Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,363,018
Community Members
 
Community Events
168
Community Groups

nginx reverse proxy https access to confluence causes redirect loop

Our group is using the following atlassian products: JIRA, Confluence, Fisheye, Bamboo, Crowd with single sign on.

To provide secure access from public networks, we would like to use nginx as a reverse proxy providing https access. So far we have managed to configure JIRA, Bamboo and Fisheye to work with nginx. Our basic configuration for the applications is the following:

server {

server_name <server_name>;

listen 80;

listen 443 ssl;

ssl_certificate <path_to_certificate> ;

ssl_certificate_key <path_to_certificate_key> ;

location ^~ /bamboo {

if ($ssl_protocol = ) {

return 301 https://$server_name$request_uri;

}

proxy_set_header X-Forwarded-Host $host;

proxy_set_header X-Forwarded-Server $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://localhost:8085;

}

(all application has a location section almost identical to the one above, with the exception of the local port and location prefix)

Unfortunately we ran into a problem when we reconfigured Confluence to work in this fashion. The tomcat server used by confluence produces a redirect loop. The most puzzling in this is that, it redirect to a url that is in no way set in any of Confluence's configuration files, and I couldn't find a reference to it in Confluence's database.

Confluence's Connector in <confluence_install>/conf/server.xml is the following:

<connector <="" p="">

acceptCount=100

connectionTimeout=20000

disableUploadTimeout=true

enableLookups=false

maxHttpHeaderSize=8192

maxSpareThreads=75

maxThreads=150

minSpareThreads=25

port=8090

protocol=HTTP/1.1

useBodyEncodingForURI=true

scheme=https

proxyName=<proxy_name>

proxyPort=443/>

Context configuration on the same file is the following:

<context path="/confluence" docbase="../confluence" debug="1" reloadable="false" usehttponly="true">

<manager pathname="/">

<resource name="mail/GmailSMTPServer" <="" p="">

auth=Container

type=javax.mail.Session

mail.smtp.host=<smtp_host>

mail.smtp.port=<smtp_port>

mail.smtp.auth=true

mail.smtp.user=<user>

password=<password>

mail.smtp.starttls.enable=true

mail.transport.protocol=smtp

mail.smtp.socketFactory.class=javax.net.SocketFactory

/>

<resource name="jdbc/confDS" <="" p="">

auth=Container

type=javax.sql.DataSource

username=<username>

password=<password>

maxActive=100

maxIdle=10

driverClassName=org.postgresql.Driver

url=<jdbc_url>

validationQuery=Select 1

/>

</context>

What could cause the redirect loop ?

3 answers

1 accepted

0 votes
Answer accepted
The http connector that Tomcat uses had to be marked as secure with secure="true". Otherwise, it redirected to https, which in turn was redirected to the http port by nginx, thus causing the redirect loop.
Add this to the server.xml:
     secure="true"
     scheme="https"
     proxyName="mycompany.com"
     proxyPort="443"
0 votes
LucasA Rising Star Mar 16, 2013

Note that the application cannot be configured to handle SSL connection (each application will work in one port, without SSL support). The only part that will work with SSL support is the NGINX when talking to the world, not with your local network.

[Apps] ---->> HTTP ----->>[NGINX]-------->>HTTPS------->>(World).

Lucas Lima

Suggest an answer

Log in or Sign up to answer
TAGS

Atlassian Community Events