ProxyRemote Directive doesn't work with HTTPS:
<VirtualHost *:443>
ServerName foo.foo
SSLProxyEngine on
SSLProxyVerify none
#SSLProxyVerifyDepth 10
SSLProxyCheckPeerCN off
# SAAS: disable hostname check
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLProxyCACertificatePath /etc/ssl/certs/
ProxyRemote * https://10.27.73.178:443/
ProxyPass /api/ https://foo.gw.dev/api/
ProxyPassReverse /api/ https://foo.gw.dev/api/
SSLEngine on
SSLCertificateFile /storage/user/conf/ssl/web_cert.pem
SSLCertificateKeyFile /storage/user/conf/ssl/web_key.pem
SSLCertificateChainFile /storage/user/conf/ssl/web_chain.pem
SSLCACertificatePath /storage/user/conf/ssl/
SSLVerifyClient none
</VirtualHost>
It works if I specify http URL, like
ProxyRemote * http://10.27.73.178:3128/
I think it is a certificate checking issue, where exactly should I specify the proxy CA certificate?
I get the following error logs:
[Wed Nov 27 14:35:40.961981 2019] [proxy_http:trace1] [pid 32633:tid 140286441285376] mod_proxy_http.c(1931): [client 127.0.0.1:54302] HTTP: serving URL https://foo.gw.dev/api/
[Wed Nov 27 14:35:40.961989 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2302): AH00942: HTTPS: has acquired connection for (foo.gw.dev)
[Wed Nov 27 14:35:40.961993 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2355): [client 127.0.0.1:54302] AH00944: connecting https://foo.gw.dev/api/ to foo.gw.dev:443
[Wed Nov 27 14:35:40.962067 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2564): [client 127.0.0.1:54302] AH00947: connected /api to 10.27.73.178:443
[Wed Nov 27 14:35:40.962086 2019] [proxy:trace2] [pid 32633:tid 140286441285376] proxy_util.c(2999): HTTPS: fam 2 socket created to connect to foo.gw.dev
[Wed Nov 27 14:35:41.172521 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(3033): AH02824: HTTPS: connection established with 10.27.73.178:443 (foo.gw.dev)
[Wed Nov 27 14:35:41.172570 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2660): AH00948: CONNECT: sending the CONNECT request for foo.gw.dev:443 to the remote proxy 10.27.73.178:443 (10.27.73.178)
[Wed Nov 27 14:35:41.383758 2019] [proxy:error] [pid 32633:tid 140286441285376] (104)Connection reset by peer: AH00958: HTTPS: attempt to connect to foo.gw.dev:443 via http CONNECT through 10.27.73.178:443 (foo.gw.dev) failed
[Wed Nov 27 14:35:41.383798 2019] [proxy_http:error] [pid 32633:tid 140286441285376] [client 127.0.0.1:54302] AH01114: HTTP: failed to make connection to backend: 10.27.73.178
[Wed Nov 27 14:35:41.383802 2019] [proxy:debug] [pid 32633:tid 140286441285376] proxy_util.c(2317): AH00943: HTTPS: has released connection for (foo.gw.dev)
Related
I make following the post https://www to https://no-www redirection.
I have finally managed to generate a wildcard certificate *.website.com which allows me with rewrite rules to get redirection to https://website.com from initially https://www.website.com.
Now, I am faced to another issue: my CGI scripts in cgi-bin directory are not working anymore like for example: https://website.com/cgi-bin/awstats.pl
I am using the following rewrite rules to get https://www.website.com to https://webiste.com (using zope framework behind apache) :
<VirtualHost *:443>
# Name
ServerAdmin admin#website.com
ServerName website.com
ServerAlias www.website.com
# LOG
CustomLog /var/log/apache2/access.log combined
# ACTIVATE SSL
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/website.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/website.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/website.com/chain.pem
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
SSLProxyEngine On
RequestHeader set Front-End-Https "On"
#CacheDisable *
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
Alias /awstatsclasses "/usr/share/awstats/lib/"
Alias /awstats-icon "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
<Directory "/usr/lib/cgi-bin/">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
SSLRequireSSL
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin admin#website.com
ServerName website.com
ServerAlias www.website.com
RewriteCond %{REQUEST_URI} ^/www\. [NC,OR]
RewriteCond %{REQUEST_URI} !^/podcast [NC]
# Rewrite below works : redirect 80 => https
RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
# For Zope
RewriteRule ^/(.*) http://localhost:9674/++vh++http:%{SERVER_NAME}:80/++/$1 [P,L]
</IfModule>
</VirtualHost>
It's pretty tricky but the result is that if I type : https://website.com/cgi-bin/awstats.pl, I get the equivalent of a 404 error of Apache2 but coming from Zope.
