It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Reverse Proxy Issues with Synchrony (using SSL) - Using Apache Server Edited

Hello.
I am Working with Atlassian Applications.
I have a machine, where I have installed:
- Jira v7.3.9 + Jira Service Desk v3.5.3
- Confluence v6.7.1
- Apache HTTP Server v2.4.33

Initially I was able to access both apps like this:
JIRA -> http://hostname:8080
Confluence -> http://hostname:8090

However I configured APache HTTPServer (reverse proxy) so that I could access both of the apps like this:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

And I can confirm that I can access both apps, like this.

-> This are my connectors, in Jira server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8080" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>

<Connector SSLEnabled="true" acceptCount="100" clientAuth="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxSpareThreads="75" maxThreads="150" minSpareThreads="25" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" sslProtocol="TLS" useBodyEncodingForURI="true"
keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my connectors, in Confluence server.xml:

 <Connector acceptCount="100" bindOnInit="false" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
port="8090" protocol="HTTP/1.1" useBodyEncodingForURI="true"/>

<Connector port="9443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https"
secure="true" clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true" URIEncoding="UTF-8"
keyAlias="my_alias" keystoreFile="C:\Program Files\Atlassian\file.pfx" keystorePass="changeit" keystoreType="JKS"/>

-> This are my virtualhosts, in Apache httpd.conf:

<VirtualHost *:80>

ServerName servicedesk.domain.com
Redirect permanent / https://servicedesk.domain.com

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

</VirtualHost>
<VirtualHost *:80>
ServerName kb.domain.com
Redirect permanent / https://kb.domain.com

ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
Require all granted
</Proxy>

ProxyPass /synchrony http://hostname:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
</Location>

</VirtualHost>

 -> This are my virtualhosts, in Apache httpd-ssl.conf:

<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName servicedesk.domain.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.com.crt"
SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0


CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:8443/
ProxyPassReverse / https://hostname:8443/
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName kb.savethechildren.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.com.crt"
SSLCertificateKeyFile "c:/certification/domain.com.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:9443/
ProxyPassReverse / https://hostname:9443/
</VirtualHost>

Now, I followed some Atlassian posts off how to do this:
https://confluence.atlassian.com/confeap/administering-collaborative-editing-847355676.html
https://confluence.atlassian.com/confeap/using-apache-with-mod_proxy-480346967.html

https://community.atlassian.com/t5/Confluence-questions/Synchrony-behind-Apache-2-4-over-SSL-does-not-work/qaq-p/282154

At this point I can access both Jira and COnfluence through this urls:
JIRA -> https://servicedesk.domain.com
Confluence -> https://kb.domain.com

My issue is that I cannot edit documents in Confluence due to a synchrony error.
When I try edit a document I get:


" VM420:1705 WebSocket connection to 'wss://kb.domain.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200
VM420:540 Synchrony: Warning: reconnect (Transport.handshakeOverXhr: ws connection failed, and cross-origin-long-polling is disabled) ".

 

I think It's because my APache config and I missing something for Synchrony.
In the last weeks, I have tried a lot of things but I still couldn't do this.

Can anyone help me with this please?

2 answers

Please try adding this in your apache.

 


<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://ipaddress:synchronyport%{REQUEST_URI} [P]
</Location>

Hello.

Do you mean adding it inside the <VirtualHost:80> or inside the <Virtualhost:443> ?

Thanks,

Just add this in 443.Hope your 80 port will redirect 443.

Is this helped?

 I try adding that to my <Virtualhost:443>, but I still have the same issue.

Now It looks like this:

 

#Confluence
<VirtualHost *:443>
DocumentRoot "c:/Apache24/htdocs"
ServerName kb.domain.it
ErrorLog "c:/Apache24/logs/error.log"
TransferLog "c:/Apache24/logs/access.log"
SSLEngine on
SSLCertificateFile "c:/certification/domain.it.crt"
SSLCertificateKeyFile "c:/certification/domain.it.private-key.text"

BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "c:/Apache24/logs/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

SSLProxyEngine On
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / https://hostname:9443/
ProxyPassReverse / https://hostname:9443/

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://hostname:8091%{REQUEST_URI} [P]
</Location>


</VirtualHost>

 

Do you have any more ideas about this issue?

Hi,

 

1.In the network tab can you filter with bayeux and see what is the response code.For synchrony to work this should give 101 response.

2.Are you hosting synchrony in same machine,if yes have to trouble shoot whether the port is open and any other error from synchrony log.

Hey! Have you managed to resolve the issue? I'm struggling with the same thing at the moment.

What is the exact issue you are facing?

I'm having the exact same issue that the OP is talking about:

 

WebSocket connection to 'wss://confluence.example.com/synchrony-proxy/v1/bayeux-sync1' failed: Error during WebSocket handshake: Unexpected response code: 200

What proxy you have infront of confluence?.Are you running synchrony in same server.

Ok, I now found the solution.  I had to enable ws proxy module in apache :)  RTFM :)

yep, that fixed it for me as well. 

# a2enmod proxy_wstunnel
# systemctl restart apache2

 

Can you share your apache files here please.

There is a bunch of stuff for other Atlassian apps in my Apache config but this is the relevant part for Synchrony.

 ProxyPass /synchrony http://localhost:8091/synchrony
ProxyPassReverse /synchrony http://localhost:8091/synchrony

<Location /synchrony>
Require all granted
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
</Location>

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted in Portfolio for Jira

Program managers, we need your help! We want to learn about how you plan work for a team of teams

Hi community members, My name is Erika and I’m a product manager at Atlassian. We’re currently investigating how teams are planning work at the program level. We understand that every team in a tea...

52 views 0 4
Join discussion

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you