Confluence could not retrieve public key for real-time collaboration service from Synchrony
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
After setting up a Synchrony node or cluster, you are unable to successfully enable Collaborative editing.
The following appears in the atlassian-confluence.log
INFO ... [plugins.synchrony.config.DefaultSynchronyConfigurationManager] retrievePublicKey [Collab editing plugin] Could not retrieve public key for real-time collaboration service at confluence.example.com/synchrony/jwt-key with exception: null
Diagnosis
Environment
- Confluence Data Center
- One or more Synchrony nodes
- You are using an AWS ELB (Elastic Load Balancer)
Diagnostic Steps
- You cannot successfully enable Collaborative Editing
- You see various errors in the UI on the Collaborative Editing settings page:
<base-url>/admin/confluence-collaborative-editor-plugin/configure.action
- You are able to reach this URL in your browser and see the public key from Synchrony:
<ELB-Address>/synchrony/jwt-key
- You are able to reach this URL in your browser and see an OK from Synchrony:
<ELB-Address>/synchrony/heartbeat
You are not successful when running this command from the Confluence node:
wget http://ELB-Address/synchrony/jwt-key
Cause
This is caused by blocking TCP port 8091 in the ELB Security group. This prevents Confluence nodes from reaching Synchrony nodes on 8091.
You may still be able to reach the Synchrony node directly from the Confluence node on port 8091, but communication occurs through the load balancer (see diagram on this page).
Resolution
Add port 8091 to the Elastic Load Balancer security group so that Confluence and Synchrony can communicate.
Example rule addition:
You may of course restrict this to only allow communication between those particular nodes or clusters.