Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-45567

Confluence cannot connect to Synchrony configured with non-standard -Dsynchrony.bind or -Dreza.bind

      Similar to CONF-45565, but affecting the interface rather than the port..

      When Confluence is started with -Dsynchrony.bind=127.0.1.1 or something other than localhost / 127.0.0.1, Synchrony starts up on the indicated interface, but Confluence is unable to contact Synchrony on this non-standard interface.

      Confluence ought to be using synchrony.bind when it constructs the 'Synchrony Internal Service URL. However it hardcodes 'localhost':

      [plugins.synchrony.bootstrap.DefaultSynchronyProcessManager] updateSynchronyConfiguration Synchrony External Base URL: http://localhost:8090/synchrony-proxy
      [plugins.synchrony.bootstrap.DefaultSynchronyProcessManager] updateSynchronyConfiguration Synchrony External Service URL: http://localhost:8090/synchrony-proxy/v1
      [plugins.synchrony.bootstrap.DefaultSynchronyProcessManager] updateSynchronyConfiguration Synchrony Internal Service URL: http://localhost:8091/synchrony/v1
      [plugins.synchrony.bootstrap.DefaultSynchronyProcessManager] updateSynchronyConfiguration Synchrony Resources URL: http://localhost:8090/synchrony-proxy/resources
      
      
      

      resulting in later editor failures:

      [plugins.synchrony.config.DefaultSynchronyConfigurationManager] retrievePublicKey [Collab editing plugin] Could not retrieve public key for real-time collaboration service at http://localhost:8091/synchrony/jwt-key with exception: Connect to localhost:8091 [localhost/127.0.0.1] failed: Connection refused
      [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap Could not retrieve Synchrony public key.
      [plugins.synchrony.config.DefaultSynchronyConfigurationManager] retrievePublicKey [Collab editing plugin] Could not retrieve public key for real-time collaboration service at http://localhost:8091/synchrony/jwt-key with exception: Connect to localhost:8091 [localhost/127.0.0.1] failed: Connection refused
      [synchrony.api.v1.SynchronyTokenResource] generateToken Could not retrieve Synchrony public key. 
      

      Steps to replicate

      1. Start a new Standalone Confluence with -Dsynchrony.bind=127.0.1.1, e.g.:
        cd /tmp
        tar xf path/to/atlassian-confluence-6.0.2.tar.gz 
        cd atlassian-confluence-6.0.2/
        CATALINA_OPTS="-Dconfluence.home=$(pwd)/confhome -Dsynchrony.bind=127.0.1.1" ./bin/catalina.sh run
        
        

        (127.0.1.1 is a good example as it's usually defined by default on linux hosts, while still being distinct from localhost/127.0.0.1)

      1. Choose an install with sample data, set a license key and create an admin user.
      2. Once Confluence is finished its setup wizard, you can cerify that Synchrony is listening on the non-standard interface:
      $ netstat -ntpl | grep $(pgrep -f -u $USER 'synchrony.core sql')
      tcp6       0      0 127.0.1.1:8091          :::*                    LISTEN      13012/java      
      tcp6       0      0 127.0.0.1:25500         :::*                    LISTEN      13012/java      
      tcp6       0      0 :::5701                 :::*                    LISTEN      13012/java    
      
      
      1. Create a sample space.
      2. You will be left in an editor with a spinner, and the 'Loading the editor's taking longer than usual' error.

      Workaround

      1. No workaround.

      Solution

      In 6.0.4, we introduce a new system property synchrony.host that will allow Confluence to contact Synchrony via a custom hostname or IP address. synchrony.bind may still be needed for Synchrony to listen on a specific network interface.

            [CONFSERVER-45567] Confluence cannot connect to Synchrony configured with non-standard -Dsynchrony.bind or -Dreza.bind

            Unfortunatelly, as of 6.3.3, `synchrony.host` (unlike `synchrony.bind`, which works fine) doesn't work with IPv6 addresses (at least, `::1`). Neither in the notation of `::1` nor `[::1]`.

