Multiple add-ons on the same server, error with Confluence add-on

Hello everybody. I reaaaally need your help.

I have a server that will host 2 add-ons: One for hipchat and one for confluence.
Nginx will sit in front of them, having a different port for each, and both using the same SSL certificate.

The hipchat add-on works and installs correctly. But for some reason, the Confluence add-on cannot be installed, when I attempt to install it it displays the following error:

Problem accessing the file https://enevapps.com:9444.

If I click on that link, the descriptor displays correctly. The SSL certificate is OK, it is even A rated on that page that checks the SSL strength, and the Atlassian descriptor validator is correct, etc.

What’s weird though is that if I add a “credentials.json”, as you know node starts an ngrok tunnel. That ngrok tunnel CAN be installed!
I checked and I can’t see what the difference is between the ngrok hosted service and the nginx hosted service, and of course I don’t have access to the confluence logs because it is Cloud based… and the error message doesn’t really help.

I checked the HTTP requests and responses for both, and some headers differ but nothing that stands out…

What could I be doing wrong? What should I check? :frowning:

Edit: I guess it MAY be a problem with the SSL. If I use the SSLPoke class as described here https://gist.github.com/4ndrej/4547029
in my local computer pointing to my server (LetsEncrypt issued SSL) it displays the error. Of course I cannot follow the procedure described there for it to ‘trust’ the certificate, since the problem is in the cloud. Pointed at another site I own which has GoDaddy cert and it connects successfully.

Can’t I use Lets Encrypt? Do I need to buy a SSL cert from GoDaddy or something like that? :frowning:

You’re going to be OK with Let’s Encrypt. Firstly, we use Let’s Encrypt for our JIRA Cloud add-on, and it works fine. Secondly, the SSL Server Test for enevapps.com reports that everything is OK there.

Two things I’ve noticed that may, or may not be relevant:
a) there is a minor problem in your descriptor: the “links” section has invalid URLs (double slashes); and
b) the base URL points to an ngrok address. Now that could be fine, but it makes me wonder: is there a problem with that address when running behind nginx? The base URL is used for all communication with your add-on from Confluence.

Do you see anything anomalous in the nginx logs?

Thanks for your answer David.
Actually I changed to the ngrok address for testing and saw that it worked, but previously the baseUrl was https://enevapps.com:9443 and the problem was the same.

Let me make some more tests and check if logs tell anything interesting.

Another thing, I downloaded a local Confluence environment and tested it and got the same error, but the Confluence java logs don’t say anything interesting:

[INFO] [talledLocalContainer] 2017-06-16 20:19:24,399 ERROR [UpmAsynchronousTaskManager:thread-2] [rest.resources.install.InstallFromUriTask] download Error downloading plugin from https://enevapps.com:9444

And that’s it :confused:

Update: If I change everything to port 443, it works.
I triple checked and port 9444 is completely open and working. But if I use that, the addon installation just fails.

Have you had any experience using Confluence addons in different ports? Specifically with Confluence, because as I told initially the Hipchat addon works perfectly on port 9443.

I even checked the Confluence addon on that port (9443) but no, apparently it wants only 443 :rage:

Maybe it’s time to consider using subdomains instead of ports: confluence.enevapps.com:443 and hipchat.enevapps.com:443.

Will do. Guess I’ll open an issue in Confluence or something so that can be addressed, I’m pretty sure I did the configuration correctly, and that deleted 2 days of my life.

Thanks for your time David.