Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-52350

Documentation for running Synchrony behind reverse proxy is wrong

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      The documentation (https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-mod_proxy_http-806032611.html) has a section for running behind a server that seems outdated/wrong.

      <VirtualHost *:80>
        ServerName myconfluence.com

        ProxyRequests Off
        ProxyPreserveHost On

        # Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
        <Proxy *>
          Require all granted
        </Proxy>
        ProxyPass /synchrony http://<internal_domain>:8091/synchrony

        <Location /synchrony>
          Require all granted
          RewriteEngine on
          RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
          RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
          RewriteRule .* ws://<internal_domain>:8091%{REQUEST_URI} [P]
        </Location>

        ProxyPass / http://<internal_domain>:8090/
        ProxyPassReverse / http://<internal_domain>:8090/

        <Location />
          Require all granted
        </Location>

      </VirtualHost>

      In my setup this will redirect http://myconfluence.com/synchrony/ to ws://<internal_domain>:8091/synchrony. However, the browser frontend is looking for Synchrony under http://myconfluence:8091/synchrony (or will try to use the synchrony-proxy). So the Synchrony proxying does not work.

      An easy fix would be to open the firewall on port 8091. However, since the main site uses SSL, access to port 8091 was also done via SSL. My fix was to add a second virtual host to listen on 8091 which looked something like this:

      Listen aaa.bbb.ccc.ddd:8091

      <VirtualHost *:8091>
      {{}}

          <SSL configuration here>
          ProxyRequests Off

          ProxyPreserveHost On
          ProxyPass /synchrony/ http://localhost:8091/synchrony/
          <Location /synchrony/>
              Require all granted
              RewriteEngine on
              RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
              RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
              RewriteRule .* ws://localhost:8091%{REQUEST_URI} [P]{{      }}
          </Location>

      </VirtualHost>

      Additionally I had to restrict Synchrony to 127.0.0.1 by adding so Apache and Synchrony don't use the same port.

      -Dsynchrony.bind=127.0.0.1

      to my JAVA_OPTS.

      Since this caused me some headache it would be great if somebody could update the documentation.

      Additionally it would be great if there was a system property to tell confluence the URL by which to access Synchrony. Ideally this property would either specify the full URL (e.g. https://synchrony.wiki.com/synchrony) or just the context (/synchrony would be interpreted as https://my.wiki.com/synchrony) in case Confluence is accessible through multiple URLs.

       

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            31ab62624727 fhossfel
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: