Application error passthru when using apache mod_proxy - apache

Heyas. I'm using mod_proxy with apache2 provide vhost ability to multiple servlet apps running on the local machine. It works fine, for the most part. Requests come into apache then are directed to the application bound on a port on localhost. The app receives the request and responds, which is delivered back to the client by apache.
The problem I'm having is that the application delivers 500's on errors, and mod_proxy stomps on them. Often these errors are caused in a ajax request and the error is handled in client side javascript. For example, a call to a server side createObject(name) might throw a NameNotUniqueException , which is delivered back as a 500. The client javascript might then display an appropriate error message.
When an error is thrown by the application (resulting in a 500 response to mod_proxy), then apache stomps the error message and returns
500 Internal Server Error
Internal Server Error
The server encountered an internal error or
misconfiguration and was unable to complete
your request.
.. the stock apache server side error message.
I want mod_proxy to pass the original 500 back through to the client. Is there a directive I've missed which prevents clobbering of the 500?
TIA

Do you have
ProxyRequests Off
ProxyErrorOverride Off
ProxyPass /path/ http://backend.ip/path/
ProxyPassReverse / http://backend.domain/
Replace backend.ip and backend.domain with your values (i am using backend.ip here as it prevents apache from running dns queries on each request).
Usually errors are reported as is. Because ProxyErrorOverride defaults to off. If this doe not happen with my configuration, please check if the 500 is really from your backend server. Or just show us your complete proxy configuration.

I have the same problem, getting a blank 500 pages since changing from apache2/mod_wsgi to apache2 with reverse proxy to mod_wsgi-express.
My config (replaced actual domain with www.example.com):
<VirtualHost *:443>
ServerName www.example.com
ProxyRequests Off
ProxyErrorOverride Off
ProxyPass / http://localhost:8001/
ProxyPassReverse / https://www.example.com/
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ErrorLog /var/log/apache2/www.example.com.error.log
LogLevel warn
CustomLog /var/log/apache2/www.example.com.log combined
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/fullchain.pem
</VirtualHost>

Related

Apache can't host ASP.NET Core app using ProxyPass

I want my ASP.NET Core app to be hosted through Apache, so that port 80 redirects to port 5000, or 5001 for https. (my local IP is 192.168.1.250 for context in results)
I have tried the following configs with varying results:
Proxy to http://127.0.0.1:5000/
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ErrorLog /var/log/apache2/myapp.log
CustomLog /var/log/apache2/myapp.log common
</VirtualHost>
Will redirect me to port 5001, but I get this in Chrome:
This site can’t be reached: 192.168.1.250 refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
Proxy to https://127.0.0.1:5001/
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / https://127.0.0.1:5001/
ProxyPassReverse / https://127.0.0.1:5001/
ErrorLog /var/log/apache2/myapp.log
CustomLog /var/log/apache2/myapp.log common
</VirtualHost>
This config gives me a 500 Internal Server Error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at [no address given] to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
Apache/2.4.25 (Debian) Server at 192.168.1.250 Port 80
Proxy to http://127.0.0.1:5001/
<VirtualHost *:80>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5001/
ProxyPassReverse / http://127.0.0.1:5001/
ErrorLog /var/log/apache2/myapp.log
CustomLog /var/log/apache2/myapp.log common
</VirtualHost>
This config gives me a 502 Proxy Error:
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
Apache/2.4.25 (Debian) Server at 192.168.1.250 Port 80
Any ideas on a config that could work?
Don't know if you resolved this yet but I have a similar problem with dotNet Core 5.0 on Ubuntu/Apache.
I resolved it (kinda) after reading this post: .NET Core 3.1 API - 307 Temporary Redirect
Basically remove the app.UseHttpsRedirection(); line in your app so it now runs only on http://localhost:5000/
Now Apache is not trying to proxy to your SSL site but your standard site on port 5000. Since it's on 127.0.0.1 (I believe) that should be secure enough (but happy to stand corrected on this...)
Share

