Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to create and edit page after upgrade to 6.0.1 with https enable on port 443

Reinhard Piltz
Reinhard Piltz November 22, 2016

After I upgraded to latest 6.0.1 I'm not able to create and edit pages anymore if https is enable. The loading symbol does not disapear and after some time I see the message:

Loading the editor's taking longer than usual. Give it a few moments, then refresh your page if it still doesn't load.

Is https turned off, collaborative editing works correctly.

Https with switched off collaborative editing works
Https ports in the firewall are switched on.

Cheers

Reinhard


Answer
Watch
Like Tam Tran likes this
630 views

2 answers

1 vote
Jonas Andersson
Jonas Andersson
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 23, 2016

It makes sense to compare your old server.xml to the new one. As Atlassian products "upgrade" they list files that are altered from their original states, and it's good practice to compare all files listed here to make sure you don't default changes you made during the last versions existence. Relating to SSL, http/https ports, 2 files commonly replaced with defaults are:

server.xml

cacerts (keystore containing all the SSL keys needed for https to https connectivity), this file can be copied to the replace the default cacerts in the new confluence folder, without changing it.

As for server.xml, don't just copy it, but check what connectors you see configured there. You can copy paste a connector tag subset to the new server.xml, but make sure it follows the same syntax as the other connector in the new file.

If you step-stoned your upgrade from a version, to another, to your final version, you are looking for the files from the confluence instance running before any upgrade started.

Compare them with your old, most likely you use a apache mod proxy to rewrite port 80/443 -> confluence internal ports, and one of the legacy ports you added are missing here. Also note that if you do use an apache mod proxy, do yourself a favor and terminate all SSL on the mod proxy, and forward the traffic to a HTTP port.

View More Comments
Reinhard Piltz
Reinhard Piltz November 23, 2016

Hi Jonas,
thanks for the answer.

1. The original configuration files are used
2. All https changes were taken from old 1:1 
3. No Apache mod_proxy is used
4. no other web server is running on the application server
5. only the redirecport is changed 

This is my server.xml:

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">

<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false">

<Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-
INF/classes/log4j.properties -->
<Manager pathname="" />
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
</Context>
</Host>

</Engine>

<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->

<Connector port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8"
keystorePass="xxxxxxxxxxxxxxxxxxxxxxxx"
keystoreFile="e:\sslkey\keystore"/>

</Service>
</Server>

Like
Reply
0 votes
Reinhard Piltz
Reinhard Piltz November 24, 2016

Solution

Your own CA certificates must be imported into cacerts.

Where is the file: <CONFLUENCE_INSTALLATION>/confluence/jre/lib/security/cacerts

How dos it work: https://docs.microsoft.com/en-us/azure/java-add-certificate-ca-store

If as windows service, then the following entries supplement

-Djavax.net.ssl.trustStore=path to your keystore file
-Djavax.net.ssl.trustStorePassword=keystore password

image2016-11-25 14:25:38.png

 

For Linux, enter in the sentenv.sh

 

Before a Wiki Stop Caollaborative Editing off, turn on after the start manually

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events