we have a confluence 3.5 installation that works fine, if accessed directly; login via html form.
We are now trying to access it via apache reverse proxy. We would like login for confluence to be independent (via html form) from the login to reverse proxy (basic auth). What happens, though, is that confluence is trying to process (unsuccessfully) the basic auth header from the reverse proxy, and the user gets 401. In confluence log I see these messages:
2011-07-08 15:33:18,582 INFO [http-8081-30] [confluence.security.login.DefaultLoginManager] onFailedLoginAttempt
Failed login attempt for user 'firstname.lastname@example.org':
Request URL: http://10.9.36.50:8081/confluence/
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
Remote Address: 184.108.40.206
We don't want to touch anything in the reverse proxy, or tomcat (as there are other applications running under it); is it possible to do something inside the confluence installation to force it to ignore the authentication request from the reverse proxy?
This is super freaking old thread, but for anyone else who's come here with this issue. The work around is to unset the Authorization header when using Apache2 as a reverse proxy.
RequestHeader unset Authorization
The same can be done with NGiNX
proxy_set_header Authorization "";
This works great and solves the issue.
However, if your confluence installation allows anonymous access, and the authentication used with NGiNX/Apache2 isn't the same as Confluence. You'll run into pop-ups for specific elements.
For instance the following link "rest/mywork/latest/status/notification/new"
<status> <status-code>401</status-code> <message> Client must be authenticated to access this resource. </message> </status>
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG