Issues with ProxyPass and ProxyPassReverse when proxying to localhost and a different TCP port

Posted by mbrownnyc on Server Fault See other posts from Server Fault or by mbrownnyc
Published on 2011-11-09T16:11:06Z Indexed on 2012/03/27 17:33 UTC
Read the original article Hit count: 958

Filed under:
|
|
|

I am attempting to use ProxyPass and ProxyPassReverse to proxy requests through Apache to another server instance that is bound to the localhost on a different TCP port that the Vhost exists (VHost is bound to :80, when the target is bound to :5000).

However, I am repeatedly receiving HTTP 503 when accessing the Location.

According to the ProxyPass documentation...

<VirtualHost *:80>
    ServerName apacheserver.domain.local
    DocumentRoot /var/www/redmine/public
    ErrorLog logs/redmine_error

    <Directory /var/www/redmine/public>
            Allow from all
            Options -MultiViews
            Order allow,deny
            AllowOverride all
    </Directory>
</VirtualHost>
PassengerTempDir /tmp/passenger

<Location /rhodecode>
  ProxyPass http://127.0.0.1:5000/rhodecode
  ProxyPassReverse http://127.0.0.1:5000/rhodecode
  SetEnvIf X-Url-Scheme https HTTPS=1
</Location>

I have tested binding the alternate server to the interface IP address, and the same issue occurs.

The server servicing request is an instance of python paste:httpserver, and it has been configured to use the /rhodecode suffix (as I saw this to be mentioned in other posts about ProxyPass). The documentation from the project itself, Rhodecode, reports to use the above.

The issue is persistent if I target another server that is serving on a different port.

Does ProxyPass allow proxying to a different TCP port?

[update]

I won't delete this, in case someone comes across the same issue.

I had set an ErrorLog, and in that ErrorLog the following error was reported:

[Wed Nov 09 11:36:35 2011] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:5000 (192.168.100.100) failed
[Wed Nov 09 11:36:35 2011] [error] ap_proxy_connect_backend disabling worker for (192.168.100.100)

After some more research, I attempted to set SELinux to permissive (echo 0 >/selinux/enforce), and try again.

It turns out the SELinux boolean httpd_can_network_connect must be set to 1.

For persistence on reboot:

setsebool -P httpd_can_network_connect=1

© Server Fault or respective owner

Related posts about reverse-proxy

Related posts about httpd