Balsamiq Community Discussion

Connecting to a Reverse Proxy Server Using SSL (Proxy and Server Are on the Same Machine)


#1

I have a setup of Confluence Server and an Apache httpd proxy Server installed both on the same machine.
I’ve tried to follow your documentation that specify that it is possible to configure Balsamiq plugin with this setup but with no success (https://docs.balsamiq.com/confluence/server/wireframes/rtcconfigs/).

The problem is that the confluence server doesn’t have SSL configured on it. The SSL is configured only on the proxy layer.
The confluence base URL is configured with https as a prefix as it points to the URL as it expected to be accessed through the proxy server.

This cause the Balsamiq plugin to try and send request for the collaborative editing through the HTTPS protocol.
The problem is that the request doesn’t go through the proxy since the proxy can’t listen to the same port that the Balsamiq plugin is already listening to on the same machine.
This cause the request to arrive as HTTPS request to the plugin while it expect to receive HTTP request.

Testing the API through Postman I can verify that the API works fine when accessed through HTTP instead of HTTPS.

There are three things that can solve my problem:

  1. allow to set the protocol manually instead of relaying on the confluence base URL.
  2. Allow to set different ports for the server and the actual request (so the request port will be free for the proxy and I’ll be able to pass it to the server port after decrypting the SSL request and pass it as simple HTTP to the plugin).
  3. Allow to configure SSL certificate for protecting the port exposed by the plugin.

I understand that the first option probably will be the easiest to implement as fast workaround but I would really be happy to see the other options available in the near future as a secure connection is a pretty important thing.


#2

Hi @Ori_Shalom, the easiest way to fix this is by adding address=“127.0.0.1” on tomcat server.xml (inside the confluence connector) so that the application service (and rtc) listens on the loopback, and make apache redirect to it.
In this way the proxy listens on public interface and redirects to the loopback interface (on the same port, for the rtc case).
Please let us know if it’s ok


#3

Thanks, I manage to configure it successfully.
The problem was just a small typo…