Balsamiq for Confluence Docs > Balsamiq for Confluence Server Documentation > Real-Time Collaboration Service Configuration

Real-Time Collaboration Service Configuration



Our Atlassian server apps include a built-in, behind the firewall real-time collaboration service (RTC) that allows multiple users to work on the same project, at the same time. This documentation is to help administrators understand how the service is implemented, and potentially help them solve problems with it.

It's a service on the main application server that needs to be configured according to the existing network layout. Except for common setups (direct connection to tomcat), you need administration access to the server console to edit reverse proxy configuration files or open the desired port.

Confluence/Jira administration permissions are needed to modify the RTC app configuration (set the FQDN, set the RTC port, verify if RTC is up or restart it).

Note: To avoid mixed content (HTTP+HTTPS on the same webpage), the connection protocol has to be the same (client/server and RTC), so HTTP for both or HTTPS for both.

Example: if SSL is terminated at the reverse proxy, and proxied to HTTP (tomcat), the same thing should happen for RTC (default port 9083-9093)


Possible Configurations

JIRA/Confluence application server can be installed with different network configurations. Depending on the configuration, the RTC configuration page shows different protocol values:

If the protocol field in the configuration page shows HTTP, the app is guessing that the protocol during the full network path (client/<proxy if existing>/server) is HTTP.

If it shows HTTPS, the protocol used is HTTPS for all the network path.

If it shows HTTP + SSL, the protocol used is HTTPS to the reverse proxy, then HTTP to the tomcat server.

Here are different network configurations related to protocol value (shown in RTC app configuration page):

Note: For Data Center users, see this section about HTTP+SSL - Data Center configuration.


Prerequisites

Prerequisites valid for every scenario

  • It is possible to configure a desired port (that has to be free and beyond 1024, according to best practices) through the app configuration tab "Real-time Collaboration Service" (9083 is the default for confluence, 9093 for Jira).
  • The selected TCP port for RTC has to be available and reachable on all the network path. verify that the fully qualified domain name of the server (or the proxy, in case of reverse proxy) is correct.
  • In most cases, it's the same as the FQDN of the Atlassian Server Base URL (if the Server Base URL is http://example.com/JIRA, the Server Name in the app configuration name has to be example.com

Prerequisites in case of reverse proxy

  • The selected TCP port for RTC has to be proxied to the application server (to the same port)
  • proxy FQDN has to be solved and reachable by the application server

Prerequisites in case of HTTP + SSL

  • If the proxy is on the same host of the application server, tomcat server should be listening on a different IP (typically, with the parameter address="127.0.0.1" inside server.xml) so that RTC connects to proxy on chosen port in the external interface (e.g. 192.168.1.64), then can be redirected to the same port the tomcat interface
  • The Java runtime environment embedded in jira/confluence installation has to trust the SSL certificate of the proxy, so in case it is self signed or the root certificate unknown to Jre, it has to be imported into the embedded Jre.

Prerequisites for HTTPS

  • If tomcat directly terminate https, server.xml has to be configured to let Tomcat use the certificate file. RTC app reads these values directly from server.xml
  • the Java runtime environment embedded in jira/confluence installation has to trust the SSL certificate, so in case it is self signed or the root certificate unknown to Jre, it has to be imported into the embedded Jre.

Prerequisites for both HTTPS and HTTP+SSL

CA chain - HTTPS, HTTP+SSL:

Please pay attention that the application server (Tomcat) needs to access the proxy or the application server, so the full CA chain has to be trusted. If for testing purposes SSL certificate is self signed, it has to be imported at jre level in a similar way:

echo -n | openssl s_client -connect <jira|confluence_FQDN>:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/<jira|confluence_FQDN>.cert

cd /opt/atlassian/<confluence|jira>/jre/bin

./keytool -keystore ../lib/security/cacerts -import -alias jira -file /tmp/<jira|confluence_FQDN>.cert

HTTP Configuration Examples

HTTP - direct connection

Client connects (http) directly to tomcat (Atlassian service), no extra configuration is required. See the Prerequisites on this section.

