CODEWITHSUNDEEP
apachehttpsreverse-proxy
djayrox
djayrox

Reputation: 41

Apache reverse proxy https config leads to 503 error

Hope someone can point me in the right direction. I've been trying to get this to work for many hours :(

Scenario - I have a DMZ where I've set up the Apache server. I need to securely talk to the internal server where I have set up another Apache server which is reverse proxied again to a localhost app within the server.. So, basically..

outside world > internet (https://app1.com) > dmz (apache reverse proxy) > internal server (apache reverse proxy - https://app1prod.com) > (http) > localhost:8080

Now, in dmz, I can directly access https://app1prod.com without issues. But, I can't for the life of me get https://app1.com to work from dmz. I get a '503 service unavailable' message :( Here is my apache config in dmz.. 

<VirtualHost *:443>
ServerName              app1.com
ProxyRequests           off
SSLProxyCheckPeerName   off
SSLProxyVerify          none
SSLProxyCheckPeerCN     off
SSLProxyCheckPeerExpire off
LogLevel                debug   
SSLEngine               on
SSLProxyEngine          on  
SSLCertificateFile      "xxx/cert.crt"
SSLCertificateKeyFile   "xxx/key.key"
SSLCertificateChainFile "xxx/certchain.crt"     
ProxyPass               /   https://app1prod.com/
ProxyPassReverse        /   https://app1prod.com/  
<Proxy *>
    order deny,allow
    Allow from all
</Proxy>
ProxyPreserveHost       on
ProxyTimeout            1200
</VirtualHost>

On my httpd.conf, I have the following modules loaded in addition to the defaults..

mod_proxy.so
mod_proxy_connect.so
mod_proxy_http.so
mod_ssl
mod_rewrite.so
mod_socache_shmcb.so
mod_ssl.so

What am I doing wrong? Please help! Thanks a lot..

Upvotes: 4

Views: 7174

Answers (1)

Dusan Bajic
Dusan Bajic

Reputation: 10889

Try removing ProxyPreserveHost on.

With that directive enabled, the proxied requests will be send to server defined in ProxyPass directive, but the HTTP Host: header will be preserved from initial request. In your case, the requests sent by Apache to app1prod.com will have Host: app1.com header, and app1prod.com i not configured (probably deliberately) to respond to such request.

Upvotes: 5

Related Questions