Using Apache with mod_proxy

Atlassian applications allow the use of reverse-proxies, however Atlassian Support does not provide assistance for configuring them. Consequently, Atlassian can not guarantee providing any support for them.

If assistance with configuration is required, please raise a question on Atlassian Answers.

This page describes one possible way to use Apache HTTP Server 2.4 to proxy requests for Confluence running in a standard Tomcat container. You can find additional documentation that explains how to use NGINX for the same purpose.

You might use this configuration when:

  • You have an existing Apache website, and want to add Confluence (for example, http://www.example.com/confluence).
  • You have two or more Java applications, each running in their own application server on different ports, for example, http://example:8090/confluence and http://example:8080/jira and want to make them both available on the regular HTTP port (80) (for example, at http://www.example.com/confluence and http://www.example.com/jira). Each application can be restarted, managed and debugged separately.

Note: This page documents a configuration of Apache, rather than of Confluence itself. Atlassian will support Confluence with this configuration, but we cannot guarantee to help you debug problems with Apache. Please be aware that this material is provided for your information only, and that you use it at your own risk.

On this page:

Base configuration

In these examples, we use the following:

http://www.example.com/confluence - your intended URL

http://example:8090 - the hostname and port Confluence is currently installed to

http://example:8091 - the hostname and port Synchrony, the service that powers collaborative editing, defaults to

/confluence - the intended context path for Confluence (the part after hostname and port)

/synchrony - the context path for Synchrony, the process that powers collaborative editing

You'll need to replace these URLs with your own URLs.

1 Set the context path

(warning) If you want to access Confluence without a context path, such as www.example.com, skip this step.

Set your Confluence application path (the part after hostname and port) in Tomcat.  In this example the context path will be /confluence

Edit <installation-directory>conf/server.xml, locate the "Context" definition:

<Context path="" docBase="../confluence" debug="0" reloadable="true">

and change it to:

<Context path="/confluence" docBase="../confluence" debug="0" reloadable="true">

In this example we've used /confluence as the context path. Note that you can't use /resources as your context path, as this is used by Confluence, and will cause problems later on.  

Restart Confluence, and check you can access it at http://example:8090/confluence.

2 Set the URL for redirection

Next, set the URL for redirection. In the same <installation-directory>conf/server.xml file, use the example connectors as a starting point.  

Comment out the default connector (for unproxied access). 

Show me how to do this...

In XML a comment starts with  <!-- and ends with -->, and is used to make sure only the relevant portions of the file are read by the application.

Add <!-- and --> around the default connector. It should now look like this.

<!--
========================================================
DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.
========================================================
-->
<!--
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
   maxThreads="48" minSpareThreads="10"
   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
   protocol="org.apache.coyote.http11.Http11NioProtocol"/>
-->

Uncomment the connector listed under the HTTP - Proxying Confluence via Apache or Nginx over HTTP heading.   

Show me how to do this...

To uncomment a section, remove the <!-- and --> surrounding the connector.

Here's an example showing the default connector commented out, and the HTTP connector uncommented. The headings remain commented out.

<!--
========================================================
DEFAULT - Direct connector with no proxy, for unproxied HTTP access to Confluence.
========================================================
-->
<!--
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
   maxThreads="48" minSpareThreads="10"
   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
   protocol="org.apache.coyote.http11.Http11NioProtocol"/>
-->
<!--
========================================================
HTTP - Proxying Confluence via Apache or Nginx over HTTP
========================================================
-->
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
   maxThreads="48" minSpareThreads="10"
   enableLookups="false" acceptCount="10" debug="0"URIEncoding="UTF-8"
   protocol="org.apache.coyote.http11.Http11NioProtocol"
   scheme="http" proxyName="<subdomain>.<domain>.com" proxyPort="80"/>

Insert your proxyName and proxyPort as shown in the last line below:

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
   maxThreads="48" minSpareThreads="10"
   enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
   protocol="org.apache.coyote.http11.Http11NioProtocol"
   scheme="http" proxyName="www.example.com" proxyPort="80"/>

If you plan to enable HTTPS, use the connector under HTTPS - Proxying Confluence via Apache or Nginx over HTTPS


3 Configure mod_proxy

Use one of the examples below to edit your Apache http.conf file to proxy requests to the application server.

(warning) You will need to enable the following required Apache modules if they are not already enabled:

  • mod_proxy
  • mod_proxy_http
  • proxy_wstunnel 
  • mod_rewrite

(proxy_wstunnel and mod_rewrite are new requirements in Confluence 6.0)

The format of the http.conf file, and location of the modules may differ on your operating system. We recommend Windows users specify the absolute path to the module files.

Example 1: Configuration with context path

Use this example if you set a context path in step 1, and will access Confluence with a context path like this http://www.example.com/confluence.  

In this example, users will connect to Synchrony, which is required for collaborative editing, directly via WebSockets. 

(warning) The order of directives in the config is important. 

Apache HTTP server 2.4
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

# Put this in the main section of your configuration (or virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
    Require all granted
</Proxy>

ProxyPass /synchrony http://<domain>:8091/synchrony
<Location /synchrony>
    Require all granted
    RewriteEngine on
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
    RewriteRule .* ws://<domain>:8091%{REQUEST_URI} [P]
</Location>
 
ProxyPass /confluence http://<domain>:8090/confluence
ProxyPassReverse /confluence http://<domain>:8090/confluence

<Location /confluence>
    Require all granted
</Location>

Note: It's not possible to use Apache HTTP Server 2.2 with Confluence 6.0 or later. If you plan to use SSL, you will need version 2.4.10 or later. 

Example 2: Configuration without context path 

Use this example if you skipped step 1, and will access Confluence without a context path like this http://www.example.com.

As in the previous example, users will connect to Synchrony, which is required for collaborative editing, directly via WebSockets. 

(warning) The order of directives in the config is important. 

Apache HTTP server 2.4
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module /usr/lib/apache2/modules/mod_proxy_wstunnel.so
LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

# Put this in the main section of your configuration (or virtual host, if using Apache virtual hosts)
 
  ProxyRequests Off
  ProxyPreserveHost On
    
  RewriteEngine On
  RewriteCond %{REQUEST_URI} !^/synchrony
  RewriteRule ^/(.*) http://<domain>:8090/$1 [P]

  <Proxy *>
      Require all granted
  </Proxy>

  ProxyPass /synchrony http://<domain>:8091/synchrony

  <Location /synchrony>
      Require all granted
      RewriteEngine on
      RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
      RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
      RewriteRule .* ws://<domain>:8091%{REQUEST_URI} [P]
  </Location>

  ProxyPass / http://<domain>:8090
  ProxyPassReverse / http://<domain>:8090
   
  <Location />
      Require all granted
  </Location>

Note: It's not possible to use Apache HTTP Server 2.2 with Confluence 6.0 or later. If you plan to use SSL, you will need version 2.4.10 or later. 

4 Restart Apache

This is needed to pick up on the new configuration. To restart Apache, run the following command:

sudo apachectl graceful

5 Disable HTTP Compression

Having compression run on both the proxy and Tomcat can cause problems integrating with other Atlassian applications, such as Jira. Please disable HTTP compression as per our Compressing an HTTP Response within Confluence docs.

6 Change the Confluence Base URL

The last stage is to set the Base URL to the address you're using within the proxy, for example http://www.example.com/confluence.

Adding SSL

If you plan to enable HTTPS, see Securing your Atlassian applications with Apache using SSL, and make sure you choose the HTTPS sample connector. 

More information

Last modified on Jun 5, 2018

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.