Documentation for Confluence 5.4.
Documentation for Confluence OnDemand and earlier versions of Confluence is available too.

Skip to end of metadata
Go to start of metadata
Icon

This page documents a configuration of Apache, rather than of Confluence itself. Atlassian will support Confluence with this configuration, but we cannot guarantee to help you debug problems with Apache. Please be aware that this material is provided for your information only, and that you use it at your own risk.

Introduction

For improved performance in high-load environments, you should run Confluence behind a web server. In general, web server caching and thread management is far superior to that provided by your application server's HTTP interface.

To run Confluence behind the Apache httpd web server, there are two main configuration options: mod_jk or mod_proxy.

Connection type

Unique features

Common features to both mod_proxy and mod_jk

mod_proxy (also known as reverse proxy)

  • recommended connection method
  • simple HTTP proxy to application server
  • works with all application servers
  • if application paths are consistent, there is minimal load on the web server
  • application paths must be consistent to avoid complex and slow URL rewriting
  • works with name-based virtual hosting, both on web server and app server
  • web server keeps a pool of connections to application server

mod_jk (also known as AJP)

  • uses the AJP binary protocol
  • provides failover (and load balancing, which Confluence supports only with a clustered license)
  • only works with some application servers (typically Tomcat)
  • if application paths are consistent, there is some load on the web server to translate requests to AJP

 

Configuration Guides

Icon

Please choose one configuration. Trying to configure for both mod_proxy and mod_jk will only lead to confusion and tears.

 

Mod_jk2 not supported

The misleadingly-named mod_jk2 is an older method of connecting to Tomcat from Apache. Since mod_jk2 is no longer supported by the Apache Foundation, we do not support this configuration, and are not updating our mod_jk2 documentation. Mod_jk2 also has unresolved problems with Unicode URLs; you need to use either mod_proxy or mod_jk for international characters to work correctly in Confluence.

Caching static content via mod_disk_cache

To improve performance of a large Confluence site, we recommend that you move the caching of static content from the JVM into Apache. This will prevent the JVM from having a number of long running threads serving up static content. See Configuring Apache to Cache Static Content via mod_disk_cache.

Other related documentation

5 Comments

  1. We run Confluence under Tomcat 5.5.20, behind an Apache server configured for https-only connections. We use DNS-based virtual hosting, and use mod_proxy_ajp to connect confluence to Apache.

    The apache configuration for the vhost looks like this we use looks like this:

    <Location "/">
    RewriteEngine on
    RewriteBase /
    RewriteRule ^confluence$ confluence/ R
    </Location>

    ProxyPass /confluence/ ajp://localhost:8009/confluence/

    In our subjective tests, ajp is markedly faster than http, and mod_proxy_ajp is faster than mod_jk.

    1. Anonymous

      did you do your authentication in confluence or apache?

      I'm searching for a way to use Likewise in Apache to authenticate my user an pass on the username to confluence.

      My current sollution with ntlm in confluence is problematic with windows 7

  2. Don't place Apache authentication in front of Confluence, it breaks Spring Security and subsequently Confluence. The best part? Removing the auth config from Apache doesn't fix the problem; you'll need to remove those configs from Apache AND start a new browser session for things to start working.

    I thought I was being clever by putting the auth bit in so that no one else could hit the setup wizard (public facing server) while I was working on it. Don't be like me and save yourself a headache.

  3. Anonymous

    Running confluence behind Apache authentication seems to work when the usernames and passwords are the same. In order to place Apache authentication in front of confluence when they are not the same, you need to enable mod_headers.so add the following line before  ProxyPass... :

    RequestHeader set Authorization ""

  4. If you are using mod_rewrite in combination with mod_proxy (or at least mod_proxy_ajp) and cannot access attachments with international characters in the filename, you might want to upgrade your Apache. A bug in mod_rewrite has been fixed in Apache 2.2.12, the versions before that did not work for me (see https://answers.atlassian.com/questions/4790/how-to-make-attachments-with-international-file-names-work).