Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

nginx reverse proxy https access to confluence causes redirect loop

Zsolt Palotai
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
February 28, 2013

Our group is using the following atlassian products: JIRA, Confluence, Fisheye, Bamboo, Crowd with single sign on.

To provide secure access from public networks, we would like to use nginx as a reverse proxy providing https access. So far we have managed to configure JIRA, Bamboo and Fisheye to work with nginx. Our basic configuration for the applications is the following:

server {

server_name <server_name>;

listen 80;

listen 443 ssl;

ssl_certificate <path_to_certificate> ;

ssl_certificate_key <path_to_certificate_key> ;

location ^~ /bamboo {

if ($ssl_protocol = ) {

return 301 https://$server_name$request_uri;

}

proxy_set_header X-Forwarded-Host $host;

proxy_set_header X-Forwarded-Server $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://localhost:8085;

}

(all application has a location section almost identical to the one above, with the exception of the local port and location prefix)

Unfortunately we ran into a problem when we reconfigured Confluence to work in this fashion. The tomcat server used by confluence produces a redirect loop. The most puzzling in this is that, it redirect to a url that is in no way set in any of Confluence's configuration files, and I couldn't find a reference to it in Confluence's database.

Confluence's Connector in <confluence_install>/conf/server.xml is the following:

<connector <="" p="">

acceptCount=100

connectionTimeout=20000

disableUploadTimeout=true

enableLookups=false

maxHttpHeaderSize=8192

maxSpareThreads=75

maxThreads=150

minSpareThreads=25

port=8090

protocol=HTTP/1.1

useBodyEncodingForURI=true

scheme=https

proxyName=<proxy_name>

proxyPort=443/>

Context configuration on the same file is the following:

<context path="/confluence" docbase="../confluence" debug="1" reloadable="false" usehttponly="true">

<manager pathname="/">

<resource name="mail/GmailSMTPServer" <="" p="">

auth=Container

type=javax.mail.Session

mail.smtp.host=<smtp_host>

mail.smtp.port=<smtp_port>

mail.smtp.auth=true

mail.smtp.user=<user>

password=<password>

mail.smtp.starttls.enable=true

mail.transport.protocol=smtp

mail.smtp.socketFactory.class=javax.net.SocketFactory

/>

<resource name="jdbc/confDS" <="" p="">

auth=Container

type=javax.sql.DataSource

username=<username>

password=<password>

maxActive=100

maxIdle=10

driverClassName=org.postgresql.Driver

url=<jdbc_url>

validationQuery=Select 1

/>

</context>

What could cause the redirect loop ?

3 answers

1 accepted

0 votes
Answer accepted
Zsolt Palotai
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 28, 2013
The http connector that Tomcat uses had to be marked as secure with secure="true". Otherwise, it redirected to https, which in turn was redirected to the http port by nginx, thus causing the redirect loop.
1 vote
Deleted user September 13, 2014
Add this to the server.xml:
     secure="true"
     scheme="https"
     proxyName="mycompany.com"
     proxyPort="443"
0 votes
LucasA
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 16, 2013

Note that the application cannot be configured to handle SSL connection (each application will work in one port, without SSL support). The only part that will work with SSL support is the NGINX when talking to the world, not with your local network.

[Apps] ---->> HTTP ----->>[NGINX]-------->>HTTPS------->>(World).

Lucas Lima

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events