It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Reverse Proxy Issues with Synchrony (using SSL) - Using Apache Server Edited

Fr0zt May 23, 2018

Hello.
I am Working with Atlassian Applications.
I have a machine, where I have installed:
- Jira v7.3.9 + Jira Service Desk v3.5.3
- Confluence v6.7.1
- Apache HTTP Server v2.4.33

Initially I was able to access both apps like this:
JIRA -> http://hostname:8080
Confluence -> http://hostname:8090

However I configured APache HTTPServer (reverse proxy) so that I could access both of the apps like this:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

And I can confirm that I can access both apps, like this.

-> This are my connectors, in Jira server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8080" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true"
keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my connectors, in Confluence server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8090" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>

<Connector port="9443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https"
secure="true" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true" URIEncoding="UTF-8"
keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my virtualhosts, in Apache httpd.conf:

<VirtualHost *:80>

ServerName servicedesk.domain.com
Redirect permanent / https://servicedesk.domain.com

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

</VirtualHost>
<VirtualHost *:80>
ServerName kb.domain.com
Redirect permanent / https://kb.domain.com

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

ProxyPass /synchrony http://hostname:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
</Location>

</VirtualHost>

 -> This are my virtualhosts, in Apache httpd-ssl.conf:

<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName servicedesk.domain.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.com.crt"
SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0


CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:8443/
ProxyPassReverse / https://hostname:8443/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName kb.savethechildren.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.com.crt"
SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:9443/
ProxyPassReverse / https://hostname:9443/
</VirtualHost>

Now, I followed some Atlassian posts off how to do this:
https://confluence.atlassian.com/confeap/administering-collaborative-editing-847355676.html
https://confluence.atlassian.com/confeap/using-apache-with-mod_proxy-480346967.html

https://community.atlassian.com/t5/Confluence-questions/Synchrony-behind-Apache-2-4-over-SSL-does-not-work/qaq-p/282154

At this point I can access both Jira and COnfluence through this urls:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

My issue is that I cannot edit documents in Confluence due to a synchrony error.
When I try edit a document I get:


" VM420:1705 WebSocket connection to 'wss://kb.domain.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200
VM420:540 Synchrony: Warning: reconnect (Transport.handshakeOverXhr: ws connection failed, and cross-origin-long-polling is disabled) ".

 

I think It's because my APache config and I missing something for Synchrony.
In the last weeks, I have tried a lot of things but I still couldn't do this.

Can anyone help me with this please?

2 answers

0 votes
Sarath Sasi May 23, 2018

Please try adding this in your apache.

 


<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://ipaddress:synchronyport%{REQUEST_URI} [P]
</Location>

Fr0zt May 24, 2018

Hello.

Do you mean adding it inside the <VirtualHost:80> or inside the <Virtualhost:443> ?

Thanks,

Sarath Sasi May 24, 2018

Just add this in 443.Hope your 80 port will redirect 443.

Sarath Sasi May 24, 2018

Is this helped?

Fr0zt May 25, 2018

 I try adding that to my <Virtualhost:443>, but I still have the same issue.

Now It looks like this:

 

#Confluence
<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName kb.domain.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.it.crt"
SSLCertificateKeyFile "c:/certification/domain.it.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:9443/
ProxyPassReverse / https://hostname:9443/

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
</Location>


</VirtualHost>

 

Do you have any more ideas about this issue?

Sarath Sasi May 28, 2018

Hi,

 

1.In the network tab can you filter with bayeux and see what is the response code.For synchrony to work this should give 101 response.

2.Are you hosting synchrony in same machine,if yes have to trouble shoot whether the port is open and any other error from synchrony log.

Aleksandr Gekht Jul 09, 2018

Hey! Have you managed to resolve the issue? I'm struggling with the same thing at the moment.

Sarath Sasi Jul 09, 2018

What is the exact issue you are facing?

Aleksandr Gekht Jul 09, 2018 • edited

I'm having the exact same issue that the OP is talking about:

 

WebSocket connection to 'wss://confluence.example.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200
Sarath Sasi Jul 09, 2018

What proxy you have infront of confluence?.Are you running synchrony in same server.

Aleksandr Gekht Jul 09, 2018 • edited

Ok, I now found the solution.  I had to enable ws proxy module in apache :)  RTFM :)

0 votes
Stephen Bancroft Sep 13, 2018 • edited

yep, that fixed it for me as well. 

# a2enmod proxy_wstunnel
# systemctl restart apache2

 

Fr0zt Sep 14, 2018

Can you share your apache files here please.

Stephen Bancroft Sep 16, 2018

There is a bunch of stuff for other Atlassian apps in my Apache config but this is the relevant part for Synchrony.

 ProxyPass /synchrony http://localhost:8091/synchrony
ProxyPassReverse /synchrony http://localhost:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Published in Jira

Try Jira Cloud for Outlook: Organize your work without leaving your inbox

Hi Atlassian community, My name is Max and I work on the product integration team at Atlassian. I am pleased to announce the early access program for the Jira Cloud add-in for Outlook. This add-in...

1,151 views 2 13
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you