2

I'm deploying Jira, Confluence, and Bitbucket in a Docker environment.

The configuration is fairly standard. Using Atlassian images, host volumes for application data, etc.

Jira and Bitbucket are working fine and can be accessed via <ip>:<port> on the same network, no issues.

Confluence, however, can only be accessed from the host machine using localhost:<port>. I've spent many hours trying to understand why I can't hit <ip>:<port> for Confluence, while the other apps are working fine.

Here is the snippet of my docker-compose for Confluence:

confluence:
  image: atlassian/confluence-server:7.4.0
  networks:
    - atlassian
  volumes:
    - /atlassian/application-data/confluence:/var/atlassian/application-data/confluence
  environment:
    CONFLUENCE_HOME: /var/atlassian/application-data/confluence
    ATL_JDBC_URL: jdbc:postgresql://database:5432/confluence
    ATL_JDBC_USER: postgres
    ATL_JDBC_PASSWORD: postgres
    ATL_DB_TYPE: postgresql
    JVM_MINIMUM_MEMORY: 4g
    JVM_MAXIMUM_MEMORY: 8g
  ports:
    - "8090:8090"
    - "8091:8091"
  deploy:
    resources:
      reservations:
        memory: 8G

I have no other configurations, or anything. Jira and Bitbucket are set up the exact same way in the compose file, except for their own ports being exposed.

The only thing I can see is that Confluence moved to Tomcat 9 and Java 11 in version 7+, and that there could be something in the built-in server.xml that I need to change, but I can't figure it out.

Any idea why I can't hit Confluence remotely via <ip>:<port> but I can access other tools?

Troubleshooting already done:

  • This system is running on CentOS 7
  • firewalld and selinux are off d
  • No other network configurations that would prevent 8090 from being accessible
  • I also tried to map other external ports to the internal 8090 with no luck
  • I was able to deploy the Confluence 7.4.0 TAR manually and I could reach it remotely over 8090
  • I tried in all Docker configurations: docker run, docker-compose, and swarm. Same result
thedude19
  • 121
  • 3

1 Answers1

0

Solution 1: You can change the baseurl following the article: Configuring the Server Base URL

This configuration is stored in the database, but it's not recommended to change it directly in the DB.

Solution 2: Use a reverse proxy and configure the following Confluence container environment variables:

  • ATL_PROXY_NAME (e.g. confluence.example.com)
  • ATL_PROXY_PORT (e.g. 80)
Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80
  • I've set the base URL correctly, since I can tunnel in and hit Confluence via localhost:8090, but no such luck. I have not set up a proxy yet, since I don't need one. Why would Confluence need one but Jira and Bitbucket don't? – thedude19 Mar 11 '21 at 13:31
  • You might need a proxy because: 1. you want SSL offloading on the proxy. 2. You want to server static pages via proxy. 3. You need to do packet inspection, filtering or logging outside your application. 4. If you want to change the traffic (compression, HTTP headers) – Mircea Vutcovici Mar 11 '21 at 13:53
  • Those are all good reasons, but I still can't figure out why this doesn't work in a test environment as-is – thedude19 Mar 11 '21 at 14:20
  • What is the error that you see? Do you see any http redirections? Use WireShark or browser's `Developer Tools` to see it. – Mircea Vutcovici Mar 11 '21 at 14:26
  • Another valid reason for a proxy: 5. I wanted to test with HTTP/2 (SPDY) and compression to see if we can benefit from this on low bandwidth links without doing any changes to the production server. 6. You can slap a proxy to flex your DevOps muscles. – Mircea Vutcovici Mar 11 '21 at 14:36
  • Could you please check on which socket (ip:port) is listening? `sudo ss -tlnp|grep :8090` – Mircea Vutcovici Mar 11 '21 at 14:38
  • I tested with a podman container and I have: `LISTEN 0 4096 0.0.0.0:8090 0.0.0.0:* users:(("conmon",pid=809721,fd=5))` – Mircea Vutcovici Mar 11 '21 at 14:39