Hello
I want to enable collaborative editing in Confluence with internal synchrony-proxy behind a reverse proxy.
What I did:
in setenv.sh:
CATALINA_OPTS="-Dsynchrony.enable.xhr.fallback=true ${CATALINA_OPTS}"
CATALINA_OPTS="-Dsynchrony.host=<internal ip> ${CATALINA_OPTS}"
CATALINA_OPTS="-Dsynchrony.service.url=http://<internal ip>:8091/synchrony/v1 ${CATALINA_OPTS}"
CATALINA_OPTS="-Dsynchrony.proxy.enabled=true ${CATALINA_OPTS}"
in confluence.cfg.xml:
<property name="synchrony.proxy.enabled">true</property>
I'm not sure wich one is the right place because of https://jira.atlassian.com/browse/CONFSERVER-45728
It says, that it is already fixed, but i'm not sure, if it is really working.
Although, http://<internal ip>:8090/synchrony-proxy/healthcheck gives me a output.
synchrony is started with these options (only the relevant as far as I understand, if I'm missing some relevant, just tell me):
-Dsynchrony.bind=<internal ip> -Dsynchrony.service.url=https://<external name>/synchrony-proxy
What I'm unsure about is the context path in the synchrony.service.url that is given to synchrony. should it be /synchrony or /synchrony-proxy?
It's not working in both cases.
In the latter case, the collaborative editing page in confluence takes very long to load, and also for switching CE on. but editing at all is not working, there is this spinner icon forever. In synchrony log, nothing appears.
When using /synchrony, I see this message in synchrony log as soon as i switch on CE: synchrony.http [warn] Secret request made from outside IP whitelist
I'm not sure what this means, and if it is relevant at all, cause it's only a warning. Editing at all is not possible in this case. Also spinner forever
I've checked already https://confluence.atlassian.com/doc/troubleshooting-collaborative-editing-858772087.html, and all that is mentioned there is fine.
I guess I have just some misconfiguration, I can't see. Can anyone help me with that?
It`s not clear what reverse proxy you are using. Apache, Nginx?
Have a look at https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html
There is no need for changes to CATALINA_OPTS or confluence.cfg.xml.
To my understanding when not using the reverse proxy (like apache or nginx) the Atlassian /synchrony-proxy is what kicks in an proxies synchrony for you.
Oh, and you`ll need to scroll down to:
"If you're using Confluence 6.0 or..."
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thx for your answer, Lars.
The problem is not about setting up reverse proxy, as this is already done and working. What I want is to set up synchrony with synchrony-proxy in confluence behind a reverse proxy as shown here: https://confluence.atlassian.com/doc/administering-collaborative-editing-858772086.html#AdministeringCollaborativeEditing-ProxyandSSLconsiderationsproxy in section 'With a reverse proxy'
What i'm unsure about is the synchrony service url passed on synchrony startup. The rest of the settings are fine, I think, as confluence itself reports, that it is able to talk to synchrony.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you are using a reverse proxy, why don´t you want that proxy to also handle the upgrade the upgrade of the connection to websocket?
It`s only a few lines in your apache or nxinx config.
Here is mine for apache:
<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I had the wrong idea, that this would require me to open another pport on firewall. But after reading again I don't need this, as far as I understand. I will give it a try.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
No, you will not have to make any changes to the firewall.
You simply make your existing reverse proxy also a proxy to the synchrony service.
If you were able to figure it out, please mark the question as solved.
-Lars
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.