Issues with ProxyPass and ProxyPassReverse when proxying to localhost and a different TCP port
Posted
by
mbrownnyc
on Server Fault
See other posts from Server Fault
or by mbrownnyc
Published on 2011-11-09T16:11:06Z
Indexed on
2012/03/27
17:33 UTC
Read the original article
Hit count: 958
I am attempting to use ProxyPass and ProxyPassReverse to proxy requests through Apache to another server instance that is bound to the localhost on a different TCP port that the Vhost exists (VHost is bound to :80, when the target is bound to :5000).
However, I am repeatedly receiving HTTP 503 when accessing the Location.
According to the ProxyPass documentation...
<VirtualHost *:80>
ServerName apacheserver.domain.local
DocumentRoot /var/www/redmine/public
ErrorLog logs/redmine_error
<Directory /var/www/redmine/public>
Allow from all
Options -MultiViews
Order allow,deny
AllowOverride all
</Directory>
</VirtualHost>
PassengerTempDir /tmp/passenger
<Location /rhodecode>
ProxyPass http://127.0.0.1:5000/rhodecode
ProxyPassReverse http://127.0.0.1:5000/rhodecode
SetEnvIf X-Url-Scheme https HTTPS=1
</Location>
I have tested binding the alternate server to the interface IP address, and the same issue occurs.
The server servicing request is an instance of python paste:httpserver, and it has been configured to use the /rhodecode suffix (as I saw this to be mentioned in other posts about ProxyPass). The documentation from the project itself, Rhodecode, reports to use the above.
The issue is persistent if I target another server that is serving on a different port.
Does ProxyPass allow proxying to a different TCP port?
[update]
I won't delete this, in case someone comes across the same issue.
I had set an ErrorLog, and in that ErrorLog the following error was reported:
[Wed Nov 09 11:36:35 2011] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:5000 (192.168.100.100) failed
[Wed Nov 09 11:36:35 2011] [error] ap_proxy_connect_backend disabling worker for (192.168.100.100)
After some more research, I attempted to set SELinux to permissive (echo 0 >/selinux/enforce
), and try again.
It turns out the SELinux boolean httpd_can_network_connect
must be set to 1
.
For persistence on reboot:
setsebool -P httpd_can_network_connect=1
© Server Fault or respective owner