How to make work my CGI scripts again ?
It's frustrating from previous post : I have fixed the redirection https://www.website.com to https://website.com but right now, these are the CGI scripts which are no longer accessible.
Before the modifications about the redirection https://www to https://no-www, the scripts were available. I don't understand where it could come from.
Update 1
Output of Apache2:
[Sun Mar 01 10:49:33.445944 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(383): [client 91.171.129.151:7825] AH02034: Subsequent (No.7) HTTPS request received for child 7 (server website.com:443), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.445986 2020] [authz_core:debug] [pid 9866] mod_authz_core.c(846): [client 91.171.129.151:7825] AH01628: authorization result: granted (no directives), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446022 2020] [proxy:debug] [pid 9866] mod_proxy.c(1249): [client 91.171.129.151:7825] AH01143: Running scheme https handler (attempt 0), referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446032 2020] [proxy:debug] [pid 9866] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.446041 2020] [proxy:debug] [pid 9866] proxy_util.c(2369): [client 91.171.129.151:7825] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446204 2020] [proxy:debug] [pid 9866] proxy_util.c(2578): [client 91.171.129.151:7825] AH00947: connected /++vh++https:website.com:443/++/images/up-arrow.png to localhost:8443, referer: https://website.com/style/style2.css
[Sun Mar 01 10:49:33.446288 2020] [proxy:debug] [pid 9866] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.446307 2020] [proxy:debug] [pid 9866] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.446320 2020] [ssl:info] [pid 9866] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.454637 2020] [proxy:debug] [pid 9865] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.454721 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.454772 2020] [proxy:debug] [pid 9865] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459030 2020] [proxy:debug] [pid 9851] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.459109 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.459144 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.459161 2020] [proxy:debug] [pid 9851] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.459193 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.463339 2020] [ssl:debug] [pid 9866] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.463411 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.463486 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.463534 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.471527 2020] [proxy:debug] [pid 9866] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.471590 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.471627 2020] [proxy:debug] [pid 9866] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:33.511179 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(383): [client 91.171.129.151:7821] AH02034: Subsequent (No.8) HTTPS request received for child 4 (server website.com:443)
[Sun Mar 01 10:49:33.511249 2020] [authz_core:debug] [pid 9853] mod_authz_core.c(846): [client 91.171.129.151:7821] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:33.511303 2020] [proxy:debug] [pid 9853] mod_proxy.c(1249): [client 91.171.129.151:7821] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:33.511332 2020] [proxy:debug] [pid 9853] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:33.511343 2020] [proxy:debug] [pid 9853] proxy_util.c(2369): [client 91.171.129.151:7821] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511551 2020] [proxy:debug] [pid 9853] proxy_util.c(2578): [client 91.171.129.151:7821] AH00947: connected /++vh++https:website.com:443/++/favicon.ico to localhost:8443
[Sun Mar 01 10:49:33.511670 2020] [proxy:debug] [pid 9853] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:33.511696 2020] [proxy:debug] [pid 9853] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:33.511713 2020] [ssl:info] [pid 9853] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:33.512494 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.512541 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:33.517345 2020] [ssl:debug] [pid 9853] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:33.525382 2020] [proxy:debug] [pid 9853] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:33.525443 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:33.525476 2020] [proxy:debug] [pid 9853] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:34.109743 2020] [watchdog:debug] [pid 9869] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.109885 2020] [proxy:debug] [pid 9869] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.109901 2020] [proxy:debug] [pid 9869] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.109955 2020] [proxy:debug] [pid 9869] proxy_util.c(2032): AH00931: initialized single connection worker in child 9869 for (*)
[Sun Mar 01 10:49:34.110492 2020] [watchdog:debug] [pid 9870] mod_watchdog.c(567): AH02980: Watchdog: nothing configured?
