I am trying to set up proxy forwarding for a https
site that I want to move to another internal server. A want the remote server to handle the certificates as well.
The issue is, when using the code below, all 1000 websites go down. Not just the site in question. In the browser I get "Connection Refused" for all 1000 websites. So I think it's a configuration error. Although when I run sudo apachectl configtest
it comes back with Syntax OK
.
Can anybody see what I am doing wrong here? After exhaustive search on SO, and other platforms, I cannot for the life of me see what's wrong with this configuration.
<VirtualHost *:443>
ServerName myfunkywebsite.com
ProxyRequests Off
<Proxy *:443>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyPreserveHost On
ProxyPass / https://10.0.0.3:443/
ProxyPassReverse / https://10.0.0.3:443/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
NOTE That this DOES work if I just use straight http
-- I am super confused where the issue lies, and why all sites would be affected as if Apache itself is failing.
<VirtualHost *:80>
ServerName myfunkywebsite.com
ProxyRequests Off
<Proxy *:80>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost On
ProxyPass / https://10.0.0.3:80/
ProxyPassReverse / https://10.0.0.3:80/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Modules enabled:
mod_proxy
mod_proxy_connect
mod_proxy_html
mod_proxy_http
From this Apache server check if you can access the backend server directly via curl
curl -v https://10.0.0.3:443/
If it didn't come back with HTTP Response 200 OK Then the issue is in the backend server you need to configure it properly and make sure it listens to port 443
If it came back with 200 OK then there could be security rule that forbid the apache host to access the backend one If servers OS is Redhat/CentOS, It may also worth to check if SELinux is enabled and if so then try with SELinux disabled
To check:
getenforce
To disable it
setenforce 0
sed '/Enforcing/s//permissive/g' -i /etc/sysconfig/selinux
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.