Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Tomcat config is incorrect

Deleted user September 16, 2019

After our linux administrator installed an SSL certificate he is currently receiving the following Tomcat config is incorrect error:

tomcat_error.PNG

He stated he followed the troubleshooting article at https://confluence.atlassian.com/confkb/can-t-check-base-url-warning-in-confluence-6-6-or-later-939718433.html and verified the settings are correct. Most likely this is due to the article being dated. Below is the server.xml file:

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<!--
==============================================================================================================
DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.

If using a http/https proxy, comment out this connector.
==============================================================================================================
-->
<!--
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"/>
-->
<!--
==============================================================================================================
HTTP - Proxying Confluence via Apache or Nginx over HTTP

If you're proxying traffic to Confluence over HTTP, uncomment the connector below and comment out the others.
Make sure you provide the right information for proxyName and proxyPort.

For more information see:
Apache - https://confluence.atlassian.com/x/4xQLM
nginx - https://confluence.atlassian.com/x/TgSvEg

==============================================================================================================
-->

<!--
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="http" proxyName="confluence.site.com" proxyPort="80"/>
-->

<!--
==============================================================================================================
HTTPS - Direct connector with no proxy, for unproxied HTTPS access to Confluence.

For more info see https://confluence.atlassian.com/x/s3UC
==============================================================================================================
-->

<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->

<!--
==============================================================================================================
HTTPS - Proxying Confluence via Apache or Nginx over HTTPS

If you're proxying traffic to Confluence over HTTPS, uncomment the connector below and comment out the others.
Make sure you provide the right information for proxyName and proxyPort.

For more information see:
Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/cNIvMw
==============================================================================================================
-->


<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" proxyName="confluence.site.com" proxyPort="443"/>


<Engine name="Standalone" defaultHost="localhost" debug="0">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>

Also, here is the nginx.conf file:

server {
listen confluence.site.com:80;
server_name confluence.site.com;

listen 443 default ssl;
ssl_certificate /etc/ssl/private/confluence.site.com.crt;
ssl_certificate_key /etc/ssl/private/confluence.site.com.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;

location / {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 

Answer
Watch
Like Be the first to like this
2984 views

1 answer

0 votes
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 17, 2019

I think that connector definition looks right. (*assuming you replaced confluence.site.com with your sitename referenced in the screenshot. Else you have the wrong file)

I'd start with your nginx file.

split your server blocks so that the 80 redirects to the 443

server {
listen 80;
server_name confluence confluence.site.com;
return 301 https://confluence.site.com$request_uri;
}

# HTTPS server
#
server {
listen 443 ssl;
server_name confluence confluence.site.com;
View More Comments
Deleted user September 18, 2019

Hello Andrew,

Thanks for the suggestions; however, the solution did not work. We did replace confluence.site.com with our site name and tried your recommendation. Do you have another recommendation?

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 19, 2019

you updated the nginx file or the server.xml file?

Start with the server.xml file. Make sure the line

scheme="https" secure="true" proxyName="confluence.site.com" proxyPort="443"/>

is changed to

scheme="https" secure="true" proxyName="confluence.gazette.com" proxyPort="443"/>

Like
Deleted user September 19, 2019

The nginx.conf file was updated.

We verified within server.xml file that the format is set to:

scheme="https" secure="true" proxyName="confluence.gazette.com" proxyPort="443"/>

Like
Deleted user September 24, 2019

Hello Andrew,

Are you still able to help me with this issue? If not, do you know how I can disable the URL base checking as the article suggests? I tried looking for the addon option when clicking the cog in Confluence and it is not there.

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 24, 2019

So you updated the line in your server.xml (in the correct uncommented section), and restarted confluence and you are still getting the exact same error?  Can you repost your server.xml file with the corrections, since the one above is not correct.

Like
Evgeny
Evgeny January 9, 2020

Hello! I have a problem, too. a string in the server.xml
scheme= "https" secure= "true" proxyName="atl.mysite.su" proxy Port= "443"/>

Mistake
Tomcat config is incorrect

The Tomcat server.xml has an incorrect configuration:
the scheme should be 'https'
proxy Name should be 'atl.mysite.su'
proxyPort should be '443'

There is no nginx httpd configuration file

Confluence 6.9.1

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events