Hi Matt,

Thanks for some really informative articles on setting up Tomcat and HTTPD with mod_proxy and mod_proxy_html.

We've experienced some problems with the stability of this combo, though, which results in the proxying not working some time after a HTTPD start or restart.

After doing a bit investigation, we found this section in the Apache HTTPD Documentation (version 2.2 in our case), which has helped us avoid more proxy errors (http://httpd.apache.org/docs/2.2/mod/mod_proxy.html):

For circumstances where mod_proxy is sending requests to an origin server that doesn't properly implement keepalives or HTTP/1.1, there are two environment variables that can force the request to use HTTP/1.0 with no keepalive. These are set via the SetEnv directive.

These are the force-proxy-request-1.0 and proxy-nokeepalive notes.

<Location /buggyappserver/>
ProxyPass http://buggyappserver:7001/foo/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location> 

We have simply added SetEnv force-proxy-request-1.0 1 and SetEnv proxy-nokeepalive 1 to the <VirtualHost> directive in httpd.conf (or included configuration file) under which proxying should be perfomed and gone are any signs of mysterious proxy errors

Cheers,
Thomas

Hi,

I would like to change URL path (http://localhost:8080/confluence to http://localhost/wiki) but I never doing that. I'm absolutely crazy, could you check where I am doing mistake?

PS: There is no any Apache Tomcat installation. The system working with http://localhost/confluence URL properly.

Apache 2.2.6 X86
confluence-std-2.6.0
Win Environment CATALINA_HOME = D:\confluence\confluence-std-2.6.0
 

Thanks,

Oguz Celikdemir

CONFIG INFOS:

Apache httpd.conf 

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so 

 # Confluence configuration
ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass /confluence http://localhost:8080/wiki
ProxyPassReverse /confluence http://localhost:8080/wiki
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

<Location /confluence>
    Order allow,deny
    Allow from all
</Location>

Confluence confluence-init.properties

 confluence.home=d:/confluence/data

Confluence server.xml

        <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxHttpHeaderSize="8192"
                   maxProcessors="75" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" disableUploadTimeout="true"
                   enableLookups="false" redirectPort="8444" acceptCount="10" debug="0" connectionTimeout="20000"
                   useURIValidationHack="false" URIEncoding="UTF-8"
                   proxyName="localhost" proxyPort="80"/>

        <Context path="/wiki" docBase="../confluence" debug="0" reloadable="false"> 

I had to use the following setup with confluence 2.6 and Apache 2.2 because style sheets were  being prefixed with /confluence and didn't show up:

 NameVirtualHost *
<VirtualHost *>
        ServerName wiki.example.com

        <IfModule proxy_module>  
          <Proxy *>
            Order deny,allow
            Allow from *
          </Proxy>

          <IfModule proxy_ajp_module>
            ProxyPass /confluence/ ajp://localhost:8009/confluence/
            ProxyPassReverse /confluence/ ajp://localhost:8009/confluence/
            ProxyPass / ajp://localhost:8009/confluence/
            ProxyPassReverse / ajp://localhost:8009/confluence/
          </IfModule>

          <Location />
             Order allow,deny
             Allow from all
          </Location>
        </IfModule>
</VirtualHost>

Hi Guys,

I have a client using Apache 1.3.xx and am wondering if you have any documentation on this or could help me with proxying Confluence through Apache 1.3?

Any help or pointers would be greatly appreciated. 

Regards,

Roger 

After hours of fiddling around I finaly got it working. I wrote it down in my own confluence instance, so I just copied it here. I hope this helps someone in the future.

Greetz Erik

Table of Contents

Description

On your J2EE server (I only used Glassfish) you have an application deployed, for instance 'confluence-2.7'. The default way of accessing this web application is by going to the url 'http://localhost:8080/confluence-2.7'. I however wanted to map just have the url 'http://confluence' for easy development access. In the future I want to be able to connect domains to it.

If you are impatient and do not want to do things step by step you can find a Summary at the bottom of this page.

Getting the correct modules for apache

We need to do the following things:

• Map 'http://confluence' to 'http://localhost:8080/confluence-2.7'
• Make sure that all links coming from 'http://localhost:8080/confluence-2.7' do not point to '/confluence-2.7/*'
• Make sure the path in the cookies is corrected

Proxying requests

You will need to enable the following lines in your httpd.conf:

To make sure proxying is enabled add the following lines to you httpd.conf (I added them at the top of httpd-vhosts.conf):

The virtual host itself looks like this:

Add the following lines:

Correcting the HTML

In order to correct the html we need a module called mod_proxy_html. You can not download a compiled version for free from the original site so I included a windows version here: http://www.apachelounge.com/download/mods/mod_proxy_html-3.0.0-w32.zip.