See all HTTP configurations.

HTTP - proxy on different server

Client connects to reverse proxy that pass the request (http) to Atlassian service. Reverse proxy and Atlassian service are on different machines. See the Prerequisites on this section.

nginx typical config file
#Confluence application server
server {
    listen <FQDN__or__staticIP>;
    server_name <FQDN>;

    location /confluence {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://<tomcatFQDN__or__tomcatStaticIP>/confluence;
        client_max_body_size 100M;
        proxy_buffer_size 8k;
    }
}

#RTC configuration for Balsamiq Wireframes
server {
    listen <FQDN__or__staticIP>:9083;
    server_name <FQDN>;

    location / {
        proxy_pass http://<tomcatFQDN__or__tomcatStaticIP>:9083;
        include proxy_params;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}
RTC apache 2.4 config example
Listen <FQDN__or__staticIP>:9083
<VirtualHost *:9083>
ProxyRequests off
ProxyPreserveHost On
RewriteEngine on

#### ok for apache 2.4, comment out in apache 2.2 ###
<Proxy *>
Require all granted
</Proxy>
#### end section to comment out ###

ProxyPass / http://<tomcatFQDN__or__tomcatStaticIP>:9083/
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://<tomcatFQDN__or__tomcatStaticIP>:9083%{REQUEST_URI} [P]
</VirtualHost>
haproxy typical config file
#add X-Forwarded-For headers
   option forwardfor

frontend ft_jdc
    bind :80
    default_backend bk_jdc

backend bk_jdc
    server s11 192.168.1.61:8080

frontend ft_jrtc
    bind :9093
    default_backend bk_jrtc

backend bk_jrtc
    server s11 192.168.1.61:9093

See all HTTP configurations.

HTTP - proxy on same server

Client connects (http) to reverse proxy that pass the request (http) to Atlassian service. Reverse proxy and Atlassian service are on the same machine. See the Prerequisites on this section.

Similar to HTTP - proxy on different server, except for:

  • reverse proxy has to listen to public interface and redirect to loopback (127.0.0.1)
  • tomcat (Atlassian service) has to be configured to listen to loopback interface (127.0.0.1)
server.xml Example
<Server port="8000" shutdown="SHUTDOWN" debug="0">
    <Service name="Tomcat-Standalone">
        <Connector port="8090" connectionTimeout="20000" redirectPort="8443"
                address="127.0.0.1"
                maxThreads="48" minSpareThreads="10"
                enableLookups="false" acceptCount="10" debug="0" URIEncoding="U$
                proxyPort="80"
                proxyName="s07.kvm.gozzi"
                scheme="http"
                maxPostSize="2097152"
                protocol="org.apache.coyote.http11.Http11NioProtocol" />
nginx sites configuration Example
#Confluence application server
server {
    listen <FQDN__or__staticIP>:80;
    server_name <FQDN>;

    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8090;
        client_max_body_size 100M;
        proxy_buffer_size 8k;
    }
}

upstream confluence_rtc {
        server 127.0.0.1:9083;
        keepalive 60;
}

#RTC configuration for Balsamiq Wireframes
server {
    listen <FQDN__or__staticIP>:9083;
    server_name <FQDN>;
    proxy_read_timeout 86400s;

    location / {
        proxy_pass http://confluence_rtc;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}
apache 2.4 reverse proxy Example
<VirtualHost *:80>
    ServerName <FQDN>
    ProxyRequests Off

    <Proxy *>
         Require all granted
    </Proxy>

    ProxyPass /synchrony http://127.0.0.1:8091/synchrony

    <Location /synchrony>
    Require all granted
    RewriteEngine on
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
        RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
        RewriteRule .* ws://127.0.0.1:8091%{REQUEST_URI} [P]
     </Location>

    ProxyPass "/confluence"  "http://127.0.0.1:8090/confluence"
    ProxyPassReverse "/confluence"  "http://127.0.0.1:8090/confluence"

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>


Listen <FQDN__or__staticIP>:9083
<VirtualHost *:9083>
  ProxyRequests off
  ProxyPreserveHost On
  RewriteEngine on

#### ok for apache 2.4, comment out in apache 2.2 ###
<Proxy *>
Require all granted
</Proxy>
#### end section to comment out ###

   ProxyPass /socket.io http://127.0.0.1:9083/socket.io
    <Location /socket.io>
        Require all granted
        RewriteEngine on
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
        RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
        RewriteRule .* ws://127.0.0.1:9083%{REQUEST_URI} [P]
     </Location>
</VirtualHost>

See all HTTP configurations.

