Details
-
Bug
-
Resolution: Fixed
-
Medium
-
6.0.1
-
10
-
Severity 1 - Critical
-
Description
UPDATE as of 29 May, 2017
This issue only happened in Confluence 6.0.1 because Confluence failed to route Synchrony requests to its built-in proxy when SSL is configured in Tomcat. The problem has been fixed since Confluence 6.0.2 (with this ticket: CONFSERVER-45273) and above. In Confluence 6.1+, the built-in proxy is properly utilised when Confluence detects that SSL is terminated at Tomcat. I will close this ticket to avoid any confusion.
Example configuration:
- No Proxy. Just SSL
- Sample confluence URL: https://mycompany.com:8016
- reza.port=8017
- synchrony.port=8017
Server.xml
<Server port="8000" shutdown="SHUTDOWN"> <Service name="Tomcat-Standalone"> <Connector port="8015" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" /> <Engine name="Standalone" defaultHost="localhost"> <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="false"> <Context path="" docBase="../confluence" reloadable="false" useHttpOnly="true"> <Manager pathname="" /> <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" /> </Context> </Host> </Engine> <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" port="8443" maxThreads="200" minSpareThreads="25" maxHttpHeaderSize="8192" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" keystoreFile="<path-to-keystore-file>/keystore.jks" keystorePass="password" clientAuth="false" sslProtocol="TLS"/> </Service> </Server>
Registered JVM Arguments in the application.xml:
Application.xml
<virtual-machine-arguments>-Dcatalina.base=<Confluence Service Location> -Dcatalina.home=<Confluence Service Location> -Djava.endorsed.dirs=<Confluence Service Location>\endorsed -Djava.io.tmpdir=<Confluence Service Location>\temp -XX:MaxPermSize=512m -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=<Confluence Service Location>\conf\logging.properties -Dreza.port=8017 -Dsynchrony.port=8017 -Dhttps.proxyHost=mycompany.com -Dhttps.proxyPort=8016 exit -Xms512m -Xmx2048m</virtual-machine-arguments>
other notes
- Connector ports used for HTTP and HTTPS are 8015 and 8443 but we're accessing Confluence via HTTPS and port 8016
- Address mycompany.com is currently a redirection from the public gateway to the internal confluence machine, using DNAT portforwarding
- If we access Confluence using HTTP and port 8015: http://mycompany.com:8015 synchrony is working
Observation:
Confluence is accessible in HTTPS and port 8016, :https://mycompany.com:8016 while Synchrony is not. We keep seeing this error:
atlassian-confluence.log
2016-11-18 10:18:26,804 DEBUG [ListenableFutureAdapter-thread-3] [plugins.synchrony.utils.SynchronyProxyUtil] isSynchronyProxyRunning {}
-- url: /rest/synchrony-interop/enable | referer: https://mycompany.com:8016/admin/confluence-collaborative-editor-plugin/configure.action | traceId: d2d97f26a2exxxxx | userName: admin
org.apache.http.conn.HttpHostConnectException: Connect to mycompany.com:8016 [mycompany.com/192.168.x.x] failed: Connection refused: connect
...
at com.atlassian.confluence.plugins.synchrony.utils.SynchronyProxyUtil.isSynchronyProxyRunning(SynchronyProxyUtil.java:41)