[Sun Mar 01 10:49:34.110610 2020] [proxy:debug] [pid 9870] proxy_util.c(1924): AH00925: initializing worker proxy:reverse shared
[Sun Mar 01 10:49:34.110625 2020] [proxy:debug] [pid 9870] proxy_util.c(1981): AH00927: initializing worker proxy:reverse local
[Sun Mar 01 10:49:34.110674 2020] [proxy:debug] [pid 9870] proxy_util.c(2032): AH00931: initialized single connection worker in child 9870 for (*)
[Sun Mar 01 10:49:48.437276 2020] [ssl:debug] [pid 9864] ssl_engine_io.c(1106): [client 91.171.129.151:7823] AH02001: Connection closed to child 5 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.438985 2020] [ssl:debug] [pid 9849] ssl_engine_io.c(1106): [client 91.171.129.151:7822] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.467248 2020] [ssl:debug] [pid 9865] ssl_engine_io.c(1106): [client 91.171.129.151:7824] AH02001: Connection closed to child 6 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.470814 2020] [ssl:debug] [pid 9851] ssl_engine_io.c(1106): [client 91.171.129.151:7820] AH02001: Connection closed to child 2 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.478015 2020] [ssl:debug] [pid 9866] ssl_engine_io.c(1106): [client 91.171.129.151:7825] AH02001: Connection closed to child 7 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:48.539212 2020] [ssl:debug] [pid 9853] ssl_engine_io.c(1106): [client 91.171.129.151:7821] AH02001: Connection closed to child 4 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.282123 2020] [ssl:info] [pid 9852] [client 127.0.0.1:49482] AH01964: Connection to child 3 established (server website.com:443)
[Sun Mar 01 10:49:56.282356 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282407 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2319): [client 127.0.0.1:49482] AH02043: SSL virtual host for servername website.com found
[Sun Mar 01 10:49:56.282418 2020] [core:debug] [pid 9852] protocol.c(2314): [client 127.0.0.1:49482] AH03155: select protocol from , choices=h2,http/1.1 for server website.com
[Sun Mar 01 10:49:56.296616 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [client 127.0.0.1:49482] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
[Sun Mar 01 10:49:56.296936 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(383): [client 127.0.0.1:49482] AH02034: Initial (No.1) HTTPS request received for child 3 (server website.com:443)
[Sun Mar 01 10:49:56.297023 2020] [authz_core:debug] [pid 9852] mod_authz_core.c(846): [client 127.0.0.1:49482] AH01628: authorization result: granted (no directives)
[Sun Mar 01 10:49:56.297087 2020] [proxy:debug] [pid 9852] mod_proxy.c(1249): [client 127.0.0.1:49482] AH01143: Running scheme https handler (attempt 0)
[Sun Mar 01 10:49:56.297101 2020] [proxy:debug] [pid 9852] proxy_util.c(2316): AH00942: HTTPS: has acquired connection for (*)
[Sun Mar 01 10:49:56.297113 2020] [proxy:debug] [pid 9852] proxy_util.c(2369): [client 127.0.0.1:49482] AH00944: connecting https://localhost:8443/++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297467 2020] [proxy:debug] [pid 9852] proxy_util.c(2578): [client 127.0.0.1:49482] AH00947: connected /++vh++https:website.com:443/++/index.html to localhost:8443
[Sun Mar 01 10:49:56.297696 2020] [proxy:debug] [pid 9852] proxy_util.c(3047): AH02824: HTTPS: connection established with 127.0.0.1:8443 (*)
[Sun Mar 01 10:49:56.297722 2020] [proxy:debug] [pid 9852] proxy_util.c(3215): AH00962: HTTPS: connection complete to 127.0.0.1:8443 (localhost)
[Sun Mar 01 10:49:56.297739 2020] [ssl:info] [pid 9852] [remote 127.0.0.1:8443] AH01964: Connection to child 0 established (server website.com:443)
[Sun Mar 01 10:49:56.298590 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.298625 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(1740): [remote 127.0.0.1:8443] AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: CN=website.com / issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US / serial: 033E19116893A728CDC809BA511D98069F7E / notbefore: Jun 29 23:22:00 2017 GMT / notafter: Sep 27 23:22:00 2017 GMT]
[Sun Mar 01 10:49:56.303513 2020] [ssl:debug] [pid 9852] ssl_engine_kernel.c(2235): [remote 127.0.0.1:8443] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Sun Mar 01 10:49:56.312046 2020] [proxy:debug] [pid 9852] proxy_util.c(2331): AH00943: *: has released connection for (*)
[Sun Mar 01 10:49:56.312139 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [remote 127.0.0.1:8443] AH02001: Connection closed to child 0 with standard shutdown (server website.com:443)
[Sun Mar 01 10:49:56.312204 2020] [proxy:debug] [pid 9852] proxy_util.c(3154): [remote 127.0.0.1:8443] AH02642: proxy: connection shutdown
[Sun Mar 01 10:49:56.312461 2020] [ssl:debug] [pid 9852] ssl_engine_io.c(1106): [client 127.0.0.1:49482] AH02001: Connection closed to child 3 with standard shutdown (server website.com:443):%s/do
And output of Zope:
127.0.0.1 - - [01/Mar/2020:10:49:01 +0200] "GET /++vh++https:www.website.com:443/++/cgi-bin/awstats.pl HTTP/1.1" 404 102 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0"
Update 2
Some interesting results to fix my issue:
If I do: 1)
<VirtualHost *:443>
...
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*) https://website.com/$1 [R=301,L]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
...
