I am running HAProxy 1.7 as a front end reverse proxy against a JIRA 7.5.1 server, and it works without issue.
However, if I take the exact same config and slightly modify it (change the server hostname in the haproxy.cfg for example) for use with my Confluence 6.6.0 server, it fails and HAProxy returns a '503 Server Unavailable' error. (configurations are included below)
I have made the exact same config modifications to the Connector Port settings for the Confluence Tomcat server, as are in my JIRA Tomcat server, and it fails. The 503 error is what HAProxy is kicking back, so for some reason it doesn't like how Confluence is serving back the proxy, versus how JIRA does. Any ideas what might be wrong?
One of the main differences that I see between the way JIRA serves http via Tomcat, versus how Tomcat does is that JIRA's "protocol" setting in Tomcat is "protocol=HTTP/1.1" whereas COnfluence serves it with the setting " protocol="org.apache.coyote.http11.Http11NioProtocol"
Any ideas (relevant config entries below)
------------------------------------------------------
Confluence Tomcat settings:
<Service name="Tomcat-Standalone">
<Connector port="8090"
connectionTimeout="20000"
redirectPort="8443"
maxThreads="48" minSpareThreads="10"
enableLookups="false"
acceptCount="10"
debug="0"
URIEncoding="UTF-8"
protocol="org.apache.coyote.http11.Http11NioProtocol"
secure="true"
scheme="https"
proxyName="<myserver.domain.com>"
proxyPort="443" />
------------------------------------------------------------------------
HAProxy settings:
frontend confluence_http_insecure
bind *:80
redirect scheme https if !{ ssl_fc }
frontend confluence_http_secure
mode http
bind *:443 ssl crt /etc/pki/tls/keystore/<ssl_key>.pem
reqadd X-Forwarded-Proto:\ https
reqadd X_Forwarded-Port:\ 443
default_backend confluence_http_backend
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
# The confluence_http_backend section forwards all requests to
# http://<myhost.domain.com:8090/>.
# It will allow a maximum of 1000 connections to the server.
#---------------------------------------------------------------------
backend confluence_http_backend
mode http
option httplog
option forwardfor
option http-server-close
option httpchk
server <myhost> <myhost.domain.com:8090> maxconn 1000
Did you ever find a solution to this.
I am in your exact same position, and have been troubleshooting for days, but have reached similar conclusions to yours without much headway.
And like you I was able to get Jira to work without any issues.
One additional note,
If I configure HAProxy to do a reverse proxy to the SSL (https) port on my backend server, like so:
#---------------------------------------------------------------------
backend confluence_http_backend
mode http
option httplog
option forwardfor
option http-server-close
option httpchk
server sjc2-conflnce01 <myhost.domain.com:8443> ssl verify none cookie sl maxconn 1000
#--------------------------------------------------------------------
Everything is fine. It's ONLY when I'm trying to get it to proxy to the non-SSL (http; port 8090) that HAProxy fails, which makes me think this is somehow related to how the 8090 Connector Port configuration in Tomcat is responding to HAProxy http check requests?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.