Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

NGINX Synchrony Reverse Proxy and Confluence without Context Edited

I was able to get collaborative editing working with the NGINX reverse proxy as specified by this page here using context path for Confluence.  However, I don't want to use a context path and am having trouble as the editor won't load my page.

Here are excerpts from my config files:

server.xml

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
proxyName="confluencedev.domain.com" proxyPort="443" scheme="https" secure="true"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>
<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context> 

 nginx.conf:

server {
listen confluencedev.domain.com:80;
server_name confluencedev.domain.com;

listen 443 default ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;

# ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

access_log /var/log/nginx/ssl.access.log;
error_log /var/log/nginx/ssl.error.log;

location / {
client_max_body_size 256m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
proxy_connect_timeout 360s;
proxy_send_timeout 360s;
proxy_read_timeout 360s;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 Any thoughts?  There's no errors in the atlassian-synchrony.log, but I see 502 errors in fiddler when I try to go to the edit page for /synchrony and /synchrony-proxy. 

2 answers

1 accepted

0 votes
Answer accepted

Turned out to be an issue specific to Nginx and SELinux.  The following page has instructions on how to resolvethe issue:

https://confluence.atlassian.com/bitbucketserverkb/13-permission-denied-while-connecting-to-upstream-while-configuring-ngnix-803374014.html

0 votes
Diego Atlassian Team Jan 08, 2020

Hey there, @Jon Chau!
As I understand, we are facing a Bad Gateway issue when trying to connect with the editor.

The first thing we can check is:

Confluence Base URL:

 

Looking at your files, no issue caught my eye. The only questions I have are:

  1. Is this your whole server.xml? if not, did you comment out the non-proxied connector?
  2. Was the ssl_session_timeout parameter left out on purpose?
  3. Did you restart both NGINX and Confluence after applying the changes?
  4. Are you able to access pages normally, even when the editor does not load?

 

Let us hear from you, Jon!

Hi @Diego

Base URL is configured without context path, ie - https://confluencedev.domain.com

  1. That is the only connector enabled, but here's my whole server.xml:
    1. <Server port="8000" shutdown="SHUTDOWN" debug="0">
      <Service name="Tomcat-Standalone">
      <!--
      ==============================================================================================================
      DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.

      If using a http/https proxy, comment out this connector.
      ==============================================================================================================
      -->
      <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
      maxThreads="48" minSpareThreads="10"
      enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      proxyName="confluencedev.domain.com" proxyPort="443" scheme="https" secure="true"/>

      <!--
      ==============================================================================================================
      HTTP - Proxying Confluence via Apache or Nginx over HTTP

      If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.
      Make sure you provide the right information for proxyName and proxyPort.

      For more information see:
      Apache - https://confluence.atlassian.com/x/4xQLM
      nginx - https://confluence.atlassian.com/x/TgSvEg

      ==============================================================================================================
      -->

      <!--
      <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
      maxThreads="48" minSpareThreads="10"
      enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>
      -->

      <!--
      ==============================================================================================================
      HTTPS - Direct connector with no proxy, for unproxied HTTPS access to Confluence.

      For more info see https://confluence.atlassian.com/x/s3UC
      ==============================================================================================================
      -->

      <!--
      <Connector port="8443" maxHttpHeaderSize="8192"
      maxThreads="150" minSpareThreads="25"
      protocol="org.apache.coyote.http11.Http11Nio2Protocol"
      enableLookups="false" disableUploadTimeout="true"
      acceptCount="100" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
      URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
      -->

      <!--
      ==============================================================================================================
      HTTPS - Proxying Confluence via Apache or Nginx over HTTPS

      If you're proxying traffic to Confluence over HTTPS, uncomment the connector below and comment out the others.
      Make sure you provide the right information for proxyName and proxyPort.

      For more information see:
      Apache - https://confluence.atlassian.com/x/PTT3MQ
      nginx - https://confluence.atlassian.com/x/cNIvMw
      ==============================================================================================================
      -->

      <!--
      <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
      maxThreads="48" minSpareThreads="10"
      enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      scheme="https" secure="true" proxyName="<subdomain>.<domain>.com" proxyPort="443"/>
      -->

      <Engine name="Standalone" defaultHost="localhost" debug="0">
      <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
      <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
      <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
      <Manager pathname=""/>
      <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
      </Context>

      <Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
      reloadable="false" useHttpOnly="true">
      <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
      </Context>
      </Host>
      </Engine>
      </Service>
      </Server>
  2. Yes, we were not using that parameter before so I left it out
  3. Yes, I've restarted both NGINX and Confluence after each attempt at changing the configurations
  4. Yes, I'm able to access all pages in Confluence normally, just unable to edit.

For now, we have a work around by using synchrony against the internal proxy.  This was done by removing the /synchrony {} block from the NGINX config, and adding the following line to the <confluence-install>/bin/setenv.sh file:

CATALINA_OPTS=-Dsynchrony.proxy.enabled=true ${CATALINA_OPTS}"

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Posted in Confluence

What do you think is the most *delightful* Confluence feature? Comment for a prize!

- Create your own custom emoji 🔥 - "Shake for Feedback" on mobile 📱 - An endless supply of GIFs via GIPHY 🤩 Is there anything quite as nice as a pleasant surprise? Comment below with what...

342 views 23 8
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you