</VirtualHost>
Then, the redirection from https://www to https:// is well achieved but CGI scripts generates a Zope error.
If I do: 2) remove the line:
`RewriteRule ^/(.*) https://website.com/$1 [R=301,L]` )
i.e :
<VirtualHost *:443>
...
# REWRITE
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats [NC]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
...
</VirtualHost>
Then the redirection from https://www to https:// is not achieved but CGI scripts are available by typing in browser https://website.com/cgi-bin/awstats.pl.
How could I combine these 2 different configurations in order to have in the same time redirection and CGI scripts available ?
What you're missing in your workarounds is that the RewriteCond's only associate with the single RewriteRule that immediately follows.
If you want to skip the redirect to zope when the CGI is requested, exclude that particular RewriteRule by preceding it with a condition:
RewriteCond %{REQUEST_URI} !^/cgi-bin/awstats
# existing rule from Question
RewriteRule ^/(.*) https://localhost:8443/++vh++https:%{SERVER_NAME}:443/++/$1 [P,L]
I use Apache server on Ubuntu 14.04. In order redirect all requests from mypage.com to mypage.com:8080/myapp I use mod_proxy. My 000-default.conf looks as follows:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPass / http://mypage.com:8080/myapp/ retry=0 timeout=10
ProxyPassReverse / http://mypage.com:8080/myapp/
ServerName mypage.com
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
And that is my ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf
Listen 80
Listen 81
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
And everything works fine until in a several days I always get 503 Service Unavailable error page. and this is written in error.log before error occurs
[Sun Oct 25 21:22:27.779422 2015] [core:error] [pid 14595] [client 38.104.233.252:45239] AH00126: Invalid URI in request GET HTTP/1.1 HTTP/1.1
[Mon Oct 26 02:30:20.925532 2015] [core:error] [pid 15416] [client 190.252.95.102:53508] AH00126: Invalid URI in request GET: index.php HTTP/1.0
[Mon Oct 26 08:22:27.771751 2015] [proxy:error] [pid 15402] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 08:22:27.774040 2015] [proxy:error] [pid 15402] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 08:22:27.774111 2015] [proxy_http:error] [pid 15402] [client 5.28.160.27:48692] AH01114: HTTP: failed to make connection to backend: mypage.com
[Mon Oct 26 10:55:51.655213 2015] [proxy:error] [pid 15406] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 10:55:51.655422 2015] [proxy:error] [pid 15406] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 10:55:51.655470 2015] [proxy_http:error] [pid 15406] [client 169.57.5.20:60000] AH01114: HTTP: failed to make connection to backend: mypage.com
[Mon Oct 26 13:32:00.442031 2015] [proxy:error] [pid 15408] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 13:32:00.442356 2015] [proxy:error] [pid 15408] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 13:32:00.442413 2015] [proxy_http:error] [pid 15408] [client 217.168.189.15:50222] AH01114: HTTP: failed to make connection to backend: mypage.com, referer: http://mypage.com/admn
[Mon Oct 26 13:32:12.245050 2015] [proxy:error] [pid 15402] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 13:32:12.245179 2015] [proxy:error] [pid 15402] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 13:32:12.245190 2015] [proxy_http:error] [pid 15402] [client 217.168.189.15:50225] AH01114: HTTP: failed to make connection to backend: mypage.com, referer: http://mypage.com/admn
[Mon Oct 26 13:34:44.343614 2015] [mpm_prefork:notice] [pid 991] AH00169: caught SIGTERM, shutting down
[Mon Oct 26 13:36:07.703185 2015] [mpm_prefork:notice] [pid 991] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 configured -- resuming normal operations
[Mon Oct 26 13:36:07.708761 2015] [core:notice] [pid 991] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 27 01:20:23.236327 2015] [mpm_prefork:notice] [pid 991] AH00169: caught SIGTERM, shutting down
[Tue Oct 27 01:20:24.265160 2015] [mpm_prefork:notice] [pid 3247] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 configured -- resuming normal operations
[Tue Oct 27 01:20:24.265243 2015] [core:notice] [pid 3247] AH00094: Command line: '/usr/sbin/apache2'
[Tue Oct 27 01:41:17.177723 2015] [mpm_prefork:notice] [pid 3247] AH00169: caught SIGTERM, shutting down
[Tue Oct 27 01:41:18.219244 2015] [mpm_prefork:notice] [pid 11636] AH00163: Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.11 configured -- resuming normal operations
[Tue Oct 27 01:41:18.219351 2015] [core:notice] [pid 11636] AH00094: Command line: '/usr/sbin/apache2'
After I restart my machine it works fine again. Then in 7-10 days it crashes again. Tried a lots of things in internet but always get this error at most in several weeks. Struggling with already for some months.