HTTP data center

Client connects (http) to reverse proxy that balance the request (http) to Atlassian Data Center. Reverse proxy is configured to allow balance for tomcat (sticky mode) and failover for RTC (at now RTC does not support full cluster). See the Prerequisites on this section.

haproxy, 2 nodes
frontend ft_cf_http
   bind :80
    #CORS
    capture request header origin len 128
    http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-Control-Reque$
   default_backend bk_cf_http

backend bk_cf_http
   balance roundrobin
   cookie JSESSIONID prefix nocache
   server s12 192.168.1.62:8090 check cookie s12
   server s13 192.168.1.63:8090 check cookie s13

frontend ft_cf_rtc
   bind :9083 ssl crt /etc/ssl/private/haproxy.pem
   default_backend bk_cf_rtc

backend bk_cf_rtc
  option tcp-check
  server s12 192.168.1.62:9083 check port 8090
  server s13 192.168.1.63:9083 check port 8090 backup

See all HTTP configurations.


HTTP + SSL configuration examples

HTTP+SSL - proxy on different server

Client connects (https) to reverse proxy that pass the request (http) to Atlassian service (on different machines). See the Prerequisites on this section. For CA chain please look also at this section.

Similar to HTTP - proxy on different server, except for the certificate declarations and for the listening ports (ssl).

nginx config example
#JIRA application server
server {
    listen <FQDN__or__staticIP>:443 ssl;
    server_name <FQDN>;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    location /JIRA {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://<tomcatFQDN__or__tomcatStaticIP>:8080/JIRA;
        client_max_body_size 20M;
        proxy_buffer_size 8k;
    }
}


#RTC configuration for Balsamiq Wireframes
server {
        listen <FQDN__or__staticIP>:8092 ssl;
        server_name <FQDN>;

        ssl_certificate /etc/nginx/ssl/nginx.crt;
        ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {
            proxy_pass http://<tomcatFQDN__or__tomcatStaticIP>:8092/;
            include proxy_params;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
    }
}
haproxy configuration example
#add X-Forwarded-For headers
   option forwardfor

frontend ft_jdc_ssl
   bind :443 ssl crt /etc/ssl/private/haproxy.pem

backend bk_jdc
   server s11 192.168.1.61:8080

frontend ft_jrtc_ssl
   bind :9093 ssl crt /etc/ssl/private/haproxy.pem
   default_backend bk_jrtc_ssl

backend bk_jrtc_ssl
  server s11 192.168.1.61:9093
# server <server_name> <tomcatFQDN__or__tomcatStaticIP>:<Rtc_port>
apache 2.4 configuration file example
#### for balsamiq RTC
Listen <FQDN__or__staticIP>:9083
<VirtualHost *:9083>
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
    ProxyRequests off
    ProxyPreserveHost On
    RewriteEngine on

#### ok for apache 2.4, comment out in apache 2.2 ###
<Proxy *>
Require all granted
</Proxy>
#### end section to comment out ###

    ProxyPass / http://<tomcatFQDN__or__tomcatStaticIP>:9083/
    RewriteEngine on
    RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
    RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
    RewriteRule .* ws://<tomcatFQDN__or__tomcatStaticIP>:9083%{REQUEST_URI} [P]
</VirtualHost>

See all HTTP+SSL configurations.

