I just freshly installed the confluence. And I am able to do everything fine with the standard HTTP connector including login. Then I follow the document to setup the Nginx reverse proxy. After that, I am still able to access the page, However, whenever I log in, the page shows
The following error(s) occurred:
However, I am sure that the password is correct.
I have also follows the KB below to change the connector settings but no luck.
Nginx Config
server {
listen 443 default ssl;
ssl_certificate /etc/cert/fullchain.pem;
ssl_certificate_key /etc/cert/key.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RS$
ssl_prefer_server_ciphers on;
location /confluence {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/confluence;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Server.xml
<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" proxyName="confluence.greenradar.com" proxyPort="443"/>
<Engine name="Standalone" defaultHost="localhost" debug="0">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="/confluence" docBase="../confluence" debug="0" reloadable="false">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>
<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>
Hi Angus,
referring to the initial config that denied you any login - was there something visible from logs?
I understood the frontend is throwing a more generic error message - I am only wondering if there is something more specific available from backends (server logs).
Thanks in advance!
Cheers,
Daniel
Hi Daniel,
After I read the nginx access logs, I found that there is no corresponding logs inside, neither the error log. With this information, I dig the DNS record and found that there is another identical A record but pointing to the other machine which also installed a confluence instance. And I was accessing that instance all the time. Thats why I cannot login to the confluence after changed to the nginx proxy using that particular server_name.......
But anyway, thanks for pointing out the logs and eventually get me to here and found out the cause.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear @Angus Wong ,
please have a look at my article. There is a listing for a 100% working nginx reverse proxy configuration. Eventually, this will fix your problem.
It is written for Jira but should also work for Confluence. Just add the section for synchrony.
So long
Thomas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I tried your Nginx in the article but seems not working in my case.
Below is my new Nginx config
server {
listen 443 ssl http2;
server_name confluence.greenradar.com;
ssl_certificate /etc/cert/greenradar-fullchain.pem;
ssl_certificate_key /etc/cert/greenradar.key;
keepalive_timeout 70;
ssl_session_timeout 1d;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
large_client_header_buffers 4 32k;
gzip on;
gzip_min_length 10240;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
location /confluence {
client_max_body_size 30M;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/confluence;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
Now the page only shows the CentOS welcome page. Also, I observed that you changed from HTTP1.1 to HTTP2, am I suppose to change the protocol in the server.xml Tomcat connector as well?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.