SELinux is disabled.
The problem is not with Apache because its still serving a 503 page
The problem is with the application running on port number 8080, you are reverse proxying / to http://mypage.com:8080/myapp/ and when Apache is trying to proxy the request its not getting back the response from the 8080 app and so its trowing the message 'Service Unavailable' . Its inferred from the underlying part of the log.
[Mon Oct 26 13:32:00.442031 2015] [proxy:error] [pid 15408] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
[Mon Oct 26 13:32:00.442356 2015] [proxy:error] [pid 15408] AH00959: ap_proxy_connect_backend disabling worker for (mypage.com) for 0s
[Mon Oct 26 13:32:00.442413 2015] [proxy_http:error] [pid 15408] [client 217.168.189.15:50222] AH01114: HTTP: failed to make connection to backend: mypage.com, referer: http://mypage.com/admn
[Mon Oct 26 13:32:12.245050 2015] [proxy:error] [pid 15402] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.1.1:8080 (mypage.com) failed
So check and post(if necessary) the logs of the server running on port number 8080
Even though I found some similar reports on SO no suggestion solved my issue. So I decided to raise a question myself.
I am running Confluence (and Jira) as WARs on a Tomcat instance on Ubuntu. The application is accessible via http://localhost:8080/confluence. I would like to configure apache as a proxy to allow public access via http://confluence.<servername>.de. Following the instructions on https://confluence.atlassian.com/display/DOC/Using+Apache+with+mod_proxy#UsingApachewithmod_proxy-complex I did the following steps:
appended the attributes proxyName="confluence.<servername>.de" and proxyPort="80" to the Connector element in /var/lib/tomcat7/conf/server.xml.
Defined a virtual host in /etc/apache2/sites-enabled/confluence.conf
The confluence.conf has the following content:
<VirtualHost *:80>
ServerName confluence.<servername>.de
ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/confluence
ProxyPassReverse / http://localhost:8080/confluence
ProxyHTMLURLMap / /confluence/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
With this configuration I cannot invoke http://localhost:8080/confluence due to this (wget) output:
--2014-12-23 08:38:13-- http://localhost:8080/confluence
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8080... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://confluence.<servername>.de/confluence/ [following]
--2014-12-23 08:38:13-- http://confluence.<servername>.de/confluence/
Resolving confluence.<servername>.de (confluence.<servername>.de)... 92.51.163.197
Connecting to confluence.<servername>.de (confluence.<servername>.de)|92.51.163.197|:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2014-12-23 08:38:13 ERROR 404: Not Found.
If I remove the attributes proxyName and proxyPort this access is possible. However, the invocation via http://confluence.<servername>.de still yields errors. The output of Apache log suggests that the URL rewrite is corrupt:
[Tue Dec 23 08:50:47.952647 2014] [authz_core:debug] [pid 24715:tid 140609413170944] mod_authz_core.c(828): [client 37.201.226.149:11808] AH01628: authorization result: granted (no directives)
[Tue Dec 23 08:50:47.952809 2014] [proxy:debug] [pid 24715:tid 140609413170944] mod_proxy.c(1104): [client 37.201.226.149:11808] AH01143: Running scheme http handler (attempt 0)
[Tue Dec 23 08:50:47.952838 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2020): AH00942: HTTP: has acquired connection for (localhost)
[Tue Dec 23 08:50:47.952851 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2072): [client 37.201.226.149:11808] AH00944: connecting http://localhost:8080/confluence to localhost:8080
[Tue Dec 23 08:50:47.953069 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2206): [client 37.201.226.149:11808] AH00947: connected /confluence to localhost:8080
[Tue Dec 23 08:50:47.953176 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2483): (111)Connection refused: AH00957: HTTP: attempt to connect to [::1]:8080 (localhost) failed
[Tue Dec 23 08:50:47.953277 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2610): AH00962: HTTP: connection complete to [::1]:8080 (localhost)
[Tue Dec 23 08:50:47.956860 2014] [proxy:debug] [pid 24715:tid 140609413170944] proxy_util.c(2035): AH00943: http: has released connection for (localhost)
[Tue Dec 23 08:50:47.988123 2014] [authz_core:debug] [pid 24715:tid 140609402681088] mod_authz_core.c(828): [client 37.201.226.149:11808] AH01628: authorization result: granted (no directives)
[Tue Dec 23 08:50:47.988231 2014] [proxy:debug] [pid 24715:tid 140609402681088] mod_proxy.c(1104): [client 37.201.226.149:11808] AH01143: Running scheme http handler (attempt 0)
[Tue Dec 23 08:50:47.988250 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2020): AH00942: HTTP: has acquired connection for (localhost)
[Tue Dec 23 08:50:47.988264 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2072): [client 37.201.226.149:11808] AH00944: connecting http://localhost:8080/confluenceconfluence/ to localhost:8080
[Tue Dec 23 08:50:47.988277 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2206): [client 37.201.226.149:11808] AH00947: connected /confluenceconfluence/ to localhost:8080
[Tue Dec 23 08:50:47.990134 2014] [proxy:debug] [pid 24715:tid 140609402681088] proxy_util.c(2035): AH00943: http: has released connection for (localhost)
Am I missing anything? By the way, if I adjust the virtual host configuration in a way that the URL http://<servername>.de/confluence is used as a proxy everything works fine.