HTTP+SSL - proxy on same server

Client connects (https) to reverse proxy that pass the request (http) to Atlassian service. Reverse proxy and Atlassian service are on the same machine (address=127.0.0.1 inside server.xml). See the Prerequisites on this section. For CA chain please look also at this section.

server.xml
<Connector port="8090" connectionTimeout="20000" redirectPort="8443"
        address="127.0.0.1"
        maxThreads="48" minSpareThreads="10"
        enableLookups="false" acceptCount="10" debug="0" URIEncoding="U$
        proxyPort="443"
        proxyName="example.com"
        scheme="https"
        maxPostSize="2097152"
        protocol="org.apache.coyote.http11.Http11NioProtocol" />
nginx config file
#Confluence application server
server {
    listen <FQDN__or__staticIP>:443 ssl;
    server_name <FQDN>;

    ssl_certificate               /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key           /etc/ssl/private/nginx-selfsigned.key;


    location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8090;
        client_max_body_size 100M;
        proxy_buffer_size 8k;
    }
}

upstream confluence_rtc {
        server 127.0.0.1:9093;
        keepalive 60;
}

#RTC configuration for Balsamiq Wireframes
server {
    listen <FQDN__or__staticIP>:9093 ssl;
    server_name <FQDN>;

    proxy_read_timeout 86400s;

    ssl_certificate               /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key           /etc/ssl/private/nginx-selfsigned.key;

    location / {
        proxy_pass http://confluence_rtc;
        proxy_redirect off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
    }
}
apache 2.4 configuration file example
##### standard confluence section
   <VirtualHost *:443>
    ServerName <FQDN>
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
    ProxyRequests Off
    ProxyPreserveHost On
###comment out in case of apache 2.2
    <Proxy *>
         Require all granted
    </Proxy>
#### end section to comment

   ProxyPass /synchrony http://127.0.0.1:8091/synchrony
    <Location /synchrony>
        Require all granted
        RewriteEngine on
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
        RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
        RewriteRule .* ws://127.0.0.1:8091%{REQUEST_URI} [P]
     </Location>

    ProxyPass /confluence  http://127.0.0.1:8090/confluence
    ProxyPassReverse /confluence  http://127.0.0.1:8090/confluence

    <Location /confluence>
        Require all granted
    </Location>
    </VirtualHost>
##### end of confluence section

#### balsamiq rtc section
Listen <FQDN__or__staticIP>:9083
<VirtualHost *:9083>
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
ProxyRequests off
ProxyPreserveHost On
RewriteEngine on

#### ok for apache 2.4, comment out in apache 2.2 ###
<Proxy *>
Require all granted
</Proxy>
#### end section to comment out ###

ProxyPass / http://127.0.0.1:9083/
RewriteEngine on
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
RewriteRule .* ws://127.0.0.1:9083%{REQUEST_URI} [P]
</VirtualHost>
###end of balsamiq rtc section

See all HTTP+SSL configurations.

HTTP+SSL - data center

Client connects (https) to load balancer/reverse proxy that pass the request (http) to Atlassian Data Center. The load balancer/reverse proxy is configured to allow balance for tomcat and failover for RTC and the Balsamiq java servlet, BAS (for now, BAS/RTC does not support full cluster but can be configured to work on a node with failover on another). See the Prerequisites on this section. For CA chain please look also at this section.

haproxy example
frontend f_https
   bind :80
   bind :443 ssl crt /etc/ssl/private/haproxy.pem

   redirect scheme https if !{ ssl_fc }
   mode http

# acl rule for forwarding /bas path to only one node
   acl jiradc_bas path_beg -i /dc-jira/bas
   acl jiradc     path_beg -i /dc-jira

   use_backend b_jiradc_bas    if jiradc_bas
   use_backend b_jiradc        if jiradc

 # Add CORS Headers When Origin Header Is Present
    capture request header origin len 128
    http-response add-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Methods:\ GET,\ HEAD,\ OPTIONS,\ POST,\ PUT  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Credentials:\ true  if { capture.req.hdr(0) -m found }
    rspadd Access-Control-Allow-Headers:\ Origin,\ Accept,\ X-Requested-With,\ Content-Type,\ Access-Control-Request-Method,\ Access-C$


backend b_jiradc
   balance roundrobin
   cookie JSESSIONID prefix nocache
   server s12 192.168.1.62:8080 check cookie s12
   server s13 192.168.1.63:8080 check cookie s13


backend b_jiradc_bas
  option tcp-check
  server s12 192.168.1.62:8080 check port 8080
  server s13 192.168.1.63:8080 check port 8080 backup


frontend f_jiradc_rtc
   bind :9093 ssl crt /etc/ssl/private/haproxy.pem
   default_backend b_jiradc_rtc


backend b_jiradc_rtc
  option tcp-check
  server s12 192.168.1.62:9093 check port 8080
  server s13 192.168.1.63:9093 check port 8080 backup

See all HTTP+SSL configurations.


