Reverse Proxy Issues with Synchrony (using SSL) - Using Apache Server Edited

Hello.
I am Working with Atlassian Applications.
I have a machine, where I have installed:
- Jira v7.3.9 + Jira Service Desk v3.5.3
- Confluence v6.7.1
- Apache HTTP Server v2.4.33

Initially I was able to access both apps like this:
JIRA -> http://hostname:8080
Confluence -> http://hostname:8090

However I configured APache HTTPServer (reverse proxy) so that I could access both of the apps like this:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

And I can confirm that I can access both apps, like this.

-> This are my connectors, in Jira server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8080" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true"
keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my connectors, in Confluence server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8090" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>

<Connector port="9443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https"
secure="true" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true" URIEncoding="UTF-8"
keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my virtualhosts, in Apache httpd.conf:

<VirtualHost *:80>

ServerName servicedesk.domain.com
Redirect permanent / https://servicedesk.domain.com

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

</VirtualHost>
<VirtualHost *:80>
ServerName kb.domain.com
Redirect permanent / https://kb.domain.com

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

ProxyPass /synchrony http://hostname:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
</Location>

</VirtualHost>

 -> This are my virtualhosts, in Apache httpd-ssl.conf:

<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName servicedesk.domain.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.com.crt"
SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0


CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:8443/
ProxyPassReverse / https://hostname:8443/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName kb.savethechildren.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.com.crt"
SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:9443/
ProxyPassReverse / https://hostname:9443/
</VirtualHost>

Now, I followed some Atlassian posts off how to do this:
https://confluence.atlassian.com/confeap/administering-collaborative-editing-847355676.html
https://confluence.atlassian.com/confeap/using-apache-with-mod_proxy-480346967.html

https://community.atlassian.com/t5/Confluence-questions/Synchrony-behind-Apache-2-4-over-SSL-does-not-work/qaq-p/282154

At this point I can access both Jira and COnfluence through this urls:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

My issue is that I cannot edit documents in Confluence due to a synchrony error.
When I try edit a document I get:


" VM420:1705 WebSocket connection to 'wss://kb.domain.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200
VM420:540 Synchrony: Warning: reconnect (Transport.handshakeOverXhr: ws connection failed, and cross-origin-long-polling is disabled) ".

 

I think It's because my APache config and I missing something for Synchrony.
In the last weeks, I have tried a lot of things but I still couldn't do this.

Can anyone help me with this please?

2 answers

Please try adding this in your apache.

 


<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://ipaddress:synchronyport%{REQUEST_URI} [P]
</Location>

Hello.

Do you mean adding it inside the <VirtualHost:80> or inside the <Virtualhost:443> ?

Thanks,

Just add this in 443.Hope your 80 port will redirect 443.

Is this helped?

 I try adding that to my <Virtualhost:443>, but I still have the same issue.

Now It looks like this:

 

#Confluence
<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName kb.domain.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.it.crt"
SSLCertificateKeyFile "c:/certification/domain.it.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:9443/
ProxyPassReverse / https://hostname:9443/

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
</Location>


</VirtualHost>

 

Do you have any more ideas about this issue?

Hi,

 

1.In the network tab can you filter with bayeux and see what is the response code.For synchrony to work this should give 101 response.

2.Are you hosting synchrony in same machine,if yes have to trouble shoot whether the port is open and any other error from synchrony log.

Hey! Have you managed to resolve the issue? I'm struggling with the same thing at the moment.

What is the exact issue you are facing?

I'm having the exact same issue that the OP is talking about:

 

WebSocket connection to 'wss://confluence.example.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200

What proxy you have infront of confluence?.Are you running synchrony in same server.

Ok, I now found the solution.  I had to enable ws proxy module in apache :)  RTFM :)

yep, that fixed it for me as well. 

# a2enmod proxy_wstunnel
# systemctl restart apache2

 

Can you share your apache files here please.

There is a bunch of stuff for other Atlassian apps in my Apache config but this is the relevant part for Synchrony.

 ProxyPass /synchrony http://localhost:8091/synchrony
ProxyPassReverse /synchrony http://localhost:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Thursday in Jira

Updates to jira.atlassian.com give you visibility into what's coming in Jira Server and Data Center

Hello, Community! My name is Gosia and I'm a Product Manager on Jira Server and Data Center here at Atlassian. Since 2002 when we launched our public issue tracker, jira.atlass...

480 views 1 14
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you