Collaborative Editing error in Confluence Data Center due to blocked mixed content
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
When setting up Confluence Data Center and Synchrony with SSL, Collaborative Editing fails and you get a blocked mixed content error in the console. For example with Chrome, you can go to Menu → More tools → Developer Tools → Console and see the following:
Mixed Content: The page at 'https://confluence.url.com/display/SPACE/Page+title batch.js?analytis-e...s-enabled=true...' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://synchrony.url.com:8091/synchrony/heartbeat'. This request has been blocked; the content must be served over HTTPS.Diagnosis
Environment
- Confluence node running behind HTTPS
- Synchrony service is not running behind HTTPS
Diagnostic Steps
- Running both behind HTTP works
- Loading the http://synchrony.url.com:8091/synchrony/heartbeat URL from the Confluence node returns an OK message
Cause
Modern browsers block mixed content when a page is initially loaded over HTTPS, but other resources are loaded over HTTP. In this example, Confluence resources are loading over HTTPS, but Synchrony scripts are running from an HTTP address. This causes the error above. Both services should run behind HTTPS.
Workarounds
This might be helpful to confirm you're seeing this issue and will not resolve the issue, but these can be applied temporarily:
- Configure Confluence to run on HTTP
- Disable Collaborative Editing
- Disable mixed content blocking in the browser
Resolution
To resolve the issue:
- Configure Synchrony to run behind SSL
- This has to be done using a Load Balancer or Proxy
- Using Apache with mod_proxy
- Running Confluence behind NGINX with SSL
- Proxying Atlassian server applications with Apache HTTP Server (mod_proxy_http)
- Proxying Atlassian server applications with Microsoft Internet Information Services (IIS)
- How to configure Amazon Web Service Elastic Load Balancer with Confluence 6.0
- Example:
- Add a /synchrony rule to redirect requests to the Synchrony URL, on the same Load balancer that Confluence is running behind: How to configure Amazon Web Service Application Load Balancer with Confluence
- Ensure the Synchrony SSL certificate is imported into the Confluence truststore: Connecting to SSL services
Restart Synchrony with SYNCHRONY_URL set to the HTTPS address (e.g. SYNCHRONY_URL=https://load_balancer_url/synchrony)
Point Confluence to the same Synchrony HTTPS address (e.g. -Dsynchrony.service.url=https://load_balancer_url/synchrony/v1)
- Restart and test