3

Confluence IIS Reverse Proxy Setup

I have set up a reverse proxy on IIS 7.5 for Atlassian Confluence according to instructions found in the internet.

I wanted to redirect all traffic to "docs.unimaze.com" to "localhost:8090" on the same server.

This is how I did it:

  • Installed URL Rewrite 2.0
  • Installed Application Request Routing 3.0
  • Set up a reverse proxy rule:
    • Match URL: Matches the pattern (.*) using regular expressions (ignore case)
    • Conditions: (none)
    • Server variables: (none)
    • Action: Rewrite with http://localhost:8090/{R:1} (append to query string and stop processing of subsequent rules.

The only other thing I had to in order to make everything work (from https://serverfault.com/questions/76013/iis6-vs-iis7-and-iis7-5-handling-urls-with-plus-sign-in-base-not-querystr) was to run this command on the server so that URL's with "plus signs" in the URL's would be allowed.

%windir%\system32\inetsrv\appcmd set config "WebSiteName" -section:system.webServer/security/requestFiltering -allowDoubleEscaping:true

Problem with external redirects

Confluence itself, seems to work perfectly BUT when attempting to edit a module from an external application (LucidChart Diagrams it fails), because a redirection to the external application also is rewritten, e.g. an attempt is made to redirect to this URL:

http://docs.unimaze.com/documents/edit/4b157fd9-8e28-4d70-8587-0fdd0839fbca?callback=...

when the redirect should actually be to the external application, so it should remain untouched by the rewriting rule:

https://www.lucidchart.com/documents/edit/4b157fd9-8e28-4d70-8587-0fdd0839fbca?callback=...

Is there an easy way to solve this?

Community
  • 1
  • 1
MarkusPolus
  • 101
  • 1
  • 7

2 Answers2

5

This here helped: appcmd.exe set config -section:system.webServer/proxy /reverseRewriteHostInResponseHeaders:"False" -commit:apphost

In UI, the setting corresponding to this action on the Application Request Routing in IIS on the server node (select „Server Proxy Settings“) should be unchecked.

However, this had the effect that the page can not be loaded in Internet Explorer 11 L The page is shown, but with empty space where the diagram is and it tries loading something forever.

In Firefox and Chrome it works fine. I have no idea why it "freezes" in IE 11. Will check from other machines to see if this is always happening or not.

MarkusPolus
  • 101
  • 1
  • 7
  • I spent many hours today trying to figure out why my cookies were being set for the wrong domain, even though I had explicitly specified the domain in the web.config sections for Cookies and Auth. What a lifesaver. – Synctrex Jun 17 '19 at 23:15
0

The easiest way to handle this is to take advantage of IIS host headers and make the proxied site believe it is responding as www.example.com:80 rather than localhost:8080. It turns out the AAR reverse proxy has an equivalent of Apache's ProxyPerserveHost setting it just isn't very well documented nor exposed in the UI.

To enable this setting you will need to open an elevated shell and run:

%windir%\system32\inetsrv\appcmd.exe set config -section:system.webServer/proxy -preserveHostHeader:true

Then configure the target site to listen at 127.0.0.1:80 with the appropriate host header and then configure the proxy to proxy back to localhost with the request and it should line up.

Wyatt Barnett
  • 15,573
  • 3
  • 34
  • 53
  • I invoked the `appcmd` command in IIS, but I am not sure what you mean about the rest. The target site, i.e. Confluence on Apache can not be configured on port 80. – MarkusPolus Jul 24 '14 at 16:42
  • Gotcha, I thought it was another site on the server. This is a bit of a different problem. I would try sending it on the odd port and seeing how that worked out -- not sure if apache will stuff the port in things or not. Another approach might be to just hoist java in IIS rather than apache -- that works quite well from what I've heard given modern versions of IIS. Finally, you can run IIS and apache side-by-side on the same box on port 80, you just need to tell IIS to not use 0.0.0.0 and tell them to use specific IP addresses. – Wyatt Barnett Jul 24 '14 at 21:07
  • OK, thanks I will investigate. I also checked using Fiddler to see what is going on. According to info I got from LucidChart support it seems it may have something to do with the Location header in the redirect (302 response). I will take a better look at this tomorrow. – MarkusPolus Jul 24 '14 at 23:49