Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Unable to login after using Nginx HTTPS proxy

Angus Wong
Angus Wong December 11, 2020

I just freshly installed the confluence. And I am able to do everything fine with the standard HTTP connector including login. Then I follow the document to setup the Nginx reverse proxy. After that, I am still able to access the page, However, whenever I log in, the page shows 

The following error(s) occurred:

  • Please re-enter your login details and type in the word below

However, I am sure that the password is correct.

I have also follows the KB below to change the connector settings but no luck.

https://confluence.atlassian.com/confkb/no-users-are-able-to-log-into-confluence-after-an-upgrade-840699439.html

Nginx Config

server {

listen 443 default ssl;
ssl_certificate /etc/cert/fullchain.pem;
ssl_certificate_key /etc/cert/key.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RS$
ssl_prefer_server_ciphers on;

location /confluence {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/confluence;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 

Server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" proxyName="confluence.greenradar.com" proxyPort="443"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="/confluence" docBase="../confluence" debug="0" reloadable="false">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>

 

Answer
Watch
Like rafael.medina likes this
4134 views

2 answers

0 votes
Daniel Ebers
Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 12, 2020

Hi Angus,

referring to the initial config that denied you any login - was there something visible from logs?

I understood the frontend is throwing a more generic error message - I am only wondering if there is something more specific available from backends (server logs).

Thanks in advance!

Cheers,
Daniel

View More Comments
Angus Wong
Angus Wong December 15, 2020

Hi Daniel,

 

After I read the nginx access logs, I found that there is no corresponding logs inside, neither the error log. With this information, I dig the DNS record and found that there is another identical A record but pointing to the other machine which also installed a confluence instance. And I was accessing that instance all the time. Thats why I cannot login to the confluence after changed to the nginx proxy using that particular server_name.......

 

But anyway, thanks for pointing out the logs and eventually get me to here and found out the cause.

Like
Reply
0 votes
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 11, 2020

Dear @Angus Wong ,

please have a look at my article. There is a listing for a 100% working nginx reverse proxy configuration. Eventually, this will fix your problem.

It is written for Jira but should also work for Confluence. Just add the section for synchrony.

So long

Thomas

View More Comments
Angus Wong
Angus Wong December 11, 2020

I tried your Nginx in the article but seems not working in my case.

 

Below is my new Nginx config

server {

listen 443 ssl http2;
server_name confluence.greenradar.com;
ssl_certificate /etc/cert/greenradar-fullchain.pem;
ssl_certificate_key /etc/cert/greenradar.key;
keepalive_timeout 70;
ssl_session_timeout 1d;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
large_client_header_buffers 4 32k;
gzip on;
gzip_min_length 10240;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;

location /confluence {
client_max_body_size 30M;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/confluence;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 

Now the page only shows the CentOS welcome page. Also, I observed that you changed from HTTP1.1 to HTTP2, am I suppose to change the protocol in the server.xml Tomcat connector as well?

Like
Thomas Deiler
Thomas Deiler
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 15, 2020

Dear @Angus Wong ,

like Daniel wrote - any interesting in the log files found?

So long

Thomas

Like
Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
DEPLOYMENT TYPE
SERVER
VERSION
7.9.1
TAGS
AUG Leaders

Atlassian Community Events

    See all events