Apache seemingly ignoring reverse proxy directives

I have a test instance of Apache httpd 2.4 with this config:

<VirtualHost *:9979>
    ServerName 192.168.0.162

    # Encoded slashes need to be allowed
    AllowEncodedSlashes On

    # Container uses a unique non-signed certificate
    SSLProxyEngine On
    SSLProxyVerify None
    SSLProxyCheckPeerCN Off
    SSLProxyCheckPeerName Off

    # keep the host
    ProxyPreserveHost On

    # static html, js, images, etc. served from loolwsd
    # loleaflet is the client part of LibreOffice Online
    ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
    ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet

    # WOPI discovery URL
    ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
    ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery

    # Main websocket
    ProxyPass   /lool/ws      wss://127.0.0.1:9980/lool/ws

    # Admin Console websocket
    ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws

    # Download as, Fullscreen presentation and Image upload operations
    ProxyPass           /lool https://127.0.0.1:9980/lool
    ProxyPassReverse    /lool https://127.0.0.1:9980/lool

    <Proxy *>
        # Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
        Require all granted
    </Proxy>
</VirtualHost>

I have the needed modules loaded:

root@dd340bf80de3:/etc/apache2# apache2ctl -M
[Fri Aug 19 12:49:48.930521 2016] [core:trace3] [pid 21392:tid 140679377049472] core.c(3056): Setting LogLevel for all modules to trace8
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.3. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)

Still, Apache does not proxies the requests:

 [Fri Aug 19 09:40:04.701822 2016] [core:trace5] [pid 10272:tid 139810871797504] protocol.c(618): [client 192.168.0.162:42645] Request received from client: GET /loleaflet HTTP/1.1
 [Fri Aug 19 09:40:04.701934 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(301): [client 192.168.0.162:42645] Headers received from client:
 [Fri Aug 19 09:40:04.701945 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Host: 192.168.0.162:9979
 [Fri Aug 19 09:40:04.701955 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Connection: keep-alive
 [Fri Aug 19 09:40:04.701979 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Cache-Control: max-age=0
 [Fri Aug 19 09:40:04.701989 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Upgrade-Insecure-Requests: 1
 [Fri Aug 19 09:40:04.701998 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
 [Fri Aug 19 09:40:04.702008 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
 [Fri Aug 19 09:40:04.702017 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   DNT: 1
 [Fri Aug 19 09:40:04.702026 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Accept-Encoding: gzip, deflate, sdch
 [Fri Aug 19 09:40:04.702035 2016] [http:trace4] [pid 10272:tid 139810871797504] http_request.c(305): [client 192.168.0.162:42645]   Accept-Language: fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4,ru;q=0.2,de;q=0.2
 [Fri Aug 19 09:40:04.702122 2016] [authz_core:debug] [pid 10272:tid 139810871797504] mod_authz_core.c(809): [client 192.168.0.162:42645] AH01626: authorization result of Require all granted: granted
 [Fri Aug 19 09:40:04.702133 2016] [authz_core:debug] [pid 10272:tid 139810871797504] mod_authz_core.c(809): [client 192.168.0.162:42645] AH01626: authorization result of <RequireAny>: granted
 [Fri Aug 19 09:40:04.702143 2016] [core:trace3] [pid 10272:tid 139810871797504] request.c(293): [client 192.168.0.162:42645] request authorized without authentication by access_checker_ex hook: /loleaflet
 [Fri Aug 19 09:40:04.702171 2016] [core:info] [pid 10272:tid 139810871797504] [client 192.168.0.162:42645] AH00128: File does not exist: /var/www/html/loleaflet
 [Fri Aug 19 09:40:04.702217 2016] [http:trace3] [pid 10272:tid 139810871797504] http_filters.c(1003): [client 192.168.0.162:42645] Response sent with status 404, headers:
 [Fri Aug 19 09:40:04.702228 2016] [http:trace5] [pid 10272:tid 139810871797504] http_filters.c(1010): [client 192.168.0.162:42645]   Date: Fri, 19 Aug 2016 09:40:04 GMT
 [Fri Aug 19 09:40:04.702237 2016] [http:trace5] [pid 10272:tid 139810871797504] http_filters.c(1013): [client 192.168.0.162:42645]   Server: Apache/2.4.10 (Debian)
 [Fri Aug 19 09:40:04.702247 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Content-Length: 288
 [Fri Aug 19 09:40:04.702256 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Keep-Alive: timeout=5, max=100
 [Fri Aug 19 09:40:04.702265 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Connection: Keep-Alive
 [Fri Aug 19 09:40:04.702274 2016] [http:trace4] [pid 10272:tid 139810871797504] http_filters.c(832): [client 192.168.0.162:42645]   Content-Type: text/html; charset=iso-8859-1

tcpdump confirmed that there are no packet exchanges with 127.0.0.1:9980, not even a TCP SYN. As you can see, Apache httpd only searches the requested URL in its directory and returns 404, instead of passing the request to 127.0.0.1 as requested in the config. What's the matter‽

Best Answer

<Proxy *> blocks are, in general, only needed for forward proxies not reverse. You can remove it.

If proxying is not happening then I would add a vhost specific access and error log to verify a) that the request is actually hitting the vhost you think it is and b) that the correct URI path is being requested.

Add these in your

CustomLog logs/port_9979_access_log ErrorLog logs/port_9979_error_log

And look in them after make a request

Best Answer

Related Solutions

The difference between Load Balancer and Reverse Proxy

NGINX Reverse Proxy – URL Rewrite

Related Topic