-
Bug
-
Resolution: Fixed
-
Low
-
None
-
6.15.2
-
1
-
Severity 3 - Minor
-
Summary
Connections to Synchrony fail when Confluence is running via official docker image, behind a reverse proxy, using the internal Synchrony proxy. This is due to an empty string value for confluence.context.path
Environment
- Reverse proxy (with no Synchrony endpoint)
- Internal synchrony proxy enabled
- atlassian/confluence-server docker image
Steps to Reproduce
- Save the following docker-compose.yml file:
version: '3.6' services: proxy: image: outrigger/https-proxy:1.0 ports: - "443:443" environment: UPSTREAM_DOMAIN: confluence UPSTREAM_PORT: 8090 PROXY_DOMAIN: localhost RATE_LIMIT: 0 confluence: ports: - "8090:8090" - "8091:8091" image: aacdf7d27208 volumes: - confluence:/var/atlassian/application-data/confluence environment: CATALINA_CONTEXT_PATH: /conf CATALINA_CONNECTOR_PROXYNAME: localhost CATALINA_CONNECTOR_PROXYPORT: 443 CATALINA_CONNECTOR_SCHEME: https CATALINA_CONNECTOR_SECURE: "true" volumes: confluence:
- Bring up the docker containers using:
docker-compose up
- Once past the setup wizard attempt to create a page (this is the last step of the setup wizard)
Expected Results
You can add text to the page and see that changes are being save by Synchrony
Actual Results
When editing the page
Pages cannot be saved.
The following error appears in a pop-up:
"Something went wrong after loading the editor. Copy your unsaved changes and refresh the page to keep editing."
The bottom right status states "Can't save changes".
In System Information
The confluence.context.path entry is empty, when it should show the context path as set in Tomcat
Notes
Confluence sets confluence.context.path via a JVM argument. See <confluence-install>/bin/setenv.sh:
CATALINA_OPTS="-Dconfluence.context.path=${CONFLUENCE_CONTEXT_PATH} ${CATALINA_OPTS}"
The ${CONFLUENCE_CONTEXT_PATH} is set in <confluence-install>/bin/setenv.sh via the following:
CONFLUENCE_CONTEXT_PATH=`$JRE_HOME/bin/java -jar $CATALINA_HOME/bin/confluence-context-path-extractor.jar $CATALINA_HOME` export CONFLUENCE_CONTEXT_PATH
In a normal server install of Confluence, if you find the CONFLUENCE_CONTEXT_PATH entry in System Information it will be the text entered as configured in <confluence-install>/conf/server.xml (in this case it would be /conf).
In the docker image, we set the <context path=""> to use a variable (from the Confluence Dockerfile):
&& sed -i -e 's/Context path=""/Context path="${catalinaContextPath}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml
entrypoint.sh sets catalinaContextPath as shown:
CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaContextPath=${CATALINA_CONTEXT_PATH}"
When we look at System Information for the docker image, instead of plain text it will shown the variable name:
The confluence-context-path-extractor.jar parses the context path from <confluence-install>/conf/server.xml as shown:
public class ContextPathExtractor { public static void main(String[] args) { final String catalinaHome = args[0]; File serverXmlFile = new File(catalinaHome + File.separator + "conf" + File.separator + "server.xml"); String confluenceContextPath = getAttributeFromXmlFile(serverXmlFile, "path", "//Context[@path]").orElse(""); System.out.print(confluenceContextPath); } }
It appears that when confluence-context-path-extractor.jar attempts to pass the context path it fails. The orElse method then returns an empty string.
Workaround
There are two options to workaround this:
- Configure the proxy to handle connections to synchrony instead of using the internal synchrony-proxy
- Add an environment variable in the docker create/compose that sets catalinaContextPath,
- docker-compose example:
version: '3.6' services: proxy: image: outrigger/https-proxy:1.0 ports: - "443:443" environment: UPSTREAM_DOMAIN: confluence UPSTREAM_PORT: 8090 PROXY_DOMAIN: localhost RATE_LIMIT: 0 confluence: ports: - "8090:8090" - "8091:8091" image: aacdf7d27208 volumes: - confluence:/var/atlassian/application-data/confluence environment: CATALINA_CONTEXT_PATH: /conf CATALINA_CONNECTOR_PROXYNAME: localhost CATALINA_CONNECTOR_PROXYPORT: 443 CATALINA_CONNECTOR_SCHEME: https CATALINA_CONNECTOR_SECURE: "true" catalinaContextPath: /conf volumes: confluence:
- docker run example:
docker run --name confluence -d \ -p 8090:8090 \ -p 8091:8091 \ -e CATALINA_CONTEXT_PATH=/conf \ -e CATALINA_CONNECTOR_PROXYNAME=localhost \ -e CATALINA_CONNECTOR_PROXYPORT=443 \ -e CATALINA_CONNECTOR_SCHEME=https \ -e CATALINA_CONNECTOR_SECURE=true \ -e CATALINA_CONTEXT_PATH=/conf \ -e catalinaContextPath=/conf \ -v confluence:/var/atlassian/application-data/confluence \ atlassian/confluence-server:6.15.2-ubuntu-18.04-adoptopenjdk8
- docker-compose example:
| Form Name | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
This should now be fixed as we're generating server.xml from a template, and ContextPathExtractor can grab the context path value from the file, where it couldn't before. I'll close this out.