Apache2 reverse proxy issues with OTRS

I have asked this question in OTRS forum but their primary focus is the functionality of OTRS and not really the interaction with an apache proxy.
I have an internal server running OTRS (Perl based support ticket system).
I have a reverse proxy in my DMZ that performs proxy and SSL offload for internal web pages/applications. My proxy server is Ubuntu 18 with Apache2. It mostly works except that for OTRS I get weird page errors. It used to not be bad but since update from OTRS 5 to OTRS6 it is so bad that we cannot we https except to log in.
If I use https it throws a message that "OTRS has detected possible network issues" and says to reload the page or wait till the browser establishes connection on it's own. If I wait just a bit I get a new message that states "the connection has been re-established after a temporary connection loss. Due to this elements on this page could have stopped working correctly" it goes on to say that you need to reload the page. But it just keeps cycling through these message in a flapping error.
I also get additional slash marks (/) each time I move to a new ticket.
Like so: https://myotrs.mydomain.com/otrs////////////index.pl?
The slash mark addition happens on both http and https through the proxy. It only happens on the OTRS site, not on my others handled by the same proxy.
Here is sample of my proxy vhost file.
<VirtualHost *:443>
ServerName help.mydomain.com
ServerAlias help.mydomain.net
ServerAdmin it#mydomain.com
ErrorLog /var/log/apache2/proxiedhosts-ssl_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel info
CustomLog /var/log/apache2/access-ssl.log combined
ProxyRequests off
ProxyPass / http://helpdesk.mydomain.local/
<Location /otrs>
ProxyPassReverse http://helpdesk.mydomain.local/otrs/
</Location>
<Location /otrs-web>
ProxyPassReverse http://helpdesk.mydomain.local/otrs-web/
</Location>
# Use mod_proxy_html to rewrite URLs
SetOutputFilter proxy-html
# commented out
https://help.mydomain.com/otrs/
https://help.mydomain.com/otrs-web/
# Disable compressed communication between Apache and target server
RequestHeader unset Accept-Encoding
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# Allows the proxying of an SSL connection
SSLProxyEngine On
# certificate
SSLCertificateFile /etc/ssl/certs/help.mydomain.com/help.mydomain.com.crt
SSLCertificateKeyFile /etc/ssl/private/SHA2_mydomain.key
</VirtualHost>
I have checked out your config file, and i suggest you try to change
<Location /otrs>
ProxyPassReverse http://helpdesk.mydomain.local/otrs/
</Location>
to
<Location /otrs/>
ProxyPassReverse http://helpdesk.mydomain.local/otrs/
</Location>
In the original config file, if you browse https://myotrs.mydomain.com/otrs/index.pl you will be redirect to https://myotrs.mydomain.com/otrs//index.pl. And then, if you click the page, you will be redirect to https://myotrs.mydomain.com/otrs///index.pl. Then you are stuck in the circulation.

Moqui running in jetty container behind httpd returns Error rendering screen

I have an httpd server configured and working. The server returns "It works" and I can see the SSL is installed correctly.
The next step I undertook was configuring the reverse proxy, so that the users requests are redirected and I can have more customers' apps under one subdomain. The httpd configuration (shown below) I use is not mine, I am just attempting to reconfigure it to work for me. But with no big success up to now. There are directives that may be incorrect, but I have not tried commenting anything out.
#Apache is listening on port 443
Listen 443
SSLSessionCache shmcb:c:/Apache24/logs/shmcb_cache(512000)
SSLSessionCacheTimeout 300
Mutex default ssl-cache
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:443>
#ProxyPreserveHost On
SSLProxyEngine On
ServerName XXXX.sk
ServerAdmin admin
# Logs
ErrorLog /var/log/rsk_error_log
TransferLog /var/log/rsk_access_log
# Server Certificate and Private Key:
SSLCertificateFile /ssl/certificate.crt
SSLCertificateKeyFile /ssl/private.key
SSLCertificateChainFile /ssl/chain.crt
#Include conf/extra/proxy-443-to-8890.conf
ProxyPass /customer http://172.17.0.4:8080
ProxyPassReverse /customer http://172.17.0.4:8080
</VirtualHost>
Now when I type XXXX.sk/customer I receive a response which is a login screen, but it is incorrectly rendered, the CSS is not used at all. There are many errors appearing. When I log in, no response is returned and the URL is corrupted.
Can any of you, using httpd in a reverse proxy mode, please share your configs, at least a part of them?
The default webroot in base-component is mapping to / in url. All of resources like css, js etc is using "/" to build url, So Although the proxying is
ProxyPass /customer http://172.17.0.4:8080
The actual js location is still
/lib/jquery/jquery-ui.min.css
not
/customer/lib/jquery/jquery-ui.min.css
To make it work, the reverse proxy would need more messy location proxy_pass configurations.
So using additional path to proxy the webroot is not suggested.

