Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Configuring Confluence with Apache Proxy

dpliatsios
dpliatsios September 27, 2018

Hello,

I am trying to configure Confluence through an Apache Proxy, using this guide but I have some issues.

In server.xml if I use the direct HTTPS connector as:

<Connector port="9443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="*****" keystoreFile="*******"/>

Confluence starts without any problems.

If I select HTTPS through proxy by setting:

<Connector port="9443" connectionTimeout="20000"
                   maxThreads="48" minSpareThreads="10"
                   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                   protocol="org.apache.coyote.http11.Http11NioProtocol"
                   scheme="https" secure="true" proxyName="my.domain.gr" proxyPort="443"/>

I have also tried proxyName="localhost"

I receive the following error in catalina.out:

27-Sep-2018 12:47:38.030 INFO [http-nio-9443-exec-3] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
 java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
        at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:412)
        at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:298)
        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:754)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1385)
        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:748)

 

Any suggestions on how to resolve this issue?

Thank you for your time,

Dimitris

Answer
Watch
Like Be the first to like this
3061 views

2 answers

1 accepted

0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 27, 2018

Those are two totally different connectors and they're trying to do different things - one has Tomcat encryption, the other is set for no encryption and running via a proxy.  The second one is not expecting Tomcat to be encrypted and hence getting the wrong headers and falling over.

You need to decide what you're trying to do with SSL.  Do you want it done by the proxy or by Tomcat?

View More Comments
dpliatsios
dpliatsios September 27, 2018

Thank you for your fast reply.

Here is the scenario:

Confluence is running on port 9443 with SSL encryption. If I have enabled the first connector I visit the site using the URL: https://my.domain.gr:9443/.

As there are some firewall issues I want to setup an Apache proxy so the user behind the firewall can visit the site as: https://my.domain.gr/confluence

Whether the encryption is done by the proxy or Tomcat has little importance. I would prefer the easiest one.

Like
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 27, 2018

Ok, the easier route is the one described in the document you mentioned originally.

I'm not sure what lead you to partially set up SSL on the Tomcat end and then start looking at the wrong connectors, but it's not needed for the easier route, so remove all of that, reverting back to a plain http Confluence installation.

Then follow the doc you pointed to before - set up apache, tell it to proxy to your confluence server and add the four proxy settings to the Tomcat server.xml's existing connector as you did before (scheme/secure/proxy/proxyport)

Like
dpliatsios
dpliatsios September 27, 2018

Everything worked out!

Thank you very much for your valuable help!

Like
Reply
0 votes
Dovid Bender
Dovid Bender
Contributor
April 22, 2019

When using mod_proxy for server.xml what is the correct setting for  protocol ? Is it still "org.apache.coyote.http11.Http11NioProtocol" ?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.