how to host confluence with apache/tomcat, behind a firewall on 8090. whatTheFrenchtoast.

Here's the goal:

Host Confluence/Jira/Possibly GreenHopper on my own machine, expose it through apache and make it accessible only to my team, for who i'll have created usernames/passwords. Right now this is all in the see-how-it-feels stage, but from my experiences with jira in the past, i'm sure i'm going to love confluence. I want to eventually host all my code on an internal server, and the apps there, and only have the website avaible on a godaddy site. [if it really is a better practice to pay to have the apps hosted elsewhere, please, more senior devs, give me your wisdom. I want input from guys who've done this because i'm just starting out (at hosting these things, not developing in general)and I don't really know what I'm doing.] I know that later i'll want to have a legit db attached to this instance, and i'll come around to that when it's time but for now i just want to be able to show my team they can go to a url(my server's static IP) and hit this 'internal' instance of confluence and show them how damn useful this kind of product can be for us.

I do not really understand how to expose confluence to outside acces in this way.

Here's the problem:

I'm a complete and utter n00b in this area. I'm more than willing to learn, I really want to. I just do not even know what questions to ask.

I notice there is what looks to be an instance of tomcat with my trial version of Confluence..

Did i even need to download tomcat seperately then? I assume not, after hours of tinkering.

Do i need to do some wild config file changes to get this thing working?

Aside from opening that port on the machine the outside world, what have i forgotten to do? I've already messed around in my router making sure that any ports requested from the outside 8090 hit my local 8090, and I added a rule in my firewall(not sure if this is redundant or not, noob here) I do actually have apache running on 80 but I don't really understand how to like, forward requests from 80, to 8090 where on my localhost, confluence is available. I also have an instance of tomcat up and running on its own, but it seems totally independent of confluence.

Seriously anyone who reads this far, you probably don't want to waste your time holding my hand all the way through and i can appreciate that, i don't want others to do my research for me either but i'm kind of churning here. Even just keywords along the lines of 'if you know about this hosting/ip/service/ concept, it might be wildly helpful' would be .... wildly helpful..

Seriously any help would be fantasmagorical. I love you internet dwellers. Thanks in advance!

2 answers

1 accepted

I cannot get it to work, as http://fourthwallstudios/intranet which would be awesome.

this will need to be done using a ProxyPass / ProxyPassReverse setup

i.e.

<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine On
ProxyRequests           Off
ProxyPreserveHost       On
ProxyPass               /intranet           http://localhost:8090/confluence
ProxyPassReverse        /intranet           http://localhost:8090/confluence

you will reach your installation by calling http://yourHost/intranet cause the apache adresses this request to localhost:8090/confluence <- where your installation is running at

if you don't want to mess arround with opening http ports for the applications i suggest to use AJP connector and point all request like shown above to it. then all communication between Front (Webserver) and Back (Application) is handled internally only. No need to access :8090 via http directly.

the config will be the same...but place ajp where http is.

i.e. ajp://localhost:8090/confluence

the app itself must be configured to use this connector (server.xml)

with that kind of setup you only need to allow accessing http://yourHost/intranet

Faysal, thank you so much for your info! I'm still tweaking the settings and I'm sure ill have more questions as I go along, but thank you for your replies! They really help!

I'm still figuring this out, but it might be a while until I get the whole network setting part cooperating so for the moment, I'll close the issue. Thanks everyone for all your help! It was invaluable!

Hallo arcanevibe

Have you configured Confluence to allow "anonymous" access? That will make sure that "everyone" can see the wiki, provided they are on your network. In other words, people won't need a Confluence username and password. Here are the docs:

https://confluence.atlassian.com/display/DOC/Setting+Up+Public+Access

To answer the question about Tomcat: You don't need to download and install Tomcat separately. Provided you use the default Confluence installer, it comes with Tomcat and installs it for you.

Cheers

Sarah

Hi Sarah,

Thanks so much for your reply! Actually, what I'm trying to do is only allow access to my team-members. I do not want it to be a publically available instance. I would like to only allow people for whom i've created user accounts to be able to get in and work.

