You are not logged in.

Pages: 1

#1 2018-11-17 12:42:28

Vampire142
Member
Registered: 2018-06-13
Posts: 4

(Solved) HTTPD don't reverse proxy http protocol over unix socket

Hello everyone,

I'm here because I can't figure out how to get httpd reverse proxy on my local server, it's been 4 days I faced this issue and dont understand anymore why it didn't work...

I actually trying to run a Gitea server on the same machine than httpd.
I tested the socket with the socat and it working so the problem come from httpd configuration but I didn't find where.... I post everything here, except I remove most of comments in the main httpd config file (for readability).

Thanks a lot for your help smile

/etc/httpd/conf/httpd.conf

ServerRoot "/etc/httpd"

Listen 80
Listen 443

LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authnz_fcgi_module modules/mod_authnz_fcgi.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule http2_module modules/mod_http2.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
<IfModule !mpm_prefork_module>
	#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
	#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so

<IfModule unixd_module>
User http
Group http

</IfModule>

ServerAdmin etienne@schmitt-etienne.fr

ServerName schmitt-etienne.fr

<Directory />
    AllowOverride none
    Require all denied
</Directory>

DocumentRoot "/srv/http"
<Directory "/srv/http">

    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html index.htm index.php
</IfModule>

<Files ".ht*">
    Require all denied
</Files>

ErrorLog "/var/log/httpd/error.log"

LogLevel warn

<IfModule log_config_module>

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "/var/log/httpd/access.log" common

</IfModule>
 


</Directory>

<IfModule headers_module>

    RequestHeader unset Proxy early
    
</IfModule>

<IfModule mime_module>
    TypesConfig conf/mime.types

    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

</IfModule>


# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be 
# included to add extra features or to modify the default configuration of 
# the server, or you may simply copy their contents here and change as 
# necessary.

# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf

# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
Include conf/extra/httpd-autoindex.conf

# Language settings
Include conf/extra/httpd-languages.conf

# User home directories
Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf

# Virtual hosts
#Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
#Include conf/extra/httpd-dav.conf

# Various default settings
Include conf/extra/httpd-default.conf

# Configure mod_proxy_html to understand HTML4/XHTML1
<IfModule proxy_html_module>
Include conf/extra/proxy-html.conf
</IfModule>

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

# Enable HTTP2
Protocols h2 http/1.1

# PHP Configuration
Include conf/extra/php-fpm.conf

# Website Configuration
Include conf/extra/vampire142.fr.80.conf
Include conf/extra/vampire142.fr.443.conf

Include conf/extra/admin.vampire142.fr.80.conf
Include conf/extra/admin.vampire142.fr.443.conf

Include conf/extra/play.vampire142.fr.80.conf
Include conf/extra/play.vampire142.fr.443.conf

Include conf/extra/schmitt-etienne.fr.80.conf
Include conf/extra/schmitt-etienne.fr.443.conf

Include conf/extra/cloud.schmitt-etienne.fr.80.conf
Include conf/extra/cloud.schmitt-etienne.fr.443.conf

Include conf/extra/gitea.schmitt-etienne.fr.80.conf
Include conf/extra/gitea.schmitt-etienne.fr.443.conf

Include conf/extra/awesome-coconut-software.fr.80.conf
Include conf/extra/awesome-coconut-software.fr.443.conf

Include conf/extra/dnd.awesome-coconut-software.fr.80.conf
Include conf/extra/dnd.awesome-coconut-software.fr.443.conf

/etc/httpd/conf/extra/gitea.schmitt-etienne.fr.443.con

<IfModule mod_ssl.c>
	<VirtualHost *:443>
		ServerName admin.vampire