Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Reverse Proxy Issues with Synchrony (using SSL) - Using Apache Server

Fr0zt
Fr0zt May 23, 2018

Hello.
I am Working with Atlassian Applications.
I have a machine, where I have installed:
- Jira v7.3.9 + Jira Service Desk v3.5.3
- Confluence v6.7.1
- Apache HTTP Server v2.4.33

Initially I was able to access both apps like this:
JIRA -> http://hostname:8080
Confluence -> http://hostname:8090

However I configured APache HTTPServer (reverse proxy) so that I could access both of the apps like this:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

And I can confirm that I can access both apps, like this.

-> This are my connectors, in Jira server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
 port="8080" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>
 
 <Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443"
 protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true" 
 keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my connectors, in Confluence server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
 port="8090" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>
 
 <Connector port="9443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" 
 protocol="org.apache.coyote.http11.Http11NioProtocol" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https"
 secure="true" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true" URIEncoding="UTF-8" 
 keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my virtualhosts, in Apache httpd.conf:

<VirtualHost *:80>

 ServerName servicedesk.domain.com
 Redirect permanent / https://servicedesk.domain.com

 ProxyRequests Off
 ProxyPreserveHost On
 
 <Proxy *>
 Require all granted
 </Proxy>

</VirtualHost>
<VirtualHost *:80>
 ServerName kb.domain.com
 Redirect permanent / https://kb.domain.com

 ProxyRequests Off
 ProxyPreserveHost On
 
 <Proxy *>
 Require all granted
 </Proxy>

 ProxyPass /synchrony http://hostname:8091/synchrony

 <Location /synchrony>
 Require all granted
 RewriteEngine on
 RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
 RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
 RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
 </Location>
 
</VirtualHost>

 -> This are my virtualhosts, in Apache httpd-ssl.conf:

<VirtualHost *:443>
 DocumentRoot "c:/Apache24/htdocs"
 ServerName servicedesk.domain.it
 ErrorLog "c:/Apache24/logs/error.log"
 TransferLog "c:/Apache24/logs/access.log"
 SSLEngine on
 SSLCertificateFile "c:/certification/domain.com.crt"
 SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

 BrowserMatch "MSIE [2-5]" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0


 CustomLog "c:/Apache24/logs/ssl_request.log" \
 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 SSLProxyEngine On
 ProxyRequests Off
 ProxyPreserveHost On
 ProxyPass / https://hostname:8443/
 ProxyPassReverse / https://hostname:8443/
</VirtualHost>
<VirtualHost *:443>
 DocumentRoot "c:/Apache24/htdocs"
 ServerName kb.savethechildren.it
 ErrorLog "c:/Apache24/logs/error.log"
 TransferLog "c:/Apache24/logs/access.log"
 SSLEngine on
 SSLCertificateFile "c:/certification/domain.com.crt"
 SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

 BrowserMatch "MSIE [2-5]" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0

 CustomLog "c:/Apache24/logs/ssl_request.log" \
 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 SSLProxyEngine On
 ProxyRequests Off
 ProxyPreserveHost On
 ProxyPass / https://hostname:9443/
 ProxyPassReverse / https://hostname:9443/
</VirtualHost>

Now, I followed some Atlassian posts off how to do this:
https://confluence.atlassian.com/confeap/administering-collaborative-editing-847355676.html
https://confluence.atlassian.com/confeap/using-apache-with-mod_proxy-480346967.html

https://community.atlassian.com/t5/Confluence-questions/Synchrony-behind-Apache-2-4-over-SSL-does-not-work/qaq-p/282154

At this point I can access both Jira and COnfluence through this urls:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

My issue is that I cannot edit documents in Confluence due to a synchrony error.
When I try edit a document I get:


" VM420:1705 WebSocket connection to 'wss://kb.domain.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200
VM420:540 Synchrony: Warning: reconnect (Transport.handshakeOverXhr: ws connection failed, and cross-origin-long-polling is disabled) ".

 

I think It's because my APache config and I missing something for Synchrony.
In the last weeks, I have tried a lot of things but I still couldn't do this.

Can anyone help me with this please?

Answer
Watch
Like Be the first to like this
5329 views

2 answers

0 votes
Stephen Bancroft
Stephen Bancroft September 13, 2018

yep, that fixed it for me as well. 

# a2enmod proxy_wstunnel
# systemctl restart apache2

 

View More Comments
Fr0zt
Fr0zt September 14, 2018

Can you share your apache files here please.

Like
Stephen Bancroft
Stephen Bancroft September 16, 2018

There is a bunch of stuff for other Atlassian apps in my Apache config but this is the relevant part for Synchrony.

 ProxyPass /synchrony http://localhost:8091/synchrony
 ProxyPassReverse /synchrony http://localhost:8091/synchrony 

<Location /synchrony>
 Require all granted
 RewriteEngine on
 RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
 RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
 RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
 </Location>
Like
Reply
0 votes
sarath sasi
sarath sasi May 23, 2018

Please try adding this in your apache.

 


<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://ipaddress:synchronyport%{REQUEST_URI} [P]
</Location>

View More Comments
Fr0zt
Fr0zt May 24, 2018

Hello.

Do you mean adding it inside the <VirtualHost:80> or inside the <Virtualhost:443> ?

Thanks,

Like
sarath sasi
sarath sasi May 24, 2018

Just add this in 443.Hope your 80 port will redirect 443.

Like
sarath sasi
sarath sasi May 24, 2018

Is this helped?

Like
Fr0zt
Fr0zt May 25, 2018

 I try adding that to my <Virtualhost:443>, but I still have the same issue.

Now It looks like this:

 

#Confluence
<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName kb.domain.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.it.crt"
SSLCertificateKeyFile "c:/certification/domain.it.private-key.text"

BrowserMatch "MSIE [2-5]" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
CustomLog "c:/Apache24/logs/ssl_request.log" \
 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:9443/
ProxyPassReverse / https://hostname:9443/

 <Location /synchrony>
 Require all granted
 RewriteEngine on
 RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
 RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
 RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
 </Location>


</VirtualHost>

 

Do you have any more ideas about this issue?

Like
sarath sasi
sarath sasi May 28, 2018

Hi,

 

1.In the network tab can you filter with bayeux and see what is the response code.For synchrony to work this should give 101 response.

2.Are you hosting synchrony in same machine,if yes have to trouble shoot whether the port is open and any other error from synchrony log.

Like
Aleks G
Aleks G July 9, 2018

Hey! Have you managed to resolve the issue? I'm struggling with the same thing at the moment.

Like
sarath sasi
sarath sasi July 9, 2018

What is the exact issue you are facing?

Like
Aleks G
Aleks G July 9, 2018

I'm having the exact same issue that the OP is talking about:

 

WebSocket connection to 'wss://confluence.example.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200
Like
sarath sasi
sarath sasi July 9, 2018

What proxy you have infront of confluence?.Are you running synchrony in same server.

Like
Aleks G
Aleks G July 9, 2018

Ok, I now found the solution.  I had to enable ws proxy module in apache :)  RTFM :)

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira Software
TAGS
AUG Leaders

Atlassian Community Events

    See all events