Summary

When accessing Confluence, a notification shows up saying that Tomcat configuration is incorrect.

Accessing Confluence through a reverse-proxy and the parameters proxyName, proxyPort, and scheme are correctly set. Confluence Base URL is also correct.

Notification Workbox:

Environment

Confluence Server accessed through a reverse-proxy.

Diagnosis

Warning messages are shown in the application logs about XSRF checks failing:

2020-05-22 09:46:37,241 WARN [http-nio-8090-exec-9] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://localhost:8090/rest/analytics/1.0/publish/bulk , origin: null , referrer: https://subdomain.domain.corp/login.action , credentials in request: true , allowed via CORS: false

In server.xml, there are two Tomcat connectors at the same port, and one of them doesn't have any proxy parameters:

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
	maxThreads="48" minSpareThreads="10"
    enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
    protocol="org.apache.coyote.http11.Http11NioProtocol"/>

<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
    maxThreads="48" minSpareThreads="10"
    enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    scheme="https" secure="true" proxyName="subdomain.domain.corp" proxyPort="443"/>

Cause

Two Tomcat connectors were configured to run at the same port, but one of them doesn't have proxy parameters.

Solution

1. Shutdown Confluence
2. Either remove the unproxied connector or change the Port in one of the connectors
   1. Ensure that two Tomcat connectors don't share a port number
   2. Avoid using Port 8091, as this is the default port for Synchrony
3. Start Confluence

Related content

• Proxy and HTTPS setup for Confluence
• Can't check base URL warning in Confluence 6.6 or later