Configure Web Proxy Support for Confluence

Some of Confluence's macros, such as {rss} and {jiraissues} need to make web requests to remote servers in order to retrieve data. If Confluence is deployed within a data-centre or DMZ, it may not be able to access the Internet directly to make these requests. If you find that the {rss} macro does not work, ask your network administrator if Confluence needs to access the Internet through a web proxy.

Confluence でのアウトバウンド HTTP プロキシの設定

Proxy support is configured by passing certain system properties to the Java Virtual Machine on startup. These properties follow the conventions defined by Sun:

• http.proxyHost
• http.proxyPort (default: 80)
• http.nonProxyHosts (default: <none>)

At a minimum, you need to define http.proxyHost to configure an HTTP proxy. System property configuration is described on the Configuring System Properties page.

Properties http.proxyHost and http.proxyPort indicate the proxy server and port that the http protocol handler will use.

-Dhttp.proxyHost=proxy.example.org -Dhttp.proxyPort=8080

Property http.nonProxyHosts indicates the hosts which should be connected to directly and not through the proxy server. The value can be a list of hosts, each seperated by a |, and in addition a wildcard character (*) can be used for matching. For example:

-Dhttp.nonProxyHosts=*.foo.com|localhost

Note: You may need to escape the pipe character (|) in some command-line environments.

If the http.nonProxyHosts property is not configured, all web requests will be sent to the proxy.

HTTPプロキシ認証の設定

プロキシ認証についても、アプリケーション サーバーの設定ファイルで、Java にシステム プロパティを加えることによって設定できます。具体的には、次の 2 つのプロパティです。

• http.proxyUser – username
• http.proxyPassword – secret

Authentication has a few more options in Confluence 2.10 and later, as documented below.

HTTP proxy NTLM authentication (2.10 and later)

Confluence 2.10 and later supports NTLM authentication for outbound HTTP proxies when Confluence is running on a Windows server.

To clarify, this means the {rss} and {jiraissues} macro will be able to contact external websites if requests have to go through a proxy that requires Windows authentication. This support is not related to logging in Confluence users automatically with NTLM, for which there is a user-contributed authenticator available.

To configure NTLM authentication for your HTTP proxy, you need to define a domain system property, http.auth.ntlm.domain, in addition to the properties for host, port and username mentioned above:

-Dhttp.auth.ntlm.domain=MYDOMAIN

Configuring authentication order (2.10 and later)

HTTP プロキシが複数の認証メカニズムを提供している場合があります。プロキシ認証失敗メッセージを受け取った場合、最初にユーザー名とパスワードを確認する必要があり、次いで Confluence サーバーのパケット スニファを使用して、プロキシ認証に失敗した HTTP ヘッダーを調べることによって、この問題を確認できます。（これについては、このドキュメントの対象範囲外です。）

To set the order for multiple authentication methods, you can set the system property http.proxyAuth to a comma-separated list of authentication methods. The available methods are: ntlm, digest and basic; this is also the default order for these methods.

たとえば、NTLM 認証の前に基本認証を試み、ダイジェスト認証を完全に回避するには、http.proxyAuth プロパティを次の値に設定します。

-Dhttp.proxyAuth=basic,ntlm

トラブルシューティング

There's a diagnostic jsp file in CONF-9719.

Despite having followed the instructions on this page, in some circumstances, when you attempt to access the Plugin Repository client, or use it to download a new plugin or upgrade an existing one, you may encounter a 'Status Code [407]' error. If this occurs, please refer to APR-160, which contains further information about how to resolve this problem. You may also need to install a patch file, which can be obtained by lodging an Atlassian Support request (with a reference to issue APR-160). This patch file is required to download plugins successfully under these circumstances.