Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

HAProxy 1.7 config for JIRA Tomcat fails when applied to Confluence Tomcat (eror 503)

OneTech IT
OneTech IT
Contributor
February 5, 2018

I am running HAProxy 1.7 as a front end reverse proxy against a JIRA 7.5.1 server, and it works without issue.

However, if I take the exact same config and slightly modify it (change the server hostname in the haproxy.cfg for example) for use with my Confluence 6.6.0 server, it fails and HAProxy returns a '503 Server Unavailable' error.   (configurations are included below)

I have made the exact same config modifications to the Connector Port settings for the Confluence Tomcat server, as are in my JIRA Tomcat server, and it fails.   The 503 error is what HAProxy is kicking back, so for some reason it doesn't like how Confluence is serving back the proxy, versus how JIRA does.   Any ideas what might be wrong?

One of the main differences that I see between the way JIRA serves http via Tomcat, versus how Tomcat does is that JIRA's "protocol" setting in Tomcat is "protocol=HTTP/1.1" whereas COnfluence serves it with the setting " protocol="org.apache.coyote.http11.Http11NioProtocol"

Any ideas (relevant config entries below)

------------------------------------------------------
Confluence Tomcat settings:


<Service name="Tomcat-Standalone">
<Connector port="8090"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false"
acceptCount="10"
debug="0"
URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
secure="true"
scheme="https"
proxyName="<myserver.domain.com>"
proxyPort="443" />
------------------------------------------------------------------------

HAProxy settings:


frontend confluence_http_insecure
bind *:80
redirect scheme https if !{ ssl_fc }

frontend confluence_http_secure
mode http
bind *:443 ssl crt /etc/pki/tls/keystore/<ssl_key>.pem
reqadd X-Forwarded-Proto:\ https
reqadd X_Forwarded-Port:\ 443
default_backend confluence_http_backend

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
# The confluence_http_backend section forwards all requests to
# http://<myhost.domain.com:8090/>.
# It will allow a maximum of 1000 connections to the server.
#---------------------------------------------------------------------
backend confluence_http_backend
mode http
option httplog
option forwardfor
option http-server-close
option httpchk
server <myhost> <myhost.domain.com:8090> maxconn 1000

 

 

Answer
Watch
Like Be the first to like this
1249 views

2 answers

0 votes
Support
Support
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
February 4, 2020

Did you ever find a solution to this.

 

I am in your exact same position,  and have been troubleshooting for days, but have reached similar conclusions to yours without much headway.

 

And like you I was able to get Jira to work without any issues.

Reply
0 votes
OneTech IT
OneTech IT
Contributor
February 5, 2018

One additional note,

If I configure HAProxy to do a reverse proxy to the SSL (https) port on my backend server, like so:

#---------------------------------------------------------------------
backend confluence_http_backend
mode http
option httplog
option forwardfor
option http-server-close
option httpchk
server sjc2-conflnce01 <myhost.domain.com:8443> ssl verify none cookie sl maxconn 1000
#--------------------------------------------------------------------

Everything is fine.  It's ONLY when I'm trying to get it to proxy to the non-SSL (http; port 8090) that HAProxy fails, which makes me think this is somehow related to how the 8090 Connector Port configuration in Tomcat is responding to HAProxy http check requests?

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security