HTTPS configuration examples

HTTPS - direct connection

Client connects (https) directly to Atlassian service. See the Prerequisites on this section. For CA chain please look also at this section.

Balsamiq servlet reads the following parameters directly from Atlassian server.xml inside the application https Connector.

keystoreFile="/keystore-location"
keystorePass="somethingLong"
keystoreType="JKS"

See all HTTPS configurations.

HTTPS - proxy on different server

Client connects (https) to reverse proxy that pass the request (https) to Atlassian service (on different machines). Reverse proxy redirect https instead of http. See the Prerequisites on this section. For CA chain please look also at this section.

apache configuration file example SSL - SSL
<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin gozzi@balsamiq.com
        ServerName <FQDN>
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
        ProxyRequests Off
        <Proxy *>
           Require all granted
        </Proxy>
        SSLProxyEngine on
###needed only if self signed and not imported
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
#### end optional
        ProxyPass /synchrony https://<tomcatFQDN__or__tomcatStaticIP>:8091/synchrony

    <Location /synchrony>
       Require all granted
       RewriteEngine on
       RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
       RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
       RewriteRule .* wss://<tomcatFQDN__or__tomcatStaticIP>:8091%{REQUEST_URI} [P]
     </Location>

     ProxyPass "/confluence/"  "https://<tomcatFQDN__or__tomcatStaticIP>:8443/confluence/"
     ProxyPassReverse "/confluence/"  "https://<tomcatFQDN__or__tomcatStaticIP>:8443/confluence/"
    </VirtualHost>
</IfModule>


Listen <FQDN__or__staticIP>:9084
<VirtualHost *:9084>
     ServerName <FQDN>
     DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile      /etc/ssl/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
    ProxyRequests off
   <Proxy *>
       Require all granted
    </Proxy>
  ProxyPass /socket.io  https://<tomcatFQDN__or__tomcatStaticIP>:9084/socket.io
    <Location /socket.io>
    Require all granted
    RewriteEngine on
        RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC]
        RewriteCond %{HTTP:CONNECTION} Upgrade$ [NC]
        RewriteRule .* wss://<tomcatFQDN__or__tomcatStaticIP>:9084%{REQUEST_URI} [P]
     </Location>
  RewriteEngine on
  AllowEncodedSlashes on
    SSLProxyEngine on
###needed only if self signed and not imported
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off
###end optional
  ProxyPass / https://<tomcatFQDN__or__tomcatStaticIP>:9084/
  ProxyPassReverse / https://<tomcatFQDN__or__tomcatStaticIP>:9084/
</VirtualHost>
nginx configuration example SSL-SSL
server {
    server_name <FQDN>;
    listen <FQDN__or__staticIP>:443 ssl;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    location /confluence {
      proxy_pass https://<tomcatFQDN__or__tomcatStaticIP>:8443/confluence;
      client_max_body_size 100M;
      proxy_buffer_size 8k;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

upstream confluence_rtc {
        server <tomcatFQDN__or__tomcatStaticIP>:9083;
        keepalive 60;
}

server {
    server_name <FQDN>;
    listen <FQDN__or__staticIP>:9083 ssl;
    listen [::]:9083 ssl;
    proxy_read_timeout 86400s;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    location / {
        proxy_pass https://confluence_rtc;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # WebSocket support (nginx 1.4)
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
   }
}

See all HTTPS configurations.


If you run into any RTC issues (or are using a configuration different from these), please get in touch. We are here to help however we can!