Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

NGINX Synchrony Reverse Proxy and Confluence without Context

Jon Chau
Jon Chau January 7, 2020

I was able to get collaborative editing working with the NGINX reverse proxy as specified by this page here using context path for Confluence.  However, I don't want to use a context path and am having trouble as the editor won't load my page.

Here are excerpts from my config files:

server.xml

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="confluencedev.domain.com" proxyPort="443" scheme="https" secure="true"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">
     <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
          <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
               <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
               <Manager pathname=""/>
               <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
          </Context>
          <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
reloadable="false" useHttpOnly="true">
               <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
          </Context> 

 nginx.conf:

server {
listen confluencedev.domain.com:80;
server_name confluencedev.domain.com;

listen 443 default ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

# ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/ssl.access.log;
error_log /var/log/nginx/ssl.error.log;

location / {
client_max_body_size 256m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
proxy_connect_timeout 360s;
proxy_send_timeout 360s;
proxy_read_timeout 360s;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 Any thoughts?  There's no errors in the atlassian-synchrony.log, but I see 502 errors in fiddler when I try to go to the edit page for /synchrony and /synchrony-proxy. 

Answer
Watch
Like Be the first to like this
2177 views

2 answers

1 accepted

0 votes
Answer accepted
Jon Chau
Jon Chau February 12, 2020

Turned out to be an issue specific to Nginx and SELinux.  The following page has instructions on how to resolvethe issue:

https://confluence.atlassian.com/bitbucketserverkb/13-permission-denied-while-connecting-to-upstream-while-configuring-ngnix-803374014.html

Reply
0 votes
Diego
Diego
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 8, 2020

Hey there, @Jon Chau!
As I understand, we are facing a Bad Gateway issue when trying to connect with the editor.

The first thing we can check is:

Confluence Base URL:

 

Looking at your files, no issue caught my eye. The only questions I have are:

  1. Is this your whole server.xml? if not, did you comment out the non-proxied connector?
  2. Was the ssl_session_timeout parameter left out on purpose?
  3. Did you restart both NGINX and Confluence after applying the changes?
  4. Are you able to access pages normally, even when the editor does not load?

 

Let us hear from you, Jon!

View More Comments
Jon Chau
Jon Chau January 8, 2020

Hi @Diego

Base URL is configured without context path, ie - https://confluencedev.domain.com

  1. That is the only connector enabled, but here's my whole server.xml:
    1. <Server port="8000" shutdown="SHUTDOWN" debug="0">
      <Service name="Tomcat-Standalone">
      <!--
      ==============================================================================================================
      DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.

      If using a http/https proxy, comment out this connector.
      ==============================================================================================================
      -->
      <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
      maxThreads="48" minSpareThreads="10"
      enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      proxyName="confluencedev.domain.com" proxyPort="443" scheme="https" secure="true"/>

      <!--
      ==============================================================================================================
      HTTP - Proxying Confluence via Apache or Nginx over HTTP

      If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.
      Make sure you provide the right information for proxyName and proxyPort.

      For more information see:
      Apache - https://confluence.atlassian.com/x/4xQLM
      nginx - https://confluence.atlassian.com/x/TgSvEg

      ==============================================================================================================
      -->

      <!--
      <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
      maxThreads="48" minSpareThreads="10"
      enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
      -->

      <!--
      ==============================================================================================================
      HTTPS - Direct connector with no proxy, for unproxied HTTPS access to Confluence.

      For more info see https://confluence.atlassian.com/x/s3UC
      ==============================================================================================================
      -->

      <!--
      <Connector port="8443" maxHttpHeaderSize="8192"
      maxThreads="150" minSpareThreads="25"
      protocol="org.apache.coyote.http11.Http11Nio2Protocol"
      enableLookups="false" disableUploadTimeout="true"
      acceptCount="100" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
      URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
      -->

      <!--
      ==============================================================================================================
      HTTPS - Proxying Confluence via Apache or Nginx over HTTPS

      If you're proxying traffic to Confluence over HTTPS, uncomment the connector below and comment out the others.
      Make sure you provide the right information for proxyName and proxyPort.

      For more information see:
      Apache - https://confluence.atlassian.com/x/PTT3MQ
      nginx - https://confluence.atlassian.com/x/cNIvMw
      ==============================================================================================================
      -->

      <!--
      <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
      maxThreads="48" minSpareThreads="10"
      enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      scheme="https" secure="true" proxyName="<subdomain>.<domain>.com" proxyPort="443"/>
      -->

      <Engine name="Standalone" defaultHost="localhost" debug="0">
      <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
      <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
      <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
      <Manager pathname=""/>
      <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
      </Context>

      <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
      reloadable="false" useHttpOnly="true">
      <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
      </Context>
      </Host>
      </Engine>
      </Service>
      </Server>
  2. Yes, we were not using that parameter before so I left it out
  3. Yes, I've restarted both NGINX and Confluence after each attempt at changing the configurations
  4. Yes, I'm able to access all pages in Confluence normally, just unable to edit.
Like
Jon Chau
Jon Chau February 3, 2020

For now, we have a work around by using synchrony against the internal proxy.  This was done by removing the /synchrony {} block from the NGINX config, and adding the following line to the <confluence-install>/bin/setenv.sh file:

CATALINA_OPTS=-Dsynchrony.proxy.enabled=true ${CATALINA_OPTS}"
Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events