If your Confluence installation sits behind a reverse proxy and you want to run a viewport on a domain that is different from the Confluence base URL, you may have to make some changes to your networking setup to ensure that everything works correctly.

Common effects of an incomplete configuration are:

  • Viewports with a custom domain name are not reachable
  • Confluence rejecting certain requests whose server name does not match the name of the host. 
    • For example: POST requests to /rest/webResources/1.0/resources that fail with a status code of 403

Reverse Proxy Configuration

We recommend that you set the Host header and some X-Forwarded-* headers on requests as they pass through your reverse proxy. See below how to configure Tomcat to apply them when handing the request to Confluence.

Here's an example for a nginx virtual host definition:

Nginx vhost definition

server {
    server_name test.mydomain.com;
    listen 443 ssl;
    listen [::]:443 ssl;
    
    ...

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl $https;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Port $server_port;

        proxy_pass http://localhost:8090;
    }

}
TEXT

Tomcat Configuration

In the server.xml file of your Tomcat configuration,

  1. Remove these attributes from your connector:
    • proxyName
    • proxyPort
    • scheme
  2. Add the following valve to the main Confluence context (not the one for the Synchrony proxy, which will also be defined if you are running Confluence 6.0 or later):

    <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />
    XML

After the change the file should look something like this:

server.xml

<Server port="8000" shutdown="SHUTDOWN" debug="0">
    <Service name="Tomcat-Standalone">
        <Connector address="127.0.0.1" port="8090" connectionTimeout="20000" redirectPort="8443"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8"
                protocol="org.apache.coyote.http11.Http11NioProtocol" />

        <Engine name="Standalone" defaultHost="localhost" debug="0">

            <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="false" startStopThreads="4">

                <Context path="" docBase="../confluence" debug="0" reloadable="false" useHttpOnly="true">
                    <!-- Logger is deprecated in Tomcat 5.5. Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
                    <Manager pathname="" />

                    <Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" />

                    <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="60" />
                </Context>

                <!-- ... -->

            </Host>

        </Engine>
    </Service>
</Server>
XML