Apache2 ProxyPass Error500 - apache

I have an OnlyOffice Document Server running on my server bound to port 8888 via Docker. Now I want to use a Let's Encrypt certificate to ensure a safe connection (self signed certificates won't work). I use the following config in Apache to rewrite office.example.org to office.example.org:8888 but it throws me an error 500
<VirtualHost *:443>
ServerName office.example.org
ProxyPreserveHost On
ProxyPass / https://localhost:8888/
ProxyPassReverse / https://localhost:8888/
</VirtualHost>
All necessary modules are enabled.
Has anyone any idea on how to solve this problem or a different idea to solve the Let's Encrypt problem?

Adding the following lines to the Apache config file
SSLEngine on
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
and enabling the with Proxy HTTP module with
sudo a2enmod proxy_http
did the trick!

Related

Apache ProxyPass HTTP does not work with SSL

I was trying to add cloudflare SSL certification to the website I host locally, and force HTTPS for all users.
Connecting to IP:80 works fine (from inside my network). IP:443 fails as it expects a SSL certificate. Accessing domainname.com tells me the site is secure, so the SSL certificate works. But whenever I access it this way, the proxy website doesn't, displaying the 'Apache2 Default Page'. Same with connecting to IP:80 outside the network, it fails to proxy pass.
This is the config file I have setup, and by running apachectl -S I checked that no other rules exist.
<VirtualHost *:80>
ServerName name.com:80
ProxyPreserveHost On
ProxyPass / http://localhost:7000/
ProxyPassReverse / http://localhost:7000/
</VirtualHost>
<VirtualHost *:443>
ServerName name.com:443
SSLEngine on
SSLCertificateFile /etc/cloudflare/name.com.pem
SSLCertificateKeyFile /etc/cloudflare/name.com.key
ProxyPreserveHost On
ProxyPass / http://localhost:7000/
ProxyPassReverse / http://localhost:7000/
</VirtualHost>
Is this because I am trying to load an http website, even though it is local? And if this is true, how else can I solve this problem? I feel so close, thanks for the help.
I solved it, by switching to the default-ssl config file provided with Apache2, and removing my version the issue resolved itself. Not sure why it worked the second time I tried it but oh well.

Reverse proxy does not work with https on ubuntu 20 using apache2

I have a very simple Asp.net Core app that I published to my linux server.
The app works perfectly and I used curl http://1270.0.0.1:5000 and curl https://1270.0.0.1:5001 to verify that.
I followed the instructions here: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-5.0
servername is my domain
I can interact with my app from http://servername but I didn't get https to work!
https://servername returns 404
Here is my configuration (most of it is from microsoft link and the rest from some answers on stackoverflow):
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>
<VirtualHost *:80>
ServerName servername.com
ServerAlias *.servername.com
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
</VirtualHost>
<VirtualHost *:443>
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001/
ProxyPassReverse / https://127.0.0.1:5001/
ServerName servername.com
ServerAlias *.servername.com
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerExpire off
SSLEngine on
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder off
SSLCompression off
SSLSessionTickets on
SSLUseStapling off
SSLCertificateFile /path/to/my/cert/file
SSLCertificateKeyFile /path/to/ny/private/key/file
SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
</VirtualHost>
When you run Asp.net Core app on local. https work on localhost. and of you wrap your localhost with webserver like (Apache/ nginx) https work for connection between your app and webserver. but your domain https work for client and your webserver need valid SSl or Free one like letsencrypt. to secure your client must install ssl on your apache.
for comminucate betwwn your app and webserver simple solution use only http (webserver didn't need ssl for map client http) and other solution install valid ssl for your localhost https://devblogs.microsoft.com/dotnet/configuring-https-in-asp-net-core-across-different-platforms/.
After 2 long days, I solved it by disabling the default config for apache.
Appartentlly I had 2 virtual hosts for 443.
The one I created and apache craeted a file default-ssl.conf
All I did was
Disabled the default config a2dissite default-ssl
Changed ProxyPreserveHost from ON to OFF
Added SSLProxyCheckPeerName OFF
And restarted apache systemctl restart apache2
Before you follow these steps, verify that you have the same problem by listing all files in /etc/apache2/sites-enabled. If you have more than one config to the same host and port, then you've the same problem.