Any suggestion would be greatly appreciated.
My personal preference is to deploy applications in subfolders and set up proxy like:
ProxyPass "/confluence/" "http://localhost:8080/confluence/"
ProxyPassReverse "/confluence/" "http://localhost:8080/confluence/"
No need for ProxyHTMLURLMap, that's probably why you see "AH00944: connecting http://localhost:8080/confluenceconfluence/ to localhost:8080"
Setting up like you intended might be a little tricky, since you need the fully qualified domain name of your machine to be confluence.servername.de and you need an A record in your local DNS for this as well. I second Slash's question: can you ping confluence.servername.de?
When this is taken care of, you may also want to look into using these directives, as needed:
ProxyRequests Off
ProxyVia Off
RemoteIPHeader X-Forwarded-For
RequestHeader unset Accept-Encoding
ProxyHTMLEnable On
ProxyHTMLExtended On
<Proxy *>
Require all granted
</Proxy>
My configuration:
<VirtualHost *:80>
ServerAlias local.test
CustomLog /var/log/apache2/custom.access cg-common
ErrorLog /var/log/apache2/custom.error
RewriteEngine On
<Location /p-500x500/>
ErrorDocument 404 /p-500x500/noimg.png
</Location>
ProxyPreserveHost On
ProxyErrorOverride On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>
Whenever I request an image, that exists, the request is extremely fast. However when I request something, that doesn't exist, I get delays up to 20 seconds, until the noimg.png is served correctly.
I looked at error log with LogLevel trace6, and noticed, that there's a long delay between these lines:
[Wed Feb 26 15:42:36.887370 2014] [core:trace6] [pid 3585:tid 4475531264] core_filters.c(525): [remote 172.19.30.253:8098] core_output_filter: flushing because of FLUSH bucket
[Wed Feb 26 15:42:36.945750 2014] [proxy_http:trace3] [pid 3585:tid 4475531264] mod_proxy_http.c(1402): [client ::1:54550] Status from backend: 404
[Wed Feb 26 15:42:36.945785 2014] [proxy_http:trace4] [pid 3585:tid 4475531264] mod_proxy_http.c(1085): [client ::1:54550] Headers received from backend:
[Wed Feb 26 15:42:36.945805 2014] [proxy_http:trace4] [pid 3585:tid 4475531264] mod_proxy_http.c(1088): [client ::1:54550] Server: MochiWeb/1.1 WebMachine/1.10.5 (jokes are better explained)
[Wed Feb 26 15:42:36.945816 2014] [proxy_http:trace4] [pid 3585:tid 4475531264] mod_proxy_http.c(1088): [client ::1:54550] Date: Wed, 26 Feb 2014 13:42:36 GMT
[Wed Feb 26 15:42:36.945825 2014] [proxy_http:trace4] [pid 3585:tid 4475531264] mod_proxy_http.c(1088): [client ::1:54550] Content-Type: text/plain
[Wed Feb 26 15:42:36.945832 2014] [proxy_http:trace4] [pid 3585:tid 4475531264] mod_proxy_http.c(1088): [client ::1:54550] Content-Length: 10
and 12 seconds later:
[Wed Feb 26 15:42:48.159840 2014] [proxy:debug] [pid 3585:tid 4475531264] proxy_util.c(2033): AH00943: HTTP: has released connection for (localhost)
Just came across same thing and after an age searching finally found your page which helped me fix my issue.
It seems to be a bug in Apache 2.4:
https://issues.apache.org/bugzilla/show_bug.cgi?id=53420
I have PHP 5.3.3 with PHP-FPM running at 172.17.0.163:20533. I tested it with nginx and with cgi-fcgi:
$ SCRIPT_FILENAME=/www/localhost/test.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 172.17.0.163:20533
returns
X-Powered-By: PHP/5.3.3
Content-type: text/html
hello, it works!
So, PHP-FPM is working.
