This page describes how to integrate Confluence into an Apache website, using mod_proxy.
 | The content on this page relates to platforms which are not supported for Confluence. Consequently, Atlassian can not guarantee providing any support for it. Please be aware that this material is provided for your information only and using it is done so at your own risk. |
There are some common situations where you might do this:
- You have an existing Apache-based website, and want to add Confluence to the mix (eg. http://www.example.com/confluence).
- You have two or more Java applications, each running in their own application server on different ports, eg. http://localhost:8080/confluence and http://localhost:8081/jira. By setting up Apache with mod_proxy, you can have both available on the regular HTTP port (80), eg. at http://www.example.com/confluence and http://www.example.com/jira. If you are running JIRA and Confluence, we recommend this setup. It allows each app to be restarted, managed and debugged separately.
This page describes how to configure mod_proxy. We describe two options:
- If you want a URL like http://www.example.com/confluence/, go to the simple configuration.
- If you want a URL like http://confluence.example.com/, go to the complex configuration.
Simple configuration
Set the context path
First, set your Confluence application path (the part after hostname and port) correctly. Say you want Confluence available at http://www.example.com/confluence/, and you currently have it running at http://localhost:8080/. The first step is to get Confluence available at http://localhost:8080/confluence/.
To do this in Tomcat (bundled with Confluence), edit conf/server.xml, locate the "Context" definition:
<Context path="" docBase="../confluence" debug="0" reloadable="true">
and change it to:
<Context path="/confluence" docBase="../confluence" debug="0" reloadable="true">
Then restart Confluence, and ensure you can access it at http://localhost:8080/confluence/
Configure mod_proxy
Now enable mod_proxy in Apache, and proxy requests to the application server by adding the example below to your Apache httpd.conf (note: the files may be different on your system; the JIRA docs describe the process for Ubuntu/Debian layout):
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /confluence http://localhost:8080/confluence
ProxyPassReverse /confluence http://localhost:8080/confluence
<Location /confluence>
Order allow,deny
Allow from all
</Location>
Set the URL for redirection
You will need to modify the server.xml file in your tomcat's conf directory and set the URL for redirection.
Locate this code segment
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
And append the following segment:
<Connector port="8080" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
proxyName="www.example.com" proxyPort="80"/>
Replace www.example.com with the URL you wish to be redirected to.
Complex configuration
A complex configuration involves using the mod_proxy_html filter to modify the proxied content en-route. This is required if the Confluence path differs between Apache and the application server. For example:
| Externally accessible (Apache) URL | http://confluence.example.com/ |
|---|---|
| Application server URL | http://app-server.internal.example.com:8080/confluence/ |
Notice that the application path in the URL is different in each. On Apache, the path is /, and on the application server the path is /confluence.
 | For this configuration, you need to install the mod_proxy_html module, which is not included in the standard Apache distribution.
Alternative solutions are discussed below. |
# Put this after the other LoadModule directives
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so
<VirtualHost *>
ServerName confluence.example.com
# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://app-server.internal.example.com:8080/confluence
ProxyPassReverse / http://app-server.internal.example.com:8080/confluence
ProxyHTMLURLMap / /confluence/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
The ProxyHTMLURLMap configuration can become more complex if you have multiple applications running under this configuration. The mapping should also be placed in a Location block if the web server URL is a subdirectory and not on a virtual host. The Apache Week tutorial has more information how to do this.
Adding SSL
If you're running Apache in front of Tomcat, it's a good idea to terminate your SSL configuration at Apache, then forward the requests to Tomcat over HTTP. You can set up Apache to terminate the SSL connection and use the ProxyPass and ProxyPassReverse directives to pass the connection through to Tomcat (or the appropriate application server) which is running Confluence.
- Create a new SSL host by creating a virtual host on 443
- The standard http connection on apache could be used to redirect to https if you want or it could just be firewalled.
- Within the VirtualHost definition:
- define the SSL options (SSLEngin and SSLCertificateFile)
- define the ProxyPass and ProxyPassReverse directives to pass through to Tomcat.
Because of how the ProxyPass and ProxyPassReverse directives work, you should not need to modify the tomcat installation at all.
