Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence via AJP and SSL - no scheme SSL in Server Connector needed?

Marcel "childno
Marcel "childno͡.de" Trautwein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 3, 2016

regarding Configuring Apache Reverse Proxy Using the AJP Protocol I'm wondering that there is no hint that the AJP connector might need a 

scheme="https"

nor

proxyName="my.host" proxyPort="443"

as like it is needed using mod_proxy to ensure correct URL handling:

 

Can someone point out, why this is the case/requirement for Apache mod_proxy but not for AJP?

Answer
Watch
Like Be the first to like this
1072 views

2 answers

1 accepted

0 votes
Answer accepted
Sebastian Bicchi
Sebastian Bicchi August 4, 2016

When using mod_proxy the request looks to Confluence like a browser request. Therefore you have to tell Confluence (or to be more precisely Confluence' Tomcat server) that a proxy is used and the Scheme is https, so the server can build a valid link instead of redirecting to it's own address.

AJP is different. AJP is a binary protocol, which includes different states about the request but does look not like a http request to the server.  The server is aware that this is a proxified request. Inside the AJP message everything is already prepared, in other words the server will know from where the request comes:

AJP13_FORWARD_REQUEST :=
    prefix_code      (byte) 0x02 = JK_AJP13_FORWARD_REQUEST
    method           (byte)
    protocol         (string)
    req_uri          (string)
    remote_addr      (string)
    remote_host      (string)
    server_name      (string)
    server_port      (integer)
    is_ssl           (boolean)
    num_headers      (integer)
    request_headers *(req_header_name req_header_value)
    attributes      *(attribut_name attribute_value)
    request_terminator (byte) OxFF

The long name is by the way Apache JServ Protocol. 

Reply
0 votes
Marcel "childno
Marcel "childno͡.de" Trautwein
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 3, 2016

because internal ajp connection is still unencrypted? while mod_proxy makes internal calls to an HTTPS server?

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.