Unfortunately, Apache 2.4 has some issues with PHP-FPM:
<VirtualHost *>
UseCanonicalName Off
VirtualDocumentRoot "/www/%0"
RewriteEngine On
RewriteRule ^/(.*\.php(/.*)?)$ fcgi://172.17.0.163:20533/www/%{SERVER_NAME}/$1 [P]
</VirtualHost>
Opening http:// localhost/test.php returns a "404 Not found" error. Non PHP files are working. Looking at the apache error logs, everything looks fine.
[Fri Nov 15 18:53:00.426776 2013] [mpm_event:info] [pid 1959:tid 140474380953408] AH00490: Server built: Nov 13 2013 14:23:31
[Fri Nov 15 18:53:00.426787 2013] [core:notice] [pid 1959:tid 140474380953408] AH00094: Command line: '/usr/local/sbin/httpd'
[Fri Nov 15 18:53:00.426917 2013] [proxy:debug] [pid 3028:tid 140474380953408] proxy_util.c(1694): AH00925: initializing worker proxy:reverse shared
[Fri Nov 15 18:53:00.426950 2013] [proxy:debug] [pid 3028:tid 140474380953408] proxy_util.c(1734): AH00927: initializing worker proxy:reverse local
[Fri Nov 15 18:53:00.427010 2013] [proxy:debug] [pid 3028:tid 140474380953408] proxy_util.c(1769): AH00930: initialized pool in child 3028 for (*) min=0 max=25 smax=25
[Fri Nov 15 18:53:00.427101 2013] [proxy:debug] [pid 3030:tid 140474380953408] proxy_util.c(1694): AH00925: initializing worker proxy:reverse shared
[Fri Nov 15 18:53:00.427421 2013] [proxy:debug] [pid 3029:tid 140474380953408] proxy_util.c(1694): AH00925: initializing worker proxy:reverse shared
[Fri Nov 15 18:53:00.427445 2013] [proxy:debug] [pid 3029:tid 140474380953408] proxy_util.c(1734): AH00927: initializing worker proxy:reverse local
[Fri Nov 15 18:53:00.427488 2013] [proxy:debug] [pid 3029:tid 140474380953408] proxy_util.c(1769): AH00930: initialized pool in child 3029 for (*) min=0 max=25 smax=25
[Fri Nov 15 18:53:00.427129 2013] [proxy:debug] [pid 3030:tid 140474380953408] proxy_util.c(1734): AH00927: initializing worker proxy:reverse local
[Fri Nov 15 18:53:00.428326 2013] [proxy:debug] [pid 3030:tid 140474380953408] proxy_util.c(1769): AH00930: initialized pool in child 3030 for (*) min=0 max=25 smax=25
[Fri Nov 15 18:53:01.627599 2013] [rewrite:trace2] [pid 3028:tid 140474150618880] mod_rewrite.c(468): [client 172.17.42.1:57951] 172.17.42.1 - - [localhost/sid#7fc2bd82e7f8][rid#7fc2bd7a10a0/initial] init rewrite engine with requested uri /test.php
[Fri Nov 15 18:53:01.627664 2013] [rewrite:trace3] [pid 3028:tid 140474150618880] mod_rewrite.c(468): [client 172.17.42.1:57951] 172.17.42.1 - - [localhost/sid#7fc2bd82e7f8][rid#7fc2bd7a10a0/initial] applying pattern '^/(.*\\.php(/.*)?)$' to uri '/test.php'
[Fri Nov 15 18:53:01.627718 2013] [rewrite:trace2] [pid 3028:tid 140474150618880] mod_rewrite.c(468): [client 172.17.42.1:57951] 172.17.42.1 - - [localhost/sid#7fc2bd82e7f8][rid#7fc2bd7a10a0/initial] rewrite '/test.php' -> 'fcgi://172.17.0.163:20533/www/localhost/test.php'
[Fri Nov 15 18:53:01.627747 2013] [rewrite:trace2] [pid 3028:tid 140474150618880] mod_rewrite.c(468): [client 172.17.42.1:57951] 172.17.42.1 - - [localhost/sid#7fc2bd82e7f8][rid#7fc2bd7a10a0/initial] forcing proxy-throughput with fcgi://172.17.0.163:20533/www/localhost/test.php
[Fri Nov 15 18:53:01.627759 2013] [rewrite:trace1] [pid 3028:tid 140474150618880] mod_rewrite.c(468): [client 172.17.42.1:57951] 172.17.42.1 - - [localhost/sid#7fc2bd82e7f8][rid#7fc2bd7a10a0/initial] go-ahead with proxy request proxy:fcgi://172.17.0.163:20533/www/localhost/test.php [OK]
