Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

  • Global
  • Personal

Recognition

  • Give kudos
  • Received
  • Given

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Unable to login after using Nginx HTTPS proxy Edited

I just freshly installed the confluence. And I am able to do everything fine with the standard HTTP connector including login. Then I follow the document to setup the Nginx reverse proxy. After that, I am still able to access the page, However, whenever I log in, the page shows 

The following error(s) occurred:

  • Please re-enter your login details and type in the word below

However, I am sure that the password is correct.

I have also follows the KB below to change the connector settings but no luck.

https://confluence.atlassian.com/confkb/no-users-are-able-to-log-into-confluence-after-an-upgrade-840699439.html

Nginx Config

server {

listen 443 default ssl;
ssl_certificate /etc/cert/fullchain.pem;
ssl_certificate_key /etc/cert/key.key;

ssl_session_timeout 5m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RS$
ssl_prefer_server_ciphers on;

location /confluence {
client_max_body_size 100m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/confluence;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 

Server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
<Service name="Tomcat-Standalone">

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" proxyName="confluence.greenradar.com" proxyPort="443"/>

<Engine name="Standalone" defaultHost="localhost" debug="0">
<Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
<Context path="/confluence" docBase="../confluence" debug="0" reloadable="false">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>

<Context path="${confluence.context.path}/synchrony-proxy" docBase="../synchrony-proxy" debug="0"
reloadable="false" useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>

 

2 answers

0 votes
Thomas Deiler Community Leader Dec 11, 2020

Dear @Angus Wong ,

please have a look at my article. There is a listing for a 100% working nginx reverse proxy configuration. Eventually, this will fix your problem.

It is written for Jira but should also work for Confluence. Just add the section for synchrony.

So long

Thomas

I tried your Nginx in the article but seems not working in my case.

 

Below is my new Nginx config

server {

listen 443 ssl http2;
server_name confluence.greenradar.com;
ssl_certificate /etc/cert/greenradar-fullchain.pem;
ssl_certificate_key /etc/cert/greenradar.key;
keepalive_timeout 70;
ssl_session_timeout 1d;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:10m;
large_client_header_buffers 4 32k;
gzip on;
gzip_min_length 10240;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;

location /confluence {
client_max_body_size 30M;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8090/confluence;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
}
location /synchrony {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8091/synchrony;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}

 

Now the page only shows the CentOS welcome page. Also, I observed that you changed from HTTP1.1 to HTTP2, am I suppose to change the protocol in the server.xml Tomcat connector as well?

Thomas Deiler Community Leader Dec 15, 2020

Dear @Angus Wong ,

like Daniel wrote - any interesting in the log files found?

So long

Thomas

0 votes
Daniel Ebers Community Leader Dec 12, 2020

Hi Angus,

referring to the initial config that denied you any login - was there something visible from logs?

I understood the frontend is throwing a more generic error message - I am only wondering if there is something more specific available from backends (server logs).

Thanks in advance!

Cheers,
Daniel

Hi Daniel,

 

After I read the nginx access logs, I found that there is no corresponding logs inside, neither the error log. With this information, I dig the DNS record and found that there is another identical A record but pointing to the other machine which also installed a confluence instance. And I was accessing that instance all the time. Thats why I cannot login to the confluence after changed to the nginx proxy using that particular server_name.......

 

But anyway, thanks for pointing out the logs and eventually get me to here and found out the cause.

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
7.9.1
TAGS
Community showcase
Published in Confluence

Announcing Team Calendars in Confluence Data Center

Hi Community! We're thrilled to share that Team Calendars for Confluence is now a built-in feature for Confluence Data Center releases 7.11 and beyond.  A long time favorite,  Team Cale...

59 views 0 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you