Running Confluence on port 80 or 443 using mod_proxy_ajp

Okay, I use Confluence a lot, and think despite some of its failings in the UI department (Although they are being addressed as version 2.8 shows) its a excellent Enterprise Wiki.

Now, not wanting to arse around with Tomcat all the time, I use the standalone build generally as its quite sufficient for my purposes. The problems arise when we have remote workers, whom are behind restrictive firewall policies. So that means I have to provide the service on 443. Now you could spend a bit of time configuring Tomcat to run on said port, but thats not recommended, plus you may want to use other technologies such a PHP etc. So here is a quick how to on getting confluence up and running on port 443 on Suse Enterprise Server 10 (Al tough the same applies to most Linux distros with the exception of the convoluted config Novell apply to Apache). This post presumes you already have installed Confluence standalone and its running fine.

1. Make sure you have Apache 2.2 installed
2. Open /etc/sysconfig/apache2 in vi (make sure you back it up first…)
3. Around line 296 you will see a list of the modules apache loads at start up. Add the following to the list;
proxy proxy_http proxy_connect proxy_ajp proxy_balancer
4. Save the file.
5. cd /etc/apache2/conf.d
6. Create a new config that will hold the information for your confluence configs;
vi confluenc.conf
7. Add the following lines

<Proxy balancer://confluence>
BalancerMember ajp://localhost:8009
</Proxy>

8. You can run this on port 80 just as well, but if its an internal wiki, you should allow public access only via HTTPS


<VirtualHost 192.168.0.1:80> # Note I always specify an IP address although its not required, you could use *
ServerAdmin you@mail.com # Your email address
ServerName host.domain.tld # Public FQDN of the server
Redirect / https://server.tld/ # Redirect everything to the SSL server
</VirtualHost>

9 I presume you will have pre generated your server keys, if not do so now.
10. Add the following to you ssl vhost config


<VirtualHost 192.168.0.1:443>
ServerName host.domain.tld:443
ServerAdmin you@mail.com
# SSL Requirments
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
# Use your certificate here.
SSLCertificateFile /etc/apache2/ssl.crt/host.domain.tld.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/host.domain.tld.pem
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# The important bit. Pass all requests onto your confluence instance
ProxyPass / balancer://confluence/ stickysession=JSESSIONID|seraph.confluence nofailover=On
</VirtualHost>

11. Shutdown Confluence and Open up your confluence instances server.xml file (backup first)
12. Add the following to below the first connector definition

<Connector port="8009" protocol="AJP/1.3" />
13. Save and restart confluence
14. Start apache and browse to https://server.domain.tld and you should see your confluence instance.

The guts of this is mod_proxy_ajp which is a lot more delightful to play with than mod_jk.

For fun, you can add as many instances of Confluence as you like as BalancerMemers, export the confluence home via nfs and have your instances connect to a shared db. Is basic load balancing and will break things in confluence, but its good for a laugh.