            Logs shows that as:

            ```

            2017-10-27 17:09:23,130 INFO [http-nio-0:0:0:0:0:0:0:1-8090-exec-5] [plugins.synchrony.config.DefaultSynchronyConfigurationManager] retrievePublicKey [Collab editing plugin] Could not retrieve public key for real-time collaboration service at http://%5B%3A%3A1%5D:8091/synchrony/jwt-key with exception: null
            2017-10-27 17:09:23,131 ERROR [http-nio-0:0:0:0:0:0:0:1-8090-exec-5] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap Could not retrieve Synchrony public key.

            ```

            (it replaces `[`/`]` and `:` with their urlencoded values).

            As a workaround, it is possible to use some fake domain assigned for the address in `/etc/hosts` (like ip6-localhost), but it'd be nice to avoid that.

            Vadim A. Misbakh-Soloviov added a comment - Unfortunatelly, as of 6.3.3, `synchrony.host` (unlike `synchrony.bind`, which works fine) doesn't work with IPv6 addresses (at least, `::1`). Neither in the notation of `::1` nor ` [::1] `. Logs shows that as: ``` 2017-10-27 17:09:23,130 INFO [http-nio-0:0:0:0:0:0:0:1-8090-exec-5] [plugins.synchrony.config.DefaultSynchronyConfigurationManager] retrievePublicKey [Collab editing plugin] Could not retrieve public key for real-time collaboration service at http://%5B%3A%3A1%5D:8091/synchrony/jwt-key with exception: null 2017-10-27 17:09:23,131 ERROR [http-nio-0:0:0:0:0:0:0:1-8090-exec-5] [confluence.plugins.synchrony.SynchronyContextProvider] getContextMap Could not retrieve Synchrony public key. ``` (it replaces ` [`/`] ` and `:` with their urlencoded values). As a workaround, it is possible to use some fake domain assigned for the address in `/etc/hosts` (like ip6-localhost), but it'd be nice to avoid that.

            Minh Tran added a comment - - edited

            Hi stefan.meurer / david.herbstmann1731671173,

            From what you reported, i am not sure we have enough information to do further investigation. I would like to suggest you to raise support requests https://support.atlassian.com
            Then our support engineers will contact you for investigation

            Thanks,
            Minh Tran
            Confluence BugMaster

            Minh Tran added a comment - - edited Hi stefan.meurer / david.herbstmann1731671173 , From what you reported, i am not sure we have enough information to do further investigation. I would like to suggest you to raise support requests https://support.atlassian.com Then our support engineers will contact you for investigation Thanks, Minh Tran Confluence BugMaster

            Could not retrieve public key
            

            This Error Occurs when we Update from 6.0.x to 6.1.1 and we can not use synchrony any longer - any suggestions?

            David Herbstmann added a comment - Could not retrieve public key This Error Occurs when we Update from 6.0.x to 6.1.1 and we can not use synchrony any longer - any suggestions?

            Property http.nonProxyHosts doesn't get pulled in by Synchrony

             

            Hi,

            since we're utilising a proxy to access the web, we also configured it's address in the catalina.properties file. We're also set the property http.nonProxyHosts but due to our recent errors with the confluence editor caused by synchrony, our engineers traced back the error to synchrony, it doesn't obey the configured property http.nonProxyHosts and tries to make connections using our proxy. Can someone fix this please?

            Cheers,

            Steve

            Stefan Meurer added a comment - Property http.nonProxyHosts doesn't get pulled in by Synchrony   Hi, since we're utilising a proxy to access the web, we also configured it's address in the catalina.properties file. We're also set the property http.nonProxyHosts but due to our recent errors with the confluence editor caused by synchrony, our engineers traced back the error to synchrony, it doesn't obey the configured property http.nonProxyHosts and tries to make connections using our proxy. Can someone fix this please? Cheers, Steve

            A fix for this issue is now available for Confluence Server customers.
            Upgrade now or check out the Release Notes to see what other issues are resolved.

            Zhenhuan Zhou (Inactive) added a comment - A fix for this issue is now available for Confluence Server customers. Upgrade now or check out the Release Notes to see what other issues are resolved.

              ttranminh Tam Tran
              7c5359af675b Jeff Turner
              Affected customers:
              0 This affects my team
              Watchers:
              10 Start watching this issue

                Created:
                Updated:
                Resolved: