This article demonstrates how to configure an Apache server as a reverse proxy for Confluence. Confluence runs on Tomcat (out of the box) and listens on TCP port 8090 without encryption. Our goal is to listen on port 80 and redirect the connection to port 443 so our reverse proxy provides encryption.
We’re using LetsEncrypt to secure the Apache Reverse proxy. We’ve completed that stage before configuring the Reverse Proxy component. Also note we don’t need the DocumentRoot after we’ve completed the LetsEncrypt process. See below for an example of the LetsEncrypt command. Remember to remove the redirect from the Apache server listening on port 80 before running LetsEncrypt.
./certbot-auto --authenticator webroot --webroot-path /var/www/html/confluence.example.com/confluence/ --installer apache -d confluence.example.com
Our port 80 (http://) Apache server looks like this:
<VirtualHost *:80> TimeOut 1000 <Directory /var/www/html/confluence.example.com/confluence> Options Indexes AllowOverride All Order allow,deny allow from all </Directory> ServerName confluence.example.com ServerAdmin [email protected] ErrorLog logs/confluence.example.com.au_log CustomLog logs/confluence.example.com_log common DocumentRoot /var/www/html/confluence.example.com/confluence <Directory /var/www/html/confluence.example.com/confluence> Options Indexes FollowSymLinks </Directory> RewriteEngine on RewriteCond %{SERVER_NAME} =confluence.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>
Our port 443 (https://) Apache reverse proxy server looks like this:
<VirtualHost *:443> TimeOut 1000 SSLEngine On SSLProxyEngine On RewriteEngine On ProxyRequests Off ProxyPreserveHost On RequestHeader set X-Forwarded-Proto "https" RequestHeader set X-Forwarded-Port "443" ProxyPass / http://localhost:8090/ ProxyPassReverse / http://localhost:8090/ <Directory /var/www/html/confluence.example.com/confluence> Options Indexes AllowOverride All Order allow,deny allow from all </Directory> ServerName confluence.example.com ServerAdmin [email protected] ErrorLog logs/confluence.example.com_log CustomLog logs/confluence.example.com_log common DocumentRoot /var/www/html/confluence.example.com/confluence <Directory /var/www/html/confluence.example.com/confluence> Options Indexes FollowSymLinks </Directory> SSLCertificateFile /etc/letsencrypt/live/confluence.example.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/confluence.example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/confluence.example.com/chain.pem </VirtualHost>