Using Apache with mod_proxy
There are some common situations where you might use the configuration:
- You have an existing Apache-based website, and want to add Confluence to the mix (for example, http://www.example.com/confluence).
- You have two or more Java applications, each running in their own application server on different ports, for example, http://example:8090/confluence and http://example:8080/jira. By setting up Apache with mod_proxy, you can have both available on the regular HTTP port (80) – for example, at http://www.example.com/confluence and http://www.example.com/jira. This allows each application to be restarted, managed and debugged separately.
Note: This page documents a configuration of Apache, rather than of Confluence itself. Atlassian will support Confluence with this configuration, but we cannot guarantee to help you debug problems with Apache. Please be aware that this material is provided for your information only, and that you use it at your own risk.
Base configuration
In these examples, we use the following:
http://www.example.com/confluence - your intended URL
http://example:8090 - the hostname and port Confluence is currently installed to
/confluence - the intended context path (the part after hostname and port)
Please substitute the examples below with your intended URL's in your own server. Copy/pasting these suggestions will not work on your server.
Set the context path
Set your Confluence application path (the part after hostname and port). To do this in Tomcat (bundled with Confluence), edit conf/server.xml, locate the "Context" definition:
<Context path="" docBase="../confluence" debug="0" reloadable="true">and change it to:
<Context path="/confluence" docBase="../confluence" debug="0" reloadable="true">Then restart Confluence, and ensure you can access it at http://example:8090/confluence
Set the URL for redirection
Set the URL for redirection. In the same conf/server.xml file, locate this code segment:
<Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
And append the last line:
<Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true"
proxyName="www.example.com" proxyPort="80" />
If this isn't working for you and you're using SSL, try adding a scheme attribute to your Connector tag: scheme="https".
Now we have two options:
- If you want a URL like http://www.example.com/confluence, follow the simple configuration.
- If you want a URL like http://confluence.example.com, go to the complex configuration.
Simple Configuration
Configure mod_proxy
Now enable mod_proxy in Apache, and proxy requests to the application server by adding the example below to your Apache httpd.conf (note: the files may be different on your system; See Integrating JIRA with Apache for the process for Ubuntu/Debian layout):
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /confluence http://app-server.internal.example.com:8090/confluence
ProxyPassReverse /confluence http://app-server.internal.example.com:8090/confluence
<Location /confluence>
Order allow,deny
Allow from all
</Location># Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
Require all granted
</Proxy>
ProxyPass /confluence http://app-server.internal.example.com:8090/confluence
ProxyPassReverse /confluence http://app-server.internal.example.com:8090/confluence
<Location /confluence>
# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
Require all granted
</Location>Complex configuration
Complex configuration involves using the mod_proxy_html filter to modify the proxied content en-route. This is required if the Confluence path differs between Apache and the application server. For example:
Externally accessible (Apache) URL | http://confluence.example.com/ |
|---|---|
Application server URL | http://app-server.internal.example.com:8090/confluence/ |
Notice that the application path in the URL is different in each. On Apache, the path is /, and on the application server the path is /confluence.
For this configuration, you need to install the mod_proxy_html module, which is not included in the standard Apache distribution.
Alternative solutions are discussed below.
# Put this after the other LoadModule directives
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so
<VirtualHost *>
ServerName confluence.example.com
# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://app-server.internal.example.com:8090/confluence
ProxyPassReverse / http://app-server.internal.example.com:8090/confluence
ProxyHTMLURLMap / /confluence/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost># Put this after the other LoadModule directives
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so
<VirtualHost *>
ServerName confluence.example.com
# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
Require all granted
</Proxy>
ProxyPass / http://app-server.internal.example.com:8090/confluence
ProxyPassReverse / http://app-server.internal.example.com:8090/confluence
ProxyHTMLURLMap / /confluence/
<Location />
# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
Require all granted
</Location>
</VirtualHost>The ProxyHTMLURLMap configuration can become more complex if you have multiple applications running under this configuration. The mapping should also be placed in a Location block if the web server URL is a subdirectory and not on a virtual host. The Apache Week tutorial has more information how to do this.
Final Configuration Steps
Restart your Apache server
This is needed to pick up on the new configuration. This can be done by running the following on your command line/terminal/shell:
sudo apachectl gracefulDisable HTTP Compression
Having compression run on both the proxy and Tomcat can cause problems integrating with other Atlassian applications, such as JIRA. Please disable HTTP compression as per our Compressing an HTTP Response within Confluence docs.
Set the Confluence Base URL
The last stage is to set the Base URL to the address you're using within the proxy. In this example, it would be http://www.example.com/confluence
Adding SSL
If you're running Apache in front of Tomcat, it's a good idea to terminate your SSL configuration at Apache, then forward the requests to Tomcat over HTTP. You can set up Apache to terminate the SSL connection and use the ProxyPass and ProxyPassReverse directives to pass the connection through to Tomcat (or the appropriate application server) which is running Confluence.
- Create a new SSL host by creating a virtual host on 443
- The standard http connection on apache could be used to redirect to https if you want or it could just be firewalled.
- Within the VirtualHost definition:
- define the SSL options (SSLEngin and SSLCertificateFile)
- define the ProxyPass and ProxyPassReverse directives to pass through to Tomcat.
Most of the relevant Apache Config:
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
ProxyPass / http://localhost:8090/
ProxyPassReverse / http://localhost:8090/
</VirtualHost>
Apart from the Apache configuration there are a couple of things you will need to do before you get your server working:
- You will have to change your base URL to point to https addresses. See the documentation on configuring the server base URL.
- We need to set up the connector to use https. In your installation directory, edit the file server.xml and add this attributes to your connector:
proxyName="proxy.example.com" proxyPort="443" scheme="https" secure="true" More information
- The mod_proxy_html site has documentation and examples on the use of this module in the complex configuration.
- Apache Week has a tutorial that deals with a complex situation involving two applications and ProxyHTMLURLMap.
- Using Apache with virtual hosts and mod_proxy shows how to configure the special case where you want JIRA and Confluence running on separate application servers on virtual host subdomains.
Alternatives
If Tomcat is your application server, you have two options:
- use mod_jk to send the requests to Tomcat
- use Tomcat's virtual hosts to make your Confluence application directory the same on the app server and the web server, removing the need for the URL mapping.
If your application server has an AJP connector, you can:
- use mod_jk to send the requests to your application server.