Posted almost 3 years ago. Visible to the public.

Confluence reverse proxy and firefox

If you're running confluence behind a reverse proxy then you might stumble upon an issue that prevents firefox from working correctly. Strange bugs will hapen like clicking on "add a new page" resulting in endless loading loops.

Checking the logfile of confluence you'll see something like this:

Copy
WARN [http-nio-8090-exec-6] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://localhost:9080/rest/analytics/1.0/publish/bulk , origin: null , referrer: WHATEVERYOURDOMAINIS , credentials in request: true , allowed via CORS: false

Solving this requires adjusting the file conf/server.xml of the confluence distribution. The entry of interest will look like this:

Copy
<Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" />

You'll have to change it to include the reverse proxy informations like this:

Copy
<Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" proxyName="WHATEVERYOURDOMAINIS" proxyPort="443" scheme="https"/>

The setup above assumes that you're running behind a reverse proxy via HTTPS which you should. ;-)

A matching configuration for nginx looks like this:

Copy
server { listen 443 ssl; server_name WHATEVERYOURDOMAINIS; ssl_certificate /etc/ssl/YOURCERT.crt; ssl_certificate_key /etc/ssl/YOURCERT.key; root SOMEPATH; location / { proxy_pass http://localhost:8090; proxy_redirect default; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } location /synchrony { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8091/synchrony; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }

This should also fix synchrony issues (collaborative editing).

Owner of this card:

Avatar
jan0sch
Last edit:
almost 3 years ago
by jan0sch
Posted by jan0sch to jan0sch's deck
This website uses cookies to improve usability and analyze traffic.
Accept or learn more