Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Apache Config for Confluence 6

Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
November 21, 2016

Hi,

I recently installed Confluence 6 with an Apache server frontending the communication.  I was following the instructions at https://confluence.atlassian.com/confeap/using-apache-with-mod_proxy-480346967.html and found them to be a bit inaccurate, so I thought I would publish my discovery.

In our configuration, we have the server url "https://confluence.company.com" which is hosted by Apache and backended with Confluence on the same server at port 8090.  The instructions talk about always having a context path - and I found that Example 2: Complex configuration without context path sort of described my scenario; however, it didn't work.  There are two issues.  First, the proxypath and proxypathrevers parameters should be pointing to the root "/" rather than "/confluence".  Second, the parameters for the ProxyHTMLURLMap are backwards. Lastly, when in practice, I found the ProxyHTMLURLMap was not processing all of the urls.  

What I did try was not setting a context in the tomcat configuration, then using the config below and that seems to be working fine.

<VirtualHost _default_:443>
    ServerAdmin scott_selberg@keysight.com
    ServerName confluence.keysight.com
    ErrorLog    "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/ssl_error_log.%Y%m%d"
    TransferLog "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/ssl_access_log.%Y%m%d"
    CustomLog   "|/usr/sbin/cronolog /var/log/httpd/%Y/%m/ssl_custom_log.%Y%m%d" combined
    LogLevel warn
    SSLEngine on
    SSLProtocol all -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
    SSLCertificateFile <redacted>
    SSLCertificateChainFile <redacted>
    SSLCertificateChainFile <redacted>
    SSLCertificateChainFile <redacted>
    SSLCertificateKeyFile <redacted>
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy "*">
        Require all granted
    </Proxy>

    <Location />
        Require all granted
    </Location>

    ProxyPass /synchrony http://localhost:8091/synchrony
    <Location /synchrony>
        Require all granted
        RewriteEngine on
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
        RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
        RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]
    </Location>

    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>

    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>

    Alias "/video" "/confluence_videos"
    <Directory "/confluence_videos">
       Options +Indexes
       Require all granted
       SSLOptions +StdEnvVars
    </Directory>

    RewriteEngine On
    RewriteCond %{REQUEST_URI} !^/video
    RewriteCond %{REQUEST_URI} !^/icons
    RewriteCond %{REQUEST_URI} !^/keysight
    RewriteCond %{REQUEST_URI} !^/notices
    RewriteCond %{REQUEST_URI} !^/synchrony
    RewriteRule ^/(.*) http://localhost:8090/$1 [P]
    ProxyPassReverse / http://localhost:8090
    #RewriteRule ^/(.*) /notices/maintenance.html
    BrowserMatch "MSIE [2-5]" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
</VirtualHost>

-Scott

Answer
Watch
Like # people like this
2485 views

2 answers

1 accepted

0 votes
Answer accepted
Neil Schulz
Neil Schulz February 7, 2017

@Scott Selberg, I've followed their documentation and the config you laid out here, but I'm still having the same issue with Synchrony. I'm unable to edit and when looking at the console, I'm seeing this error, "GET https://confluence-01.domain.com/synchrony/v1/data/Synchrony-71030605-d…07-5177f63e4ec2/confluence-3506183?state-at=@head&state-format=type-tagged 404 (Not Found)"

Any idea?

View More Comments
Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 7, 2017

Without seeing the apache configuration and the tomcat server.xml file, it's really hard to guess what could be going on.  If you post them, I'll take a look and let you know if I see anything.

