is empty (i.e. not "/confluence"):

&lt;Context path="" docBase="../confluence" debug="0" reloadable="false"&gt;

Make sure proxyName and proxyPort are set in <CONFLUENCE-INSTALL>/conf/server.xml:

&lt;Connector port="8090" connectionTimeout="20000" redirectPort="8443"
           maxThreads="48" minSpareThreads="10"
           enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           proxyName="confluence.your-domain.com" proxyPort="80"/&gt;

Hope this helps.

Sam

Sam,

 

Thank you for the help. I'm still having an issue though. When visiting the page without the port I'm getting "This site can’t be reached, confluence.domain.com refused to connect." I can still access it via :8090 though.

Edit: Nevermind, for some reason, it wasn't running. I started the service and it is working properly now. Thank you again!

Sam,

I got the site up and working, however, now there are issues with editing anything on the Wiki. There was issues with Synchrony, so I disabled collaborative editing, but there's also issues when trying to select page templates and use macros. Any idea why?

The above was running reverse proxy with NGINX over SSL. I have since switched to mod_proxy with apache. Everything is working at the moment, but I'm going to try and use SSL as well.

Sam Hall Community Champion Feb 03, 2017

For SSL with NGINX you'd need to update a couple of things.

Make sure proxyName is set to "443" and scheme is set to "https" in <CONFLUENCE-INSTALL>/conf/server.xml. Something like:

&lt;Connector port="8090" connectionTimeout="20000" redirectPort="8443"
           maxThreads="48" minSpareThreads="10"
           enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
           protocol="org.apache.coyote.http11.Http11NioProtocol"
           proxyName="confluence.your-domain.com" proxyPort="443" scheme="https"/&gt;

Then you'd have to set up your NGNIX server block something like the example given at https://confluence.atlassian.com/doc/running-confluence-behind-nginx-with-ssl-858772080.html, but adjusted to use a sub-domain, rather than a "/confluence" context path. Something like:

server {
    listen confluence.your-domain.com:80;
    server_name confluence.your-domain.com;
 
    listen 443 default ssl;
    ssl_certificate     /usr/local/etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /usr/local/etc/nginx/ssl/nginx.key;
 
    ssl_session_timeout  5m;
 
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;
    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8090;
    }
    location /synchrony {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8091/synchrony;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}

A Confluence and NGINX restart would be needed after making these changes.

I actually made some changed. I switched to Ubuntu so I could get apache version > 2.4.10 and switched from NGINX to using mod_proxy. The issue still persists though. 

My configs are below:

Apache (The rewrites below SSL block was something I was testing as it helped someone else)

&lt;VirtualHost *:443&gt;
    ServerName example.domain.com
        ProxyRequests Off
        &lt;Proxy *&gt;
          Require all granted
        &lt;/Proxy&gt;

#        ProxyPass / http://example.domain.com:8090/
#        ProxyPassReverse / example.domain.com:8090/


        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/cert.pem
        SSLCertificateKeyFile /etc/ssl/private/key.key


       RewriteEngine On
       RewriteCond %{REQUEST_URI} !^/synchrony
       RewriteRule ^/(.*) http://example.domain.com:8090/$1 [P]


        &lt;Location /&gt;
                Require all granted
        &lt;/Location&gt;
 
        ProxyPass /synchrony http://example.domain.com:8091/synchrony
        &lt;Location /synchrony&gt;
                Require all granted
                RewriteEngine on
                RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
                RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
                RewriteRule .* ws://example.domain.com:8091%{REQUEST_URI} [P]
        &lt;/Location&gt;
&lt;/VirtualHost&gt;
&lt;VirtualHost *:80&gt;
    ServerName example.domain.com
    Redirect Permanent /  https://example.domain.com/
    Redirect Permanent /synchrony   https://example.domain.com/synchrony
&lt;/VirtualHost&gt;
&lt;Server port="8000" shutdown="SHUTDOWN" debug="0"&gt;
    &lt;Service name="Tomcat-Standalone"&gt;
&lt;!--        &lt;Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol"/&gt;  --&gt;
        &lt;Connector port="8090"
        maxThreads="48"
        minSpareThreads="10"
        connectionTimeout="20000"
        enableLookups="false"
        maxHttpHeaderSize="8192"
        protocol="org.apache.coyote.http11.Http11NioProtocol"
        useBodyEncodingForURI="UTF-8"
        redirectPort="8443"
        acceptCount="10"
        disableUploadTimeout="true"
        proxyName="example.domain.com"
        proxyPort="443"
        secure="true"
        scheme="https"/&gt;
        &lt;Engine name="Standalone" defaultHost="localhost" debug="1"&gt;
            &lt;Host name="example.domain.com" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4"&gt;
                &lt;Context path="" docBase="../confluence" debug="0" reloadable="false"&gt;
                    &lt;!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties --&gt;
                    &lt;Manager pathname="" /&gt;
                    &lt;Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" /&gt;
                &lt;/Context&gt;
            &lt;/Host&gt;
        &lt;/Engine&gt;
        &lt;!--
            To run Confluence via HTTPS:
             * Uncomment the Connector below
             * Execute:
                 %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
                 $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
               with a password value of "changeit" for both the certificate and the keystore itself.
             * Restart and visit https://localhost:8443/
             For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
        --&gt;
&lt;!--
        &lt;Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="&lt;MY_CERTIFICATE_PASSWORD&gt;"/&gt;
--&gt;
    &lt;/Service&gt;
&lt;/Server&gt;

 

In the end, it still does this:

 

 

 

Sam Hall Community Champion Feb 03, 2017

Ah right. Sorry, I thought you were asking for help on NGINX + SSL. 

If you've switched to Apache, can you create a new question with the details of the issue you are currently having? 

That way it will have more visibility to other members of the community here who use Apache, and you are more likely to get a good answer for your current issue.

This thread is getting a bit difficult to follow. When you say the issue still persists, I'm not sure if you mean the original issue (i.e. can't access at the URL you expect), problems with Synchrony or problems with user macros/page templates. So probably best for you to start a new, unanswered question with clear details.

Sam

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Why start from scratch? Introducing four new templates for Confluence Cloud

Hi my Community friends!  For those who don't know me, I'm a product marketer on the Confluence Cloud team - nice to meet you! For those of you who do, you know that I've been all up in your Co...

460 views 6 6
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you