-
Bug
-
Resolution: Not a bug
-
Medium
-
None
-
6.0.1, 6.0.2, 6.0.3
-
Severity 2 - Major
-
Summary
When Confluence is running behind a reverse proxy and the proxy settings are added to the server.xml file, the internal synchrony-proxy is automatically disabled. Following the Reverse Proxy with Internal Synchronyproxy documentation steps does not prevent the internal proxy from being disabled:
To turn on the Synchrony proxy:
- Edit <home-directory>/confluence.cfg.xml
- Set synchrony.proxy.enabled to true and save the file.
{code}<property name="synchrony.proxy.enabled">true</property>
{code} - Restart Confluence for the changes to take effect.
Environment
- Confluence running behind a reverse proxy (Apache, NGINX or IIS)
- Requests proxied to the internal synchrony-proxy instead of directly to synchrony
Steps to Reproduce
- Configure the proxy settings to point to the synchrony-proxy as in the documentation
- Make sure that the synchrony.proxy.enabled property is set to true in confluence.cfg.xml
Expected Results
Internal synchrony-proxy is enabled.
Actual Results
Internal synchrony-proxy is disabled automatically by the following step of the startup procedure:
2017-01-05 17:52:28,404 INFO [ListenableFutureAdapter-thread-2] [plugins.synchrony.utils.TomcatConfigHelper] getProxyPort Checking if Tomcat is running behind a reverse proxy in C:\Program Files\Atlassian\Confluence\conf\server.xml...
Notes
This is a major issue when terminating SSL at Tomcat and running Confluence behind a reverse proxy, as synchrony does not accept direct HTTPS connections.
Workaround
Add the following system property and restart Confluence:
CATALINA_OPTS="-Dsynchrony.proxy.enabled=true ${CATALINA_OPTS}"