Unable to create and edit page after upgrade to 6.0.1 with https enable on port 443

After I upgraded to latest 6.0.1 I'm not able to create and edit pages anymore if https is enable. The loading symbol does not disapear and after some time I see the message:

Loading the editor's taking longer than usual. Give it a few moments, then refresh your page if it still doesn't load.

Is https turned off, collaborative editing works correctly.

Https with switched off collaborative editing works
Https ports in the firewall are switched on.

Cheers

Reinhard


2 answers

It makes sense to compare your old server.xml to the new one. As Atlassian products "upgrade" they list files that are altered from their original states, and it's good practice to compare all files listed here to make sure you don't default changes you made during the last versions existence. Relating to SSL, http/https ports, 2 files commonly replaced with defaults are:

server.xml

cacerts (keystore containing all the SSL keys needed for https to https connectivity), this file can be copied to the replace the default cacerts in the new confluence folder, without changing it.

As for server.xml, don't just copy it, but check what connectors you see configured there. You can copy paste a connector tag subset to the new server.xml, but make sure it follows the same syntax as the other connector in the new file.

If you step-stoned your upgrade from a version, to another, to your final version, you are looking for the files from the confluence instance running before any upgrade started.

Compare them with your old, most likely you use a apache mod proxy to rewrite port 80/443 -> confluence internal ports, and one of the legacy ports you added are missing here. Also note that if you do use an apache mod proxy, do yourself a favor and terminate all SSL on the mod proxy, and forward the traffic to a HTTP port.

Hi Jonas,
thanks for the answer.

1. The original configuration files are used
2. All https changes were taken from old 1:1 
3. No Apache mod_proxy is used
4. no other web server is running on the application server
5. only the redirecport is changed 

This is my server.xml:

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false">

<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-
INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->

<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8"
keystorePass="xxxxxxxxxxxxxxxxxxxxxxxx"
keystoreFile="e:\sslkey\keystore"/>

</Service>
</Server>

Solution

Your own CA certificates must be imported into cacerts.

Where is the file: <CONFLUENCE_INSTALLATION>/confluence/jre/lib/security/cacerts

How dos it work: https://docs.microsoft.com/en-us/azure/java-add-certificate-ca-store

If as windows service, then the following entries supplement

-Djavax.net.ssl.trustStore=path to your keystore file
-Djavax.net.ssl.trustStorePassword=keystore password

image2016-11-25 14:25:38.png

 

For Linux, enter in the sentenv.sh

 

Before a Wiki Stop Caollaborative Editing off, turn on after the start manually

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Jul 10, 2018 in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

681 views 21 12
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you