Extract the mod_proxy_html directory to the modules directory of apache. Also copy the proxy_html.conf file to that directory.

Make sure the following line is enabled:

At the bottom of the modules list in your httpd.conf add the following lines:

In the virtual host we add the following lines:

Fixing cookies

In order to fix the cookies you need to add the following line to your VirtualHost:

Summary

Make sure you have mod_proxy_html

These are the lines we added to our httpd.conf:

This is our VirtualHost:

Miss

Configuration with SSL appears here: http://confluence.atlassian.com/display/DOC/Adding+SSL+for+Secure+Logins+and+Page+Security?focusedCommentId=18579545#comment-18579545

You may have to turn ProxyPreserveHost to OFF to get SSL working.

With Apache 2.2.3 (Red Hat), I can't get reverse proxy to work... First problem, is that the server.xml file in conflence 2.8.1 doesn't match the documentation found above.  So I may be confused there.

 I am able to get things to work when I point to alpha.uarts.edu:8080, but when i go to server.xml and add the line

 proxyName="alpha.uarts.edu" proxyPort="80"/>

  and then add the following to httpd.conf

\# confluence setup
ProxyRequests Off
ProxyPreserveHost On

<Proxy \*>
&nbsp;&nbsp;&nbsp; Order deny,allow
&nbsp;&nbsp;&nbsp; Allow from all
</Proxy>

ProxyPass /confluence http://alpha.uarts.edu:8080/confluence
ProxyPassReverse /confluence http://alpha.uarts.edu:8080/confluence&nbsp;&nbsp;

<Location /confluence>
&nbsp;&nbsp;&nbsp; Order allow,deny
&nbsp;&nbsp;&nbsp; Allow from all
</Location>

 I am receiving Apache 503 errors.

This is a brand new install of RHEL5 that I'm using to host confluence (and other things later on) so I know that nothing else is conflicting.
Its infact the production server 'to-be' of confluence, now that our evaluation is winding down, and I'm following the same methodology I used to get Confluence 2.6 running (with no problems).

If anyone has installed 2.8.1 and can share with me their connection block from server.xml, I'd appreciate it.

Thanks

HELP!!

I appear to be having similar issues to one of the above posts. I am running confluence 2.9 on Red Hat ES 5.1 with Apache 2.2. I continue to get a 503 error when trying to connect. I was trying the complex config with the URL re-mapping, but I scaled back and decided to do a simple port URL redirection and I am still getting a 503 error. I have scoured this site and tried every variation I can think of. Does any one have any ideas?? I have the following httpd.conf entry:

 ProxyRequests Off
ProxyPreserveHost On

<VirtualHost *:80>
    ServerName confluence.domain.com

    # Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / http://confluence-server.domain.com:8080/
    ProxyPassReverse / http://confluence-server.domain.com:8080/

    <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>

Found the solution for 503 errors if anyone is running newer version of SELinux or Red Hat ES. It has to do with network permission for httpd. You will probably see log entries like the following:

 <pre>[Thu Jul 09 11:37:13 2008] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:3000 failed

 I found a post online that requires granting the httpd service network rights using the following command:

 /usr/sbin/setsebool httpd_can_network_connect 1

This solved my problems. Hope this helps others...

This documentation does not indicate which version of Apache it is referencing. If you look at the doc. for JIRA/Apache integration, it says:

ProxyPreserveHost is only available on Apache 2. For Apache 1.1-1.3.x, you should instead specify proxyName and proxyPort attributes in Tomcat...

I tested mine with Tomcat 5.5.27, Apache 2 on Windows XP and it works. I configured Confluence to use port 8280 & JIRA to use port 8180 running on seperate Tomcats (seperate JVMs). My httpd.conf looks like this:

So I can access my Confluence via: *http://localhost/confluence\* (http://localhost/confluence*) and JIRA via: *http://localhost/jira\* (http://localhost/jira*), all on one machine and I can start/stop Confluence & JIRA independently since they are on seperate Tomcat..

Hi,

Problem(Abstract)

A Proxy Error in Apache HTTP Server causes a 502 error response in the browser.