[Fri Nov 15 18:53:01.627776 2013] [proxy_fcgi:trace1] [pid 3028:tid 140474150618880] mod_proxy_fcgi.c(90): [client 172.17.42.1:57951] canonicalising URL //172.17.0.163:20533/www/localhost/test.php
[Fri Nov 15 18:53:01.627776 2013] [proxy_fcgi:debug] [pid 3028:tid 140474150618880] mod_proxy_fcgi.c(120): [client 172.17.42.1:57951] AH01060: set r->filename to proxy:fcgi://172.17.0.163:20533/www/localhost/test.php
[Fri Nov 15 18:53:01.628070 2013] [proxy:trace2] [pid 3028:tid 140474150618880] proxy_util.c(1857): [client 172.17.42.1:57951] *: found reverse proxy worker for fcgi://172.17.0.163:20533/www/localhost/test.php
[Fri Nov 15 18:53:01.628082 2013] [proxy:debug] [pid 3028:tid 140474150618880] mod_proxy.c(1100): [client 172.17.42.1:57951] AH01143: Running scheme fcgi handler (attempt 0)
[Fri Nov 15 18:53:01.628096 2013] [proxy_fcgi:debug] [pid 3028:tid 140474150618880] mod_proxy_fcgi.c(944): [client 172.17.42.1:57951] AH01076: url: fcgi://172.17.0.163:20533/www/localhost/test.php proxyname: (null) proxyport: 0
[Fri Nov 15 18:53:01.628107 2013] [proxy_fcgi:debug] [pid 3028:tid 140474150618880] mod_proxy_fcgi.c(954): [client 172.17.42.1:57951] AH01078: serving URL //172.17.0.163:20533/www/localhost/test.php
[Fri Nov 15 18:53:01.628134 2013] [proxy:debug] [pid 3028:tid 140474150618880] proxy_util.c(2020): AH00942: FCGI: has acquired connection for (*)
[Fri Nov 15 18:53:01.628147 2013] [proxy:debug] [pid 3028:tid 140474150618880] proxy_util.c(2072): [client 172.17.42.1:57951] AH00944: connecting //172.17.0.163:20533/www/localhost/test.php to 172.17.0.163:20533
[Fri Nov 15 18:53:01.628224 2013] [proxy:debug] [pid 3028:tid 140474150618880] proxy_util.c(2194): [client 172.17.42.1:57951] AH00947: connected /www/localhost/test.php to 172.17.0.163:20533
[Fri Nov 15 18:53:01.628248 2013] [proxy:trace2] [pid 3028:tid 140474150618880] proxy_util.c(2446): FCGI: fam 2 socket created to connect to *
[Fri Nov 15 18:53:01.629453 2013] [proxy_fcgi:trace4] [pid 3028:tid 140474150618880] util_script.c(521): [client 172.17.42.1:57951] Headers from script 'test.php':
[Fri Nov 15 18:53:01.629552 2013] [proxy_fcgi:trace4] [pid 3028:tid 140474150618880] util_script.c(522): [client 172.17.42.1:57951] Status: 404 Not Found
[Fri Nov 15 18:53:01.629583 2013] [proxy_fcgi:trace1] [pid 3028:tid 140474150618880] util_script.c(599): [client 172.17.42.1:57951] Status line from script 'test.php': 404 Not Found
[Fri Nov 15 18:53:01.629595 2013] [proxy_fcgi:trace4] [pid 3028:tid 140474150618880] util_script.c(522): [client 172.17.42.1:57951] X-Powered-By: PHP/5.3.3
[Fri Nov 15 18:53:01.629608 2013] [proxy_fcgi:trace4] [pid 3028:tid 140474150618880] util_script.c(522): [client 172.17.42.1:57951] Content-type: text/html
[Fri Nov 15 18:53:01.629680 2013] [proxy:debug] [pid 3028:tid 140474150618880] proxy_util.c(2035): AH00943: FCGI: has released connection for (*)
It seems as if mod_proxy_fcgi is not sending the script path correctly?! Has anyone an idea?
UPDATE 16 Nov 2013
I tested it with Apache 2.2.25 and mod_fastcgi 2.4.6:
<VirtualHost *>
UseCanonicalName Off
VirtualDocumentRoot "/www/%0"
AddHandler php5-fastcgi .php
FastCgiExternalServer /www/localhost -host 172.17.0.163:20533
</VirtualHost>
Works like a charm. I guess Apache 2.4.6 with mod_proxy_fcgi is buggy.
Update 17 Nov 2013
I tested it with Apache 2.4.6 and mod_proxy_fcgi and PHP 5.4.21. It works. So, there seems to be a problem with PHP 5.3.3 together with Apache 2.4.6 and mod_proxy_fcgi.
Using PHP 5.3.27 fixes all the issues.