Accessing RabbitMQ through webserver

I have a RabbitMQ server running on an EC2 instance, and a URL address pointing to the instance configured in Route53, which I use to access the RabbitMQ web UI.
I can access the UI just fine using Nginx or Apache, but when trying to look at the page of a specific queue or exchange I receive an error saying the object was not found. This behaviour does not happen when I access the UI directly through IP:Port url.
I've noticed this is a known bug, which was addressed here -
https://fatalfailure.wordpress.com/2012/11/16/nginx-as-reverse-proxy-for-rabbitmq-mochiweb-server/
I've tried implementing the fix listed in this post, using the following Apache configuration -
<VirtualHost *:80>
ProxyPreserveHost On
ProxyRequests Off
ServerName stage-rabbithq.apester.com
ServerAlias stage-rabbithq.apester.com
ProxyPass /api http://localhost:15672/api nocanon
ProxyPass / http://localhost:15672/
ProxyPassReverse / http://localhost:15672/
</VirtualHost>
But the error prevails.
Does anybody have a solution for this error?
I've solved it, the problem was forgetting to add the following line to my site conf file -
AllowEncodedSlashes On
Hope this helps someone, someday.

Apache mod_proxy on Azure

I keep running into an issue with Apache's mod_proxy where it won't forward any traffic. I'm using a Windows Azure virtual machine running Ubuntu 13.04 and have configured the proper HTTPS endpoint (port 443) for it. The proper Apache modules (proxy, ssl, etc.) are all installed, and the error logs show nothing, not even a warning to explain why this is happening. My VirtualHost setup is as follows:
<VirtualHost *:443>
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ServerName www.example.com
SSLEngine On
#SSLProxyEngine On
SSLCertificateFile /ssl/my.com.crt
SSLCertificateKeyFile /ssl/my.key
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
<Location />
SSLRequireSSL
Order deny,allow
Allow from all
</Location>
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
I have Listen 443 and NameVirtualHost *:443 all set as well. My service on the other port is running fine as doing a wget responds with an HTTP 200 OK response and I can reach it by manually inputting the port number. I have disabled all firewalls (for testing) to no avail as well. However, whenever I try to reach the service from the outside world through mod_proxy (port 443), the request times out and I get the usual "website not available" browser error.
If it means anything, the app I am running on the other port I need to forward HTTPS traffic to is a Play Framework 2.1 application. I set the server up exactly as in their documentation but still have these problems, so I'm assuming it may have something to do with Azure.
Any ideas? Is there some other type of endpoint configuration that I need to do specific for Windows Azure virtual machines to support SSL/TLS?
So, apparently, I have no idea how or why - but the Azure Gods decided to shine upon my setup all of a sudden. Overnight, without so much as a reboot or anything, mod_proxy on Azure just started working. I have no idea what the issue was, or even if there was one in the first place, but apparently the problem lies with something in the Azure infrastructure.
Sorry I couldn't be of more help for others encountering similar issues, but just giving it time worked for some unknown reason.