Symptom

The user sees a 502 Proxy Error in the browser that says:The proxy server received an invalid response from an upstream server. The proxy server could not handle the requestPOST. Reason: Error reading from remote server
Apache Server 2.2 error log displays errors similar to:proxy: Error reading from remote server returned by ...
Environment Apache HTTP Server 2.2 is configured as a proxy or reverseproxy in front of some other back-end web server.

Server version: Apache/2.2.6 (FreeBSD) with mod_proxy and Tomcat 5.5. Both apache and tomcat is on same system.

I tried with KeepAlive; KeepAliveTimeout <Limit>; However I looking for a solution which would not required any timeout <Limit>.

My httpd.conf looks like this:

LoadModule proxy_module libexec/apache22/mod_proxy.so
LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so

#
# For mod_proxy.
#
ProxyRequests Off
ProxyPass /rs http://localhost:8080/A/R
ProxyPassReverse /rs http://localhost:8080/A/R
# To handle internal requests send by r wizard
ProxyPass /R http://localhost:8080/A/R
ProxyPassReverse /R http://localhost:8080/A/R

My server.xml setting are :

 <Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"
                   proxyName="localhost" proxyPort="80" emptySessionPath="true"/
>

Could it be that this is not working anymore since Confluence 3.1+ ?

I posted a comment here explaining my case, it should have been on this page instead :

http://confluence.atlassian.com/display/DOC/Adding+SSL+for+Secure+Logins+and+Page+Security?focusedCommentId=213516563#comment-213516563

I configured Confluence 3.2 behind an F5 LTM load balancer.  I'm doing SSL termination on the F5, while Confluence serves plain HTTP.  The instructions on this page were useful but the instructions in the section titled "Adding SSL" are incomplete.

In addition to "define the ProxyPass and ProxyPassReverse directives to pass through to Tomcat" you must also set the "scheme" in the Tomcat Connector configuration.

If your proxy's hostname is wiki.example.com you will need to add the following to the Connector settings in server.xml:

proxyName="wiki.example.com" proxyPort="443" scheme="https"

Followed all the instructions and advice above but still have a problem.

My setup is as follows:

CLIENT -- INTERNET-HTTPS-FIREWALL-APACHE REVERSE PROXY-HTTP--APPLICATOIN SERVER

The APPLICATION SERVERs are: Crowd, Jira and Confluence (Fisheye and Bamboo to be added when this setup is working properly).

I can log in perfectly, Crowd works like a charm.

The only issue is that I can't get a gadget from JIRA to work in Confluence and vice versa. As a URL it keeps using https://<external (https://<external)\_URL>. CHanging it to the internal URL allows me to add the gadget, but that's about it. They simply won't work.

Any idea which setting needs to be changed in order to get it working properly?

Thank you in advance,

Pascal

I just want to share some experiences with trying to use mod_proxy. Couldn't make the ProxyHTMLURLMap directive work though since my confluence app is running as Tomcat Root. Anyways it worked fine except that links to attachments with URL's containing danish characters (æøå) didn't work but returned a "Page not found" error. So - Something went wrong between Apache and Tomcat. Don't know if this could have been fixed with ProxyHTMLURLMap but I decided to use mod_jk instead and that worked.

\Rune

I have a very basic problem - I have Jira, Confluence, and Crowd installed and all working. I'd like to change the URL so users don't have to enter the port #, however  there is no httpd file on my machine. I'm running Windows server 2008 and installed the stand alone verions of each Atlassian program.

I got Jira to working without having to specify the port by editing the server.sml file only but I think I was only able to do that because it's using the default port - 8080, so can not do it the same way for the others.

Would really appreciate any help.

Thanks!

The setup I was trying to go for is to access confluence at the root of the external URL, and keep the Tomcat context at /confluence internally. I have a single instance of Tomcat fronted by Apache. Using the root at the external level was easy if I used the ROOT.xml context under Tomcat... however that was not preferred. The problem I was having when using the /confluence context was that CSS and links were screwed up when the page rendered. I finally got it working using a combination of ProxyPass and a RewriteRule. The ProxyHTMLURLMap was doing nothing for me until I added SetOutputFilter.

Just FYI,  I have found a problem with using the simple mod_proxy setup with Confluence 4.0, Fedora 15 and mod_security.  Everything works fine, except saving changes to a page.  Those throw a 403 error.  My only solution so far is to disable mod_security.

By setting up SSL on the Apache httpd server and proxy the requests over to local non-ssl tomcat, is the connection from the host to the client still encrypted? Does the proxy httpd server secure the connection?