User-permissions aside though, the bigger problem currently is i can't even expose the instance of confluence i set up on my local machine, to the outside world. That's the big hurdle I'm trying to figure out.

You will have to expose some of Confluence on the server in order for people to log in. The computer can't know whether a user is allowed in until it knows who they are. That means you want a public Confluence (in network terms), but not anonymous (so that people can find it, see the login stuff and log in if they have an account).

So, to confirm where you are now and what you want:

Good, we're getting there. As you want "can see confluence's basic stuff, but must log in to see the rest", that's probably working (And even if it's not right, it's just a case of looking at space permissions to ensure none of them say "anonymous")

So, next quick diagnostic questions/confirmations:

  1. You can see http://localhost:8090 on your machine?
  2. You can see http://localhost/confluence on your machine?
  3. Can you see http://ipaddress/confluence from your machine?
  4. Other people can NOT see http://ipaddress/confluence from other machines?

Exactly, yes. So I had conflunce on http://localhost:8090

And yes, I did then set it to http://localhost/confluence and that was good. I could only hit it internally though, even with the static ip I could not put in my IP on another machine + "/confluence" to get at it.

And again correct, I only want them to see a login page, and only be able to log in if they are one of my registered team members.

Thanks for your reply!!

where the x'ed IP one is the external address from whatismyip.com, after i set my machine to have a specific static IP I also made a rule in my firewall pointing at %ProgramFiles%\Atlassian\Confluence\bin\tomcat6.exe on 8090 for TCP, and an identical one for UDP where both have the Atlassian Confluence service selected.

I notice even on other landline machines in my LAN, I can't hit http://192.168.0.20:8090/confluence. It only works from this machine.

I can only even get to my local instance when that entire first Connector is commented out like that :(

I really really appreciate your help! :)

Ah ok so I misquoted my url last time, I can currently hit my local at http://192.168.0.20:8090/confluence OR http://localhost:8090/confluence. Currently:

&lt;Server port="8000" shutdown="SHUTDOWN" debug="0"&gt;
    &lt;Service name="Tomcat-Standalone"&gt;
        &lt;!--&lt;Connector 	port="8090" maxHttpHeaderSize="8192"
					maxThreads="75" minSpareThreads="25" maxSpareThreads="75"
					enableLookups="false" redirectPort="8443" acceptCount="100"
					connectionTimeout="20000" disableUploadTimeout="true"
					proxyName="http://fourthwallstudios proxyPort="80" /&gt;--&gt;
					
		&lt;Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8090" minProcessors="5"
                   maxProcessors="75"
                   enableLookups="false" redirectPort="8443" acceptCount="10" debug="0" connectionTimeout="20000"
                   useURIValidationHack="false" URIEncoding="UTF-8"/&gt;

        &lt;Engine name="Standalone" defaultHost="localhost" debug="0"&gt;

            &lt;Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false"&gt;

                &lt;Context path="/confluence" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true"&gt;
                    &lt;!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties --&gt;
                    &lt;Manager pathname="" /&gt;
                &lt;/Context&gt;
            &lt;/Host&gt;

        &lt;/Engine&gt;

I cannot get it to work, as http://fourthwallstudios/intranet which would be awesome.

I did open port 8090 on my router:

<th>IP Address</th><th>Start Port</th><th>End Port</th><th>IP
192.168.0.20 8090 8090 xx.xxx.xx.xx 8090 8090 BOTH Atlassian Yes

Ok, so if you can hit http://192.168.0.20:8090/confluence from 192.168.0.20, but not anywhere else, then you have a firewall on that machine blocking external access. You need to find that and open up the port (the /confluence is not important)

did you managed to solved it ?

Yes, they set up the network routing and proxies as described in the accepted answer.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Friday in Off-topic

Friday Fun: Riddle me this

Happy Friday, Funmakers! We had a Community Team offsite in Austin this week, and my mind feels primed for thinkin' from all the brainstorming we did!  So, this week's Friday Fun thread w...

126 views 15 3
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you