Most of the relevant Apache Config:
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
More information
- The mod_proxy_html site has documentation and examples on the use of this module in the complex configuration.
- Apache Week has a tutorial that deals with a complex situation involving two applications and ProxyHTMLURLMap.
- Using Apache with virtual hosts and mod_proxy shows how to configure the special case where you want JIRA and Confluence running on separate application servers on virtual host subdomains.
Alternatives
If Tomcat is your application server, you have two options:
- use mod_jk to send the requests to Tomcat
- use Tomcat's virtual hosts to make your Confluence application directory the same on the app server and the web server, removing the need for the URL mapping.
If your application server has an AJP connector, you can:
- use mod_jk to send the requests to your application server.
Comments (20)
Oct 10, 2006
Thomas Peter Berntsen says:
Hi Matt, Thanks for some really informative articles on setting up Tomcat and H...Hi Matt,
Thanks for some really informative articles on setting up Tomcat and HTTPD with mod_proxy and mod_proxy_html.
We've experienced some problems with the stability of this combo, though, which results in the proxying not working some time after a HTTPD start or restart.
After doing a bit investigation, we found this section in the Apache HTTPD Documentation (version 2.2 in our case), which has helped us avoid more proxy errors (http://httpd.apache.org/docs/2.2/mod/mod_proxy.html):
We have simply added SetEnv force-proxy-request-1.0 1 and SetEnv proxy-nokeepalive 1 to the <VirtualHost> directive in httpd.conf (or included configuration file) under which proxying should be perfomed and gone are any signs of mysterious proxy errors
Cheers,
Thomas
Oct 10, 2006
Ivan Benko says:
Thanks Thomas for your effort and the information provided. IvanThanks Thomas for your effort and the information provided.
Ivan
Oct 03, 2007
Anonymous says:
Hi, I would like to change URL path (http://localhost:8080/confluence to http:/...Hi,
I would like to change URL path (http://localhost:8080/confluence to http://localhost/wiki) but I never doing that. I'm absolutely crazy, could you check where I am doing mistake?
PS: There is no any Apache Tomcat installation. The system working with http://localhost/confluence URL properly.
Apache 2.2.6 X86
confluence-std-2.6.0
Win Environment CATALINA_HOME = D:\confluence\confluence-std-2.6.0
Thanks,
Oguz Celikdemir
CONFIG INFOS:
Apache httpd.conf
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
# Confluence configuration
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /confluence http://localhost:8080/wiki
ProxyPassReverse /confluence http://localhost:8080/wiki
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Location /confluence>
Order allow,deny
Allow from all
</Location>
Confluence confluence-init.properties
confluence.home=d:/confluence/data
Confluence server.xml
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxHttpHeaderSize="8192"
maxProcessors="75" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" disableUploadTimeout="true"
enableLookups="false" redirectPort="8444" acceptCount="10" debug="0" connectionTimeout="20000"
useURIValidationHack="false" URIEncoding="UTF-8"
proxyName="localhost" proxyPort="80"/>
<Context path="/wiki" docBase="../confluence" debug="0" reloadable="false">
Oct 24, 2007
Luis Arias says:
I had to use the following setup with confluence 2.6 and Apache 2.2 because styl...I had to use the following setup with confluence 2.6 and Apache 2.2 because style sheets were being prefixed with /confluence and didn't show up:
NameVirtualHost *
<VirtualHost *>
ServerName wiki.example.com
<IfModule proxy_module>
<Proxy *>
Order deny,allow
Allow from *
</Proxy>
<IfModule proxy_ajp_module>
ProxyPass /confluence/ ajp://localhost:8009/confluence/
ProxyPassReverse /confluence/ ajp://localhost:8009/confluence/
ProxyPass / ajp://localhost:8009/confluence/
ProxyPassReverse / ajp://localhost:8009/confluence/
</IfModule>
<Location />
Order allow,deny
Allow from all
</Location>
</IfModule>
</VirtualHost>
Nov 25, 2007
Anonymous says:
Hi Guys, I have a client using Apache 1.3.xx and am wondering if you have any d...Hi Guys,
I have a client using Apache 1.3.xx and am wondering if you have any documentation on this or could help me with proxying Confluence through Apache 1.3?
