Some of Confluence's macros, such as {rss} and {jiraissues} need to make web requests to remote servers in order to retrieve data. If Confluence is deployed within a data-centre or DMZ, it may not be able to access the Internet directly to make these requests. If you find that the {rss} macro does not work, ask your network administrator if Confluence needs to access the Internet through a web proxy.

Confluence でのアウトバウンド HTTP プロキシの設定

Proxy support is configured by passing certain system properties to the Java Virtual Machine on startup. These properties follow the conventions defined by Sun:

  • http.proxyHost
  • http.proxyPort (default: 80)
  • http.nonProxyHosts (default: <none>)

At a minimum, you need to define http.proxyHost to configure an HTTP proxy. System property configuration is described on the Configuring System Properties page.

Properties http.proxyHost and http.proxyPort indicate the proxy server and port that the http protocol handler will use. 

-Dhttp.proxyHost=proxy.example.org -Dhttp.proxyPort=8080

Property http.nonProxyHosts indicates the hosts which should be connected to directly and not through the proxy server. The value can be a list of hosts, each separated by a |, and in addition a wildcard character (*) can be used for matching. For example:

-Dhttp.nonProxyHosts=*.foo.com|localhost

Note: You may need to escape the pipe character (|) in some command-line environments.

If the http.nonProxyHosts property is not configured, all web requests will be sent to the proxy.

HTTPプロキシ認証の設定

プロキシ認証についても、アプリケーション サーバーの設定ファイルで、Java にシステム プロパティを加えることによって設定できます。具体的には、次の 2 つのプロパティです。

  • http.proxyUser – username
  • http.proxyPassword – secret

Authentication has a few more options in Confluence 2.10 and later, as documented below.

HTTP proxy (Microsoft ISA) NTLM authentication (2.10 and later)

Confluence 2.10 and later supports NTLM authentication for outbound HTTP proxies when Confluence is running on a Windows server.

To clarify, this means the {rss} and {jiraissues} macro will be able to contact external websites if requests have to go through a proxy that requires Windows authentication. This support is not related to logging in Confluence users automatically with NTLM, for which there is a user-contributed authenticator available.

To configure NTLM authentication for your HTTP proxy, you need to define a domain system property, http.auth.ntlm.domain, in addition to the properties for host, port and username mentioned above:

-Dhttp.auth.ntlm.domain=MYDOMAIN

Configuring authentication order (2.10 and later)

HTTP プロキシが複数の認証メカニズムを提供している場合があります。プロキシ認証失敗メッセージを受け取った場合、最初にユーザー名とパスワードを確認する必要があり、次いで Confluence サーバーのパケット スニファを使用して、プロキシ認証に失敗した HTTP ヘッダーを調べることによって、この問題を確認できます。(これについては、このドキュメントの対象範囲外です。)

To set the order for multiple authentication methods, you can set the system property http.proxyAuth to a comma-separated list of authentication methods. The available methods are: ntlm, digest and basic; this is also the default order for these methods.

たとえば、NTLM 認証の前に基本認証を試み、ダイジェスト認証を完全に回避するには、http.proxyAuth プロパティを次の値に設定します。

-Dhttp.proxyAuth=basic,ntlm

トラブルシューティング

  1. 接続パラメーターを評価するには、CONF-9719 に診断 JSP ファイルがあります。
  2. ステータスコード[ 407 ] 」エラーの説明は APR-160 にあります。
  3. Autoproxies are not supported yet. See CONF-16941.

Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 2.5 Australia License.