Confluence shows a notification about Tomcat incorrect configuration when accessing through a reverse-proxy

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

When accessing Confluence, a notification shows up saying that Tomcat configuration is incorrect.

Accessing Confluence through a reverse-proxy and the parameters proxyName, proxyPort, and scheme are correctly set. Confluence Base URL is also correct.

Notification Workbox:

⚠️ Tomcat config is incorrect

The Tomcat server.xml has an incorrect configuration:

scheme should be 'https'

proxyName should be 'subdomain.domain.corp'

proxyPort should be '443'

Environment

Confluence Server accessed through a reverse-proxy.

Diagnosis

Warning messages are shown in the application logs about XSRF checks failing:

atlassian-confluence.log

1 2020-05-22 09:46:37,241 WARN [http-nio-8090-exec-9] [common.security.jersey.XsrfResourceFilter] passesAdditionalBrowserChecks Additional XSRF checks failed for request: http://localhost:8090/rest/analytics/1.0/publish/bulk , origin: null , referrer: https://subdomain.domain.corp/login.action , credentials in request: true , allowed via CORS: false

In server.xml, there are two Tomcat connectors at the same port, and one of them doesn't have any proxy parameters:

server.xml

1 2 3 4 5 6 7 8 9 10 <Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol"/> <Connector port="8090" connectionTimeout="20000" redirectPort="8443" maxThreads="48" minSpareThreads="10" enableLookups="false" acceptCount="10" debug="0" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https" secure="true" proxyName="subdomain.domain.corp" proxyPort="443"/>

Cause

Two Tomcat connectors were configured to run at the same port, but one of them doesn't have proxy parameters.

Solution

  1. Shutdown Confluence

  2. Either remove the unproxied connector or change the Port in one of the connectors

    1. Ensure that two Tomcat connectors don't share a port number

    2. Avoid using Port 8091, as this is the default port for Synchrony

  3. Start Confluence

Related content

Updated on April 8, 2025
Platform
Data Center only
Product
Confluence Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community