Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Proxy and HTTPS setup for Confluence with apache2

Michael Smith
Michael Smith June 2, 2020

We have a problem with confluence after its update to 7.3.4. Confluence won't run on HTTPS, it works only on HTTP. Our configurations below (It worked with  Confluence 5.4.* ):

default-ssl.conf

<IfModule mod_ssl.c>
  <VirtualHost *>
    ServerAdmin admin@domain.com

  DocumentRoot /var/www/jira/
  RewriteEngine On
  RewriteCond %{REQUEST_URI} !^(.*)maintenance(.*)$
  ErrorDocument 503 /maintenance/MaintenancePage.html
  ProxyPass /maintenance/ !

  # JIRA AJP Proxy Configuration:
  <Proxy *>
        Order deny,allow
        Allow from all
</Proxy>

  ProxyRequests Off
  ProxyPass / ajp://ourjira.com:8009/
  ProxyPassReverse / ajp://ourjira.com:8009/




  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined


  # SSL Engine Switch:
  # Enable/Disable SSL for this virtual host.
  SSLEngine on


  SSLCertificateFile /etc/letsencrypt/live/ourjira.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/ourjira.com/privkey.pem


  #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
  </FilesMatch>

  <Directory /usr/lib/cgi-bin>
    SSLOptions +StdEnvVars
  </Directory>


  BrowserMatch "MSIE [2-6]" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
  # MSIE 7 and newer should be able to use keepalive
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

  ServerName ourjira.com
    SSLCertificateChainFile /etc/letsencrypt/live/ourjira.com/chain.pem
</VirtualHost>

<VirtualHost *>
  ServerAdmin admin@domain.com

  DocumentRoot /var/www/jira/
  RewriteEngine On
  RewriteCond %{REQUEST_URI} !^(.*)maintenance(.*)$
  ErrorDocument 503 /maintenance/MaintenancePage.html
  ProxyPass /maintenance/ !

  # Confluence AJP Proxy Configuration:
  <Proxy *>
     Order deny,allow
     Allow from all
  </Proxy>

  ProxyRequests Off
  ProxyPass / ajp://ourjira.com:8010/
  ProxyPassReverse / ajp://ourjira.com:8010/

  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined

  SSLEngine on

  SSLCertificateFile /etc/letsencrypt/live/confluence.ourjira.com/cert.pem
  SSLCertificateKeyFile    /etc/letsencrypt/live/confluence.ourjira.com/privkey.pem


  <FilesMatch "\.(cgi|shtml|phtml|php|css|htm)$">
     SSLOptions +StdEnvVars
  </FilesMatch>

  <Directory /usr/lib/cgi-bin>
     SSLOptions +StdEnvVars
  </Directory>


  BrowserMatch "MSIE [2-6]" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0

  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

  ServerName confluence.ourjira.com
  SSLCertificateChainFile /etc/letsencrypt/live/confluence.ourjira.com/chain.pem
  </VirtualHost>
</IfModule>

000-default.conf

<VirtualHost ourjira.com:80>
   ServerAdmin admin@ourjira.com
   ServerName ourjira.com
   ServerAlias ourjira.com

   DocumentRoot /var/www/html

   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

<VirtualHost ourjira.com:80>
  ServerName ourjira.com
  ServerAlias confluence.ourjira.com

  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>


Confluence server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
        <Service name="Tomcat-Standalone">
                 <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                              maxThreads="200" minSpareThreads="10"
                              enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                              protocol="org.apache.coyote.http11.Http11NioProtocol" />

                 <Engine name="Standalone" defaultHost="localhost" debug="0">

                   <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false">

                   <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
<!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
                  <Manager pathname="" />
</Context>
</Host>

</Engine>

<Connector port="8010" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3" />

<!--
To run Confluence via HTTPS:
* Uncomment the Connector below
* Execute:
%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
with a password value of "changeit" for both the certificate and the keystore itself.
* Restart and visit https://localhost:8443/

For more info, see https://confluence.atlassian.com/display/DOC/Running+Confluence+Over+SSL+or+HTTPS
-->
<!--
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11NioProtocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="<MY_CERTIFICATE_PASSWORD>"/>
-->
          </Service>
</Server>


I know, Atlassian has documentation for that but it seems so difficult for me. Could anyone help with that? 

 

Answer
Watch
Like Be the first to like this
737 views

1 answer

1 accepted

0 votes
Answer accepted
Moses Thomas
Moses Thomas
Community Champion
June 2, 2020

@Michael Smith  You server.xml is missing some important attributes

so in the Apache proxy connector  you have

<Connector port="8010" URIEncoding="UTF-8" enableLookups="false" protocol="AJP/1.3" />

Before changes will be  nice to  keep back up of the server.xml file  just in-case

it should  be modified to the below you are missing scheme, proxyname, proxy port number

<!-- Apache Proxy  Connector with values for scheme, proxyName and proxyPort -->

<Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8010" protocol="AJP/1.3" redirectPort="8443" useBodyEncodingForURI="true" 
scheme="https" proxyName="ourjira.com " proxyPort="443"/>

Then restart Apache server and restart confluence to check

 Kind regards,

Moses

View More Comments
Michael Smith
Michael Smith June 9, 2020

Thank you @Moses Thomas. I used your config but I changed "AJP/1.3" to "org.apache.coyote.http11.Http11NioProtocol" and It works. It seems new confluence doesn't support AJP anymore. 

Like
Moses Thomas
Moses Thomas
Community Champion
June 9, 2020

@Michael Smith  Exactly new Confluence it packed with Tomcat 9.0.xx  for  JAVA SSL /Open SSL you should use one of  the  HTTP connectors;  you can also see comparison, I should have add. Connector Comparison 

 

Kind regards,

Moses

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.