Run Confluence behind BigIP F5

Hello I would like to ask how to configure confluence so ti could run behind F5 (VS F5 will act as HTTPS/SSL).

I have tried to configure as follow : ( I got error because tomcat could not use port 80)

<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="80" minProcessors="5"
                   maxProcessors="75" proxyPort="443" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSEnabled="true"
                   enableLookups="false" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="20000"
                   useURIValidationHack="false" URIEncoding="UTF-8" />
Then I have tried this configuration too : (I could not access confluence in https mode)
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5"
                   maxProcessors="75" proxyPort="443" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" SSEnabled="true"
                   enableLookups="false" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="20000"
                   useURIValidationHack="false" URIEncoding="UTF-8" />
Could you give me guidance for my problem? thank you...

1 answer

Hi Felix, the configuration in Confluence for F5 is basically the same as for Apache. You can configure your server.xml as in the example of this doc. Then your connector would look like this:

&lt;Connector port="8090" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" redirectPort="8443" acceptCount="100"
           connectionTimeout="20000" disableUploadTimeout="true"
           proxyName="www.example.com" proxyPort="80" /&gt;

I hope it helps.

Cheers

I have connections with F5. If you have further questions about running confluence on F5 I can ask questions for you.

I have tried that configuration, but It seems some problem still occurs, could someone help me?

Can you clarify a bit what is the problem?

I just got response "the connection was reset", but if I look carefully, I thought, I have got the right URL in the browser, do you have any suggestion to solve this?. I have done same thing to the JIRA , and the result was JIRA could run smoothly behind F5. I still don't get what is the difference configuration between JIRA and confluence if those 2 products run behind F5.

Tiago is correct. Using Confluence behind an F5 BigIp is as simple as setting up your Confluence instance, configuring the apache mod_proxy (or whatever you will use). Once Confluence is serving up data on whatever port you require, you configure your LTM as normal with the correct port for Confluence. The BigIP sees your Confluence instance the same as any other website. Atlassian has plentiful documentation on properly configuring mod_proxy and other frontends, make sure you read those docs.

@David Devers Thank you for your comment,have you configured confluence behind bigip F5? could you tell me what is your F5 configuration? basically, I create 2 VS in F5 , first it servers 443 (cert already installed) and the second one is VS that servers for port 80. The both of VS have node that listen on port 8090. What do you think ? thank you.

@felix, our LTM (F5 BigIP) configuration is beyond the scope of this document. Further, I am an employee of F5, and our BigIP configurations reflect our "dog food" policy. We use features that we might not recommend to end users, so our specific configuration might not be applicable to your environment and would not be a configuration I'd recommend to end users. The main point here is that your Confluence server configuration and your F5 BigIP configuration are two separate topics. Focus on getting your Confluence server up and running, and serving web pages as usual. When you can successfully browse Confluence directly on your server, THEN you go about setting up your BigIP. For help configuring your BigIP, you're going to have to read the manual. There are many different ways to setup a BigIP and what is "best" depends entirely on your environment, and will involve decisions that should probably be made cooperatively with your network team. There really is no universal "correct" configuration. For instance, do you want to run multiple servers with SSL cert arbitration on the BigIP? That would require a specific setup. Do you want to run a simple active/standby failover with no SSL? Again, that requires a different setup. If your company has a valid license for the BigIP, you can use F5's online documentation to answer many of your questions at http://support.f5.com. Please, go there and read the admin docs, and it will really REALLY help. You can also take advantage of our interactive training at http://university.f5.com Bona fortuna! :)

@David Devers thank you for your answer. In my case confluence could run smoothly, so I think I will ask my question to the F5 support. Again, thank you...

I noticed that you have SSL enabled in both of your configuration examples. If you have the F5 managing/terminating the SSL connection, you don't need to have SSL enabled within Tomcat. If you need SSL connection between the F5 and Tomcat make sure that you have the SSL Profiles (Server) set on your Virtual Servers. Typically, the default "serverssl" profile will do the job. I have mine set with ports 80 and 443 on the F5. The F5 has an iRule that redirects all port 80 traffic to 443. Traffic between the F5 and Tomcat is not encrypted. My connection profile for tomcat is below. One last thing is to make sure that your server base URL in Confluence is set to https://<FQDN>/confluence. Basically, to the URL that users will use. {code} <Connector port="8080" proxyName="example.com" proxyPort="443" scheme="https" protocol="HTTP/1.1" connectionTimeout="20000" timeout="1200000" keepAliveTimeout="1200000" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" acceptCount="100" disableUploadTimeout="false" URIEncoding="UTF-8" redirectPort="8443" /> {code}

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Monday in Confluence

Organizing your space just got easier - Page Tree Drag & Drop is here

Hi Community! I’m Elaine, Confluence Product Manager. You may have read my earlier post about page tree in space navigation sidebar. I'm excited to share another improvement that helps you organize ...

63 views 3 2
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you