Any help or pointers would be greatly appreciated.
Regards,
Roger
Nov 28, 2007
Tony Cheah Tong Nyee says:
Hi Roger, Unfortunately, I am not aware of any documentation specific to Apache...Hi Roger,
Unfortunately, I am not aware of any documentation specific to Apache 1.3 is available here. Perhaps, you may want to give a try to refer to the documentation available in the Apache documentation as a reference:
Another option would be to try open a discussion in our forums, as there might have users/developers who have experience in similar environment might share their idea with you.
Cheers,
Tony
Nov 29, 2007
Anonymous says:
Hi Tony, I've upgraded to apache version 2, and used Luis Arias Virtual host c...Hi Tony,
I've upgraded to apache version 2, and used Luis Arias Virtual host config (slightly changed) as this was the only way I could get the CSS to come through correctly.
I now have the problem where I enter valid login details, then click login, but it returns me to the login screen, all at http://confluence.example.com\\
When I try the same test at http://confluence.example.com:8080/confluence I can login using the same details as I used above, and it takes me to the dashboard.
Has anyone else come across this?
Roger
Mar 14, 2008
Tony Cheah Tong Nyee says:
Hi Roger, Feel free to raise a support request regarding this issue if you stil...Hi Roger,
Feel free to raise a support request regarding this issue if you still require any assistance from us. From there, we are able to troubleshoot and look into this issue further.
Cheers,
Tony
Jan 13, 2008
Anonymous says:
After hours of fiddling around I finaly got it working. I wrote it down in my ow...After hours of fiddling around I finaly got it working. I wrote it down in my own confluence instance, so I just copied it here. I hope this helps someone in the future.
Greetz Erik
Table of Contents
Description
On your J2EE server (I only used Glassfish) you have an application deployed, for instance 'confluence-2.7'. The default way of accessing this web application is by going to the url 'http://localhost:8080/confluence-2.7'. I however wanted to map just have the url 'http://confluence' for easy development access. In the future I want to be able to connect domains to it.
If you are impatient and do not want to do things step by step you can find a Summary at the bottom of this page.
Getting the correct modules for apache
We need to do the following things:
Proxying requests
You will need to enable the following lines in your httpd.conf:
To make sure proxying is enabled add the following lines to you httpd.conf (I added them at the top of httpd-vhosts.conf):
The virtual host itself looks like this:
<VirtualHost *:80> ServerName confluence ErrorLog "logs/confluence.log" CustomLog "logs/confluence-access.log" common </VirtualHost>Add the following lines:
# Make sure the requests are redirected ProxyPass / http://localhost:8080/confluence-2.7/ ProxyPassReverse / http://localhost:8080/confluence-2.7/Correcting the HTML
In order to correct the html we need a module called mod_proxy_html. You can not download a compiled version for free from the original site so I included a windows version here: http://www.apachelounge.com/download/mods/mod_proxy_html-3.0.0-w32.zip.
Extract the mod_proxy_html directory to the modules directory of apache. Also copy the proxy_html.conf file to that directory.
Make sure the following line is enabled:
At the bottom of the modules list in your httpd.conf add the following lines:
In the virtual host we add the following lines:
# Make sure the links in the html are corrected SetOutputFilter proxy-html ProxyHTMLURLMap /confluence-2.7/ /Fixing cookies
In order to fix the cookies you need to add the following line to your VirtualHost:
# Make sure all cookies are configured correctly ProxyPassReverseCookiePath /confluence-2.7 /Summary
Make sure you have mod_proxy_html
These are the lines we added to our httpd.conf:
This is our VirtualHost:
<VirtualHost *:80> ServerName confluence # Make sure the requests are redirected ProxyPass / http://localhost:8080/confluence-2.7/ ProxyPassReverse / http://localhost:8080/confluence-2.7/ # Make sure all cookies are configured correctly ProxyPassReverseCookiePath /confluence-2.7 / # Make sure the links in the html are corrected SetOutputFilter proxy-html ProxyHTMLURLMap /confluence-2.7/ / ErrorLog "logs/confluence.log" CustomLog "logs/confluence-access.log" common </VirtualHost>Feb 08, 2008
Ludovic Lambert says:
MissMiss
Apr 23, 2008
Anonymous says:
Configuration with SSL appears here: http://confluence.atlassian.com/display/DOC...Configuration with SSL appears here: http://confluence.atlassian.com/display/DOC/Adding+SSL+for+Secure+Logins+and+Page+Security?focusedCommentId=18579545#comment-18579545
You may have to turn ProxyPreserveHost to OFF to get SSL working.
