Running Confluence behind NGINX with SSL
This page describes how to set up NGINX as a reverse proxy for Confluence.
The configuration described on this page results in a scenario where:
- External client connections with NGINX are secured using SSL. Connections between NGINX and Confluence Server are unsecured.
- Confluence Server and NGINX run on the same machine.
On this page
We assume that you already have a running instance of NGINX. If not, refer to the NGINX documentation for instructions on downloading and installing NGINX. SSL certificates must be installed on the server machine. You'll an NGINX version that supports WebSockets (1.3 or later).
Step 1: Set the context path
Set your Confluence application path (the part after hostname and port) in Tomcat. Edit
<installation-directory>/conf/server.xml, locate the "Context" definition:
and change it to:
Restart Confluence, and check you can access it at
Step 2: Configure the Tomcat connector
Next, in the same
<installation-directory>/conf/server.xml file, locate this code segment:
And add the last line as follows:
Note: don't include
secure="true" in this connector. Make sure you've included correct values for
Step 3: Configure NGINX
You will need to specify a listening server in NGINX, as in the example below. Add the following to your NGINX configuration.
Replace your server name and the location of your SSL certificate and key.
In this example, users will connect to Synchrony, which is required for collaborative editing, directly.
See http://nginx.org/en/docs/http/ngx_http_proxy_module.html for more information.
Note: do not include
ssl on; if you are configuring SSL and Confluence on the same server as in this example.
Step 4: Restart Confluence and NGINX
- Restart Confluence and NGINX for all the changes to take affect.
- Update Confluence's base URL to include the context path you set earlier - see Configuring the Server Base URL.
Was this helpful?
Thanks for your feedback!