Reverse proxy in Apache + CentOS for HTTPS requests to PostgREST webserver

I would like to make https requests to my postgREST webserver, which by design doesn't support https. I spend several days now I don't know any further...
My setup
My server is running on CentOS 7.9.2009
I have a website domain that uses Wordpress to serve my content in home/myuser/public_html
I setup PostgREST 7.0.1 on my server which runs on port 3000
I am running Apache/2.4.51 (cPanel)
My Problem
The following request works just fine: http://my-domain.com:3000/my_db_table
I would like to run the same request like: https://my-domain.com/api/my_db_table
My Apache configuration is in an "includes" file, seems to be loaded (as errors occur when I put wrong syntax intentionally in this file) and it looks like this:
<VirtualHost *:443>
DocumentRoot /
ServerName my-domain.com
ServerAlias my-domain
ErrorLog /home/myuser/public_html/api/error.log
CustomLog /home/myuser/public_html/api/access.log combined
SSLEngine on
SSLUseStapling off
SSLCertificateFile /etc/ssl/certs/server.my-domain.com.crt
SSLCertificateKeyFile /etc/ssl/private/server.my-domain.com.key
<Location /api/ >
ProxyPreserveHost On
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
RequestHeader set X-Forwarded-Port "443"
RequestHeader set X-Forwarded-Proto "https"
</Location>
</VirtualHost>
running httpd -t returns Syntax OK
after my changes I run sudo systemctl restart httpd
when I then try to do a request like curl -i https://my-domain.com/api/my_db_table I am redirected to the 404 page of my Wordpress website
the error.log file of my apache config does not include any errors (it included errors for stapling which I resolved by adding the line SSLUseStapling off in my config)
I don't know what to do anymore. And because I don't have any error logs I even don't know how to start debugging it. I would be happy for any hint somebody could provide me.
I have successfully use https with postgrest and the following settings in the virtuahost section but I didn't use the tag.
ProxyHTMLEnable On
ProxyPreserveHost On
SSLEngine on
SSLProxyEngine On
RewriteEngine on
#Proxy for postgrest api
ProxyPassMatch "/api/(.*)" "http://localhost:3000/$1"
ProxyPassReverse "/api/" "http://localhost:3000/"

Reverse proxy an http:// domain to a GitHub Pages URL

I have a URL, http://example.com, that I would like to use to serve content from my GitHub Pages site at https://myusername.github.io/mysite/ via a reverse proxy in Apache. This is both as a temporary workaround until I update example.com's DNS setting to point to GitHub Pages, as well as to teach myself how reverse proxies work.
I have my Apache config like so:
<VirtualHost *:80>
ServerName example.com
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
ProxyPass "/" "https://myusername.github.io/mysite/"
</VirtualHost>
When I try to go to "example.com", I get "The proxy server could not handle the request GET /.
Reason: Error during SSL Handshake with remote server."
Is what I'm trying to do possible, and if so, what should I be changing?
I'm using Apache 2.2.
You should probably remove the line:
SSLEngine On
It enables HTTPS on your port 80... but you don't provide an SSL certificate (...and HTTPS uses port 443).
You should also add the line:
ProxyPassReverse "/" "https://myusername.github.io/mysite/"
The following config works perfectly on reverse proxy github pages
<VirtualHost *:80>
ServerName custom-domain
ServerAdmin encycode#gmail.com
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RequestHeader set Host "myusername.github.io"
RequestHeader set X-Forwarded-Proto https
RequestHeader set Origin "myusername.github.io"
ProxyPass / https://myusername.github.io/mysite/
ProxyPassReverse / https://myusername.github.io/mysite/
</VirtualHost>
Make sure you replace myusername with your github username, mysite with your github repo name and custom-domain with your custom url
You don't have to implement a reverse proxy yourself, since Github allows you to specify a custom domain
https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-
pages-site

Apache reverse proxy by HTTP/2 will lost MIME-type and use default

English is not my native language, please excuse typing errors.
I configure Apache reverse proxy as follow, and it works fire.
ProxyRequests Off
SSLEngine On
SSLProxyEngine On
ProxyPass / https://example.com/
ProxyPassReverse / https://example.com/
And my website (PHP) support HTTP/2, so I want to proxy it by HTTP/2.
I enable mod_proxy, mod_proxy_http, mod_ssl, mod_http2, mod_proxy_http2 and others some modules. And set .php MIME-type as application/x-httpd-php.
AddType application/x-httpd-php .php
VirtualHost is follow:
<VirtualHost *:443>
DocumentRoot "/path/to/wwwroot/"
ServerName localhost:443
ProxyRequests Off
SSLEngine On
SSLProxyEngine On
ProxyPass / h2://example.com/
ProxyPassReverse / https://example.com/
# Cert
SSLCertificateFile ...
SSLCertificateKeyFile ...
</VirtualHost>
The different is ProxyPass / https://example.com/ to ProxyPass / h2://example.com/.
Response header Content-Type in Browser always get default MIME-type.
You can find example at phpMyAdmin Demo, filter whitelist.php in DevTools, this file Content-Type is text/javascript.
Proxy it by HTTP/2, the Content-Type
become application/x-httpd-php, it lost source MIME-type text/javascript.
And proxy it by HTTP/1.1, it works well.
How can I reslove this problem?
Thank you.
It’s an old question but I ran with same problem and decide to investigate.
I found a bug in http2 proxy.
It will be fixed in next HTTPD release (2.4.55)
Virtual Host file configuration:
<VirtualHost *:443>
ServerAdmin admin#test.com
ServerName example.com
ServerAlias www.example.com
ssl_certificate .....
ssl_certificate_key ..........
ProxyRequests Off Order deny, allow Allow from all
<Location />
ProxyPass http://example.com:8000/
ProxyPassReverse http://example.com:8000/
</Location>
</VirtualHost>
Next we need to enable a few Apache modules. To do this, issue the following commands:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
Apache will now need to be restarted with the command:
sudo service apache2 restart