Jun 11, 2008
Anonymous says:
With Apache 2.2.3 (Red Hat), I can't get reverse proxy to work... First problem,...With Apache 2.2.3 (Red Hat), I can't get reverse proxy to work... First problem, is that the server.xml file in conflence 2.8.1 doesn't match the documentation found above. So I may be confused there.
I am able to get things to work when I point to alpha.uarts.edu:8080, but when i go to server.xml and add the line
and then add the following to httpd.conf
I am receiving Apache 503 errors.
This is a brand new install of RHEL5 that I'm using to host confluence (and other things later on) so I know that nothing else is conflicting.
Its infact the production server 'to-be' of confluence, now that our evaluation is winding down, and I'm following the same methodology I used to get Confluence 2.6 running (with no problems).
If anyone has installed 2.8.1 and can share with me their connection block from server.xml, I'd appreciate it.
Thanks
Jun 11, 2008
Anonymous says:
Here is the relevent parts of server.xml that I edited. &...Here is the relevent parts of server.xml that I edited.
Jun 11, 2008
Duran Goodyear says:
I think I can blame SELINUX. I set it to disabled, and now have a new problem.....I think I can blame SELINUX.
I set it to disabled, and now have a new problem...
it took 451 seconds for the standalone tomcat to finish starting, and it gave me this nasty error in catalina.out
INFO: Server startup in 455491 ms Exception in thread "com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2" java.lang.NullPointerException at com.mchange.v2.log.log4j.Log4jMLog$Log4jMLogger.isLoggable(Log4jMLog.java:257) at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:551) Exception in thread "com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#0" java.lang.NullPointerException at com.mchange.v2.log.log4j.Log4jMLog$Log4jMLogger.isLoggable(Log4jMLog.java:257) at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:551) Exception in thread "com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread-#2" java.lang.NullPointerException at com.mchange.v2.log.log4j.Log4jMLog$Log4jMLogger.isLoggable(Log4jMLog.java:257) at com.mchange.v2.async.ThreadPoolAsynchronousRunner$PoolThread.run(ThreadPoolAsynchronousRunner.java:551) Exception in thread "Timer-1" java.lang.NullPointerException at com.mchange.v2.log.log4j.Log4jMLog$Log4jMLogger.isLoggable(Log4jMLog.java:257) at com.mchange.v2.resourcepool.BasicResourcePool$CheckIdleResourcesTask.run(BasicResourcePool.java:1961) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Exception in thread "Timer-0" java.lang.NullPointerException at com.mchange.v2.log.log4j.Log4jMLog$Log4jMLogger.isLoggable(Log4jMLog.java:257) at com.mchange.v2.resourcepool.BasicResourcePool$CullTask.run(BasicResourcePool.java:1934) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462)and the browser, when I try to load the page says...
I'm going to go try and get it working in standalone mode only through port 8080, and work my way back, but this looks like a tomcat configuration issue.
Any thoughts anyone?
Thanks
Jun 11, 2008
Duran Goodyear says:
Alrighty, this was a SELINUX issue. I had to disable it, and it absolutely dest...Alrighty, this was a SELINUX issue.
I had to disable it, and it absolutely destroyed what ever other permission structure existed.
I had to reinstall confluence completely.
Protip, avoid SELINUX ;) (thats just my own fud, ymmv)
Aug 26, 2008
Anonymous says:
HELP!! I appear to be having similar issues to one of the above posts. ...HELP!!
