Introduction
The Apache web server is often used in front of an application server to improve performance in high-load environments. Mod_proxy simply redirects requests for certain URLs to another web server, so it typically requires no additional configuration on the application server.
This page documents a very common configuration request: configuring JIRA and Confluence on two Apache virtual hosts, running on different application servers. This is just a special case of mod_proxy configuration.
You can use virtual hosts in your application server if you want to run JIRA and Confluence on the same application server. There is a sample configuration for Tomcat you can use after configuring Apache.
Apache configuration
For this configuration to work properly, the application paths must be the same on both the application servers and the web server. For both JIRA and Confluence below, this is /.
| JIRA external URL | http://jira.example.com/ |
|---|---|
| JIRA application server URL | http://jira-app-server.internal.example.com:8080/ |
| Confluence external URL | http://confluence.example.com/ |
| Confluence application server URL | http://confluence-app-server.internal.example.com:8080/ |
Add the following to your Apache httpd.conf:
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
# Put this with your other VirtualHosts, or at the bottom of the file
NameVirtualHost *
<VirtualHost *>
ServerName confluence.example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://confluence-app-server.internal.example.com:8080/
ProxyPassReverse / http://confluence-app-server.internal.example.com:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
<VirtualHost *>
ServerName jira.example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://jira-app-server.internal.example.com:8080/
ProxyPassReverse / http://jira-app-server.internal.example.com:8080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Points to note:
- ProxyPass and ProxyPassReverse directives send traffic from the web server to your application server.
- The application path is the same on the application server and on the web server (both are /).
- Because the above configuration uses name-based virtual hosting, you must configure your DNS server to point both names (jira.example.com, confluence.example.com) to your web server.
More information
For different ways to configure mod_proxy, see Using Apache with mod_proxy.
If you use Tomcat, mod_jk provides a different way of connecting Apache via AJP. You can also use the above configuration with just one application server if you use Tomcat's virtual hosts.
Comments (9)
Mar 22, 2007
Andy Jones says:
Hi I'm wondering if anyone else has set up a single confluence Space to look li...Hi
I'm wondering if anyone else has set up a single confluence Space to look like an Apache vhost...
I'm successfully running Confluence 2.3.1 (listening on localhost:8080) behind Apache 2.0.52 (listening on *:80) with the following directives.
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
This shows the whole confluence site, and works fine.
I've then set up a second vhost, and proxy directed it to a single space, but ran into problems that various resources on the page are not in the space. So I added a number of extra proxy config lines. To wit:
ProxyPass /decorators http://localhost:8080/decorators
ProxyPass /download http://localhost:8080/download
ProxyPass /images http://localhost:8080/images
ProxyPass /plugins http://localhost:8080/plugins
ProxyPass /display/downtown http://localhost:8080/display/SPACENAME/
ProxyPass / http://localhost:8080/display/SPACENAME/
ProxyPassReverse / http://localhost:8080/display/SPACENAME/
It basically seems to be working, as in the links work, which is good, but the ProxyPassReverse URL rewriting doesn't seem to be working - URLs show up as http://vhost.domain.name/display/SPACENAME/PageName.
The other thing is that links to pages in other spaces don't work. Obviously I have a lot to learn about apache's proxy/rewriting modules...
Just wondering if anyone else has dont this before, and what their solution was..
cheers - andy
Jun 26, 2007
Andy Jones says:
I probably should add that I ended up resolving this. Confluence runs in the ba...I probably should add that I ended up resolving this.
Confluence runs in the back-end, listening on localhost (127.0.0.1) port 8080.
An Apache sits in front of it, listening on port 80, configured with a number of virtual hosts (vhosts).
One vhost, known as "confluence.domain.name", just proxies all content, with the "ProxyPass" and "ProxyReverse" directives above. We use it for our internal updates etc.