Like
Neil Schulz
Neil Schulz February 7, 2017

I've been plugging different configs. I've tried yours, the wiki's, and other users. The one I'm currently using is:

Apache:

<VirtualHost *:443>
    ServerName confluence-01.domain.com
        ProxyRequests Off
        ProxyPass /synchrony http://confluence-01.domain.com:8091/synchrony
        <Location /synchrony>
                Require all granted
                RewriteEngine on
                RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
                RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
                RewriteRule .* ws://confluence-01.domain.com:8091%{REQUEST_URI} [P]
        </Location>

        <Proxy *>
          Require all granted
        </Proxy>
        ProxyPass / http://confluence-01.domain.com:8090/
        ProxyPassReverse / http://confluence-01.domain.com:8090/
        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/cert.pem
        SSLCertificateKeyFile /etc/ssl/private/key.key
#       RewriteEngine On
#       RewriteCond %{REQUEST_URI} !^/synchrony
#       RewriteRule ^/(.*) http://confluence.domain.com:8090/$1 [P]
        <Location />
                Require all granted
        </Location>
</VirtualHost>
<VirtualHost *:80>
    ServerName confluence-01.domain.com
    Redirect Permanent /  https://confluence-01.domain.com/
    Redirect Permanent /synchrony   https://confluence-01.domain.com/synchrony
</VirtualHost>

 

Confluence:

<Server port="8000" shutdown="SHUTDOWN" debug="0">
    <Service name="Tomcat-Standalone">
<!--        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol"/>  -->
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol"
                proxyName="confluence-01.domain.com" proxyPort="443" secure="true" scheme="https"/>
        <Engine name="Standalone" defaultHost="confluence-01.domain.com" debug="1">
            <Host name="confluence-01.domain.com" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">
                <Context path="" docBase="../confluence" debug="0" reloadable="false">
                    <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
                    <Manager pathname="" />
                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
                </Context>
            </Host>
        </Engine>
        <!--
            To run Confluence via HTTPS:
             * Uncomment the Connector below
             * Execute:
                 %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
                 $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA  (Unix)
               with a password value of "changeit" for both the certificate and the keystore itself.
             * Restart and visit https://localhost:8443/
             For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
        -->
<!--
        <Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->
    </Service>
</Server>
Like
Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 7, 2017

I don't think you should redirect the port 80 synchrony calls to https - I believe they should get forwarded to the 8091 port.  I recall reading somewhere that https was not working with synchrony. That's just a guess on my part though.

... I just checked my config, and I redirect it.  So that's not the issue.

...
<VirtualHost _default_:80>
   Redirect permanent / https://confluence.keysight.com/
</VirtualHost>
...
Like
Neil Schulz
Neil Schulz February 7, 2017

Actually, by comment out the https part for synchrony, it is working!

Like
Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 7, 2017

Here are the differences I see.  

I set: ProxyPreserveHost On, you did not.  I don't know if that matters.

I'm using RewriteRule where you are using ProxyPass.  I think that may be the issue.

In your apache config, I see the following

...
ProxyPass / http://confluence-01.domain.com:8090/
ProxyPassReverse / http://confluence-01.domain.com:8090/
...

I think that will redirect all traffic to port 8090 - including that intended for synchrony.  In my redirect, I use

RewriteEngine On
 ...
 RewriteCond %{REQUEST_URI} !^/synchrony
 RewriteRule ^/(.*) http://localhost:8090/$1 [P]
 ProxyPassReverse / http://localhost:8090

Which should redirect all traffic just like the ProxyPass call you had - with the exception of the calls that start with /synchrony.  Those will not touched and I suspect then it will use the location information to send those calls to port 8091.

 

 

Like
Scott Selberg
Scott Selberg
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
February 7, 2017

Hmm, I just saw your reply.  Glad to hear it's working - but I have no explaination.  

According to the apache manual for Redirect, "Additional path information beyond the matched URL-path will be appended to the target URL."

So, I think the synchrony line in the example below should be totally irrelevant as the first does the same thing.

<VirtualHost *:80>    ServerName confluence-01.domain.com
    Redirect Permanent /  https://confluence-01.domain.com/
    Redirect Permanent /synchrony   https://confluence-01.domain.com/synchrony
</VirtualHost>

However, since it's working something must be different - perhaps it's the missing slash at the end of the line...

Like
Reply
0 votes
Tam Tran
Tam Tran
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 21, 2016

This is awesome, @Scott Selberg. It works like a charm.

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events