I appear to be having similar issues to one of the above posts. I am running confluence 2.9 on Red Hat ES 5.1 with Apache 2.2. I continue to get a 503 error when trying to connect. I was trying the complex config with the URL re-mapping, but I scaled back and decided to do a simple port URL redirection and I am still getting a 503 error. I have scoured this site and tried every variation I can think of. Does any one have any ideas?? I have the following httpd.conf entry:
ProxyRequests Off
ProxyPreserveHost On
<VirtualHost *:80>
ServerName confluence.domain.com
# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://confluence-server.domain.com:8080/
ProxyPassReverse / http://confluence-server.domain.com:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Aug 26, 2008
Anonymous says:
Found the solution for 503 errors if anyone is running newer version of SELinux ...Found the solution for 503 errors if anyone is running newer version of SELinux or Red Hat ES. It has to do with network permission for httpd. You will probably see log entries like the following:
<pre>[Thu Jul 09 11:37:13 2008] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:3000
failed
I found a post online that requires granting the httpd service network rights using the following command:
/usr/sbin/setsebool httpd_can_network_connect 1
This solved my problems. Hope this helps others...
Mar 25, 2009
Royce Wong says:
This documentation does not indicate which version of Apache it is referencing. ...This documentation does not indicate which version of Apache it is referencing. If you look at the doc. for JIRA/Apache integration, it says:
Therefore, if you are running Apache 2, you do not need to add proxyName="www.example.com" proxyPort="80" in Tomcat's server.xml.I tested mine with Tomcat 5.5.27, Apache 2 on Windows XP and it works. I configured Confluence to use port 8280 & JIRA to use port 8180 running on seperate Tomcats (seperate JVMs). My httpd.conf looks like this:
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so ProxyRequests Off ProxyPreserveHost On <Proxy *> Order allow,deny Allow from all </Proxy> ProxyPass /confluence http://localhost:8280/confluence ProxyPassReverse /confluence http://localhost:8280/confluence <Location /confluence> Order allow,deny Allow from all </Location> ProxyPass /jira http://localhost:8180/jira ProxyPassReverse /jira http://localhost:8180/jira <Location /jira> Order allow,deny Allow from all </Location>So I can access my Confluence via: *http://localhost/confluence* and JIRA via: *http://localhost/jira*, all on one machine and I can start/stop Confluence & JIRA independently since they are on seperate Tomcat..
Jun 01, 2009
Anonymous says:
Hi, Problem(Abstract) A Proxy Error in Apache HTTP Server causes a 502 error r...Hi,
Problem(Abstract)
A Proxy Error in Apache HTTP Server causes a 502 error response in the browser.
Symptom
The user sees a 502 Proxy Error in the browser that says:The proxy server received an invalid response from an upstream server. The proxy server could not handle the requestPOST. Reason: Error reading from remote server
Apache Server 2.2 error log displays errors similar to:proxy: Error reading from remote server returned by ...
Environment Apache HTTP Server 2.2 is configured as a proxy or reverseproxy in front of some other back-end web server.
Server version: Apache/2.2.6 (FreeBSD) with mod_proxy and Tomcat 5.5. Both apache and tomcat is on same system.
I tried with KeepAlive; KeepAliveTimeout <Limit>; However I looking for a solution which would not required any timeout <Limit>.
My httpd.conf looks like this:
LoadModule proxy_module libexec/apache22/mod_proxy.so
LoadModule proxy_http_module libexec/apache22/mod_proxy_http.so
#
# For mod_proxy.
#
ProxyRequests Off
ProxyPass /rs http://localhost:8080/A/R
ProxyPassReverse /rs http://localhost:8080/A/R
# To handle internal requests send by r wizard
ProxyPass /R http://localhost:8080/A/R
ProxyPassReverse /R http://localhost:8080/A/R
My server.xml setting are :
<Connector port="8080" address="127.0.0.1" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" URIEncoding="UTF-8"
proxyName="localhost" proxyPort="80" emptySessionPath="true"/
>
yesterday at 02:01:00
Anonymous says:
Could it be that this is not working anymore since Confluence 3.1+ ? I post...Could it be that this is not working anymore since Confluence 3.1+ ?
I posted a comment here explaining my case, it should have been on this page instead :
http://confluence.atlassian.com/display/DOC/Adding+SSL+for+Secure+Logins+and+Page+Security?focusedCommentId=213516563#comment-213516563
Add Comment