Another vhost, which is our public web site, has a series of mod_redirect RewriteRules, which catch references to known Confluence content, and run it through a proxy. As a result, anything which does not match a redirect rule, is served by the vhost from it's DocumentRoot. This means that we can have a single web site which contains our Confluence content, plus non-confluence content, like PHP applications etc.
I obtained the Confluence redirections by checking through the Apache access logs and error logs. The downside is that if new versions of confluence add new URLs, they won't work until I spot them in our Apache vhost error log. I ended up with about 40 Redirections. I could have used less specific wildcards to reduce that number, but it's a matter of personal taste.
The vhost has stuff like:
ProxyPassReverse / http://localhost:8080/
RewriteEngine On
RewriteRule ^(/+)(display/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(admin/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(bootstrap/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(dashboard/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(dwr/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(display/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(decorators/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(download/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(exportword)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(includes/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(images/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(label/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(labels/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(pages/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(plugins/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(renderer/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(s/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(setup/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(spaces/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(styles/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(themes/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(users/)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(addpersonalspacetofavourites.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(addprofiletofavourites.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(administrators.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(attachmentnotfound.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(browsepeople.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(colourpicker.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(dopeopledirectorysearch.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(dosearchsite.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(forgotusername.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(forgotuserpassword.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(fourohfour.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(homepage.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(login.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(logout.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(peopledirectory.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(removepersonalspacetofavourites.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(removeprofilefromfavourites.action)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(editpage-javascript)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(labels-javascript)(.*) http://localhost:8080/$2$3 [P,QSA,L]
RewriteRule ^(/+)(wysiwyg-javascript)(.*) http://localhost:8080/$2$3 [P,QSA,L]
I'm not sure if the QSA is necessary. I'm also not sure if the (/+) is needed - I had some problems with some URLs which had "//" in them.
On the confluence General Admin page, I changed the Server Base URL from http://localhost:8080/ to the public name of my site, since I found that sometimes localhost URLs were leaking out. I also modified the Confluence 404 page (edit the confluence/WEB-INF/classes/com/atlassian/confluence/core/ConfluenceActionSupport.properties) and customised the Apache vhost 404 error page (via the HTTP_NOT_FOUND.html.var file).
I hope this helps someone else.
Edit: forgot to un-wikify the rules...
andy
Anonymous replies:
Help Tips
- Text formatting
- Headings
- Lists
Full notation guide*bold*bold_italic_italich1.Large headingh5.Small heading*Bulleted point#Numbered pointMar 26, 2008
Anonymous says:
We have confluence set up behind an Apache Virtual Host doing SSL. We had some ...We have confluence set up behind an Apache Virtual Host doing SSL. We had some issues with strange URI escaping issues, particularly around redirects at the login page. (We also saw a similar issue with Jira, where it would appear to double-escape request arguments, such as when you are setting up Trust between Jira and Confluence.)
Our working Apache config is below.
<VirtualHost *:80>
DocumentRoot /srv/confluence
ServerName wiki.example.com
ServerAlias wiki.example.com
RewriteEngine On
RewriteRule ^/(.*) https://%
/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
DocumentRoot /srv/confluence
ServerName wiki.example.com
ServerAlias wiki.example.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168.0.0/255.255.0.0
</Location>
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPreserveHost On
LogLevel info
ErrorLog /var/log/apache2/wiki-error.log
CustomLog /var/log/apache2/wiki-access.log combined
RewriteEngine On
RewriteLog /var/log/apache2/wiki-rewrite.log
RewriteLogLevel 0
RewriteRule ^/server-status$ /server-status$1 [L]
RewriteRule ^/(.*)$ http://127.0.0.1:8080/$1 [P,QSA,L]
ProxyPassReverse / http://127.0.0.1:8080/
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/apache2/ssl/yourcert.crt
SSLCertificateKeyFile /etc/apache2/ssl/yourkey.key
</VirtualHost>
Mar 26, 2008
Anonymous says:
The not busted formatting: <VirtualHost *:80> DocumentRoot /srv/confl...The not busted formatting:
<VirtualHost *:80> DocumentRoot /srv/confluence ServerName wiki.example.com ServerAlias wiki.example.com RewriteEngine On RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L] </VirtualHost> <VirtualHost *:443> DocumentRoot /srv/confluence ServerName wiki.example.com ServerAlias wiki.example.com <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Location /server-status> SetHandler server-status Order Deny,Allow Deny from all Allow from 127.0.0.1 192.168.0.0/255.255.0.0 </Location> <Proxy *> Order allow,deny Allow from all </Proxy> #ProxyRequests Off ProxyPreserveHost On LogLevel info ErrorLog /var/log/apache2/wiki-error.log CustomLog /var/log/apache2/wiki-access.log combined RewriteEngine On RewriteLog /var/log/apache2/wiki-rewrite.log RewriteLogLevel 0 RewriteRule ^/server-status$ /server-status$1 [L] RewriteRule ^/(.*)$ http://127.0.0.1:8080/$1 [P,QSA,L] ProxyPassReverse / http://127.0.0.1:8080/ SSLEngine on SSLProtocol all SSLCertificateFile /etc/apache2/ssl/example.crt SSLCertificateKeyFile /etc/apache2/ssl/example.key </VirtualHost>May 15, 2009
Hellmut Adolphs says:
Your problem is due to URI re-encoding during the rewrite... I went through the ...Your problem is due to URI re-encoding during the rewrite...
I went through the same thing, ended up resolving it by using the 'noescape|NE' (no URI escaping of output) flag in mod rewrite for example:
That would secure every action, by using NE it stops url encoding the % symbol, resolving the issue with the re-encoded parameters that had special symbols in them, such as os_destination=%2Fhomepage.action which was being re-encoded to os_destination=%252Fhomepage.action
We should have a page in here that is only for configuring confluence behind apache 2 using SSL and mod-proxy ...
Mar 27, 2008
Choy Li Tham says:
Hi, We had some issues with strange URI escaping issues, particularly around re...Hi,
May i know if you still encountering the problem? If that is the case, please raise a support ticket at here for further investigation.
Regards,
Choy Li
Jan 07, 2009
Anonymous says:
Not bad but not perfect. Hmm... I followed an instruction that I found elsewhe...Not bad but not perfect.
Hmm... I followed an instruction that I found elsewhere on the web which advised:
Using your solution above is better but not perfect because it introduces port 8080 into the URL, which not only makes the URL more ugly but also means the user is browing directly onto TOMCAT rather than going though apache.
Does anyone have the perfect solution?
Paul
Feb 17, 2009
Arie Murdianto says:
Hi, You can change the port 8080 to use port 80 instead. Thus, you dont need to...Hi,
You can change the port 8080 to use port 80 instead. Thus, you dont need to use 8080 to access your Confluence. Also, you need to change the configuration of https.conf accordingly. If my explanation does not answer your question. Please feel free to raise a support ticket to:
* http://support.atlassian.com
Cheers,
Apr 27, 2009
Alexander Brill says:
I've set up Confluence to run together with some other webapps on my Tomcat. Dir...I've set up Confluence to run together with some other webapps on my Tomcat. Direct access to confluence is on http://localhost:8080/confluence.
However, I am having some difficulty of setting up an apache virtual host. If I now go to http://confluence.example.com I am redirected to http://confluence.example.com/*confluence*. I would like to strip "confluence" from the url so that it seems that I have it on the root context.
ServerName confluence.example.com ServerAlias confluence ProxyRequests Off ProxyPreserveHost On ProxyPass /confluence ajp://127.0.0.1:8009/confluence ProxyPassReverse /confluence ajp://127.0.0.1:8009/confluence ProxyPassReverse / ajp://127.0.0.1:8009/confluence ProxyPass / ajp://127.0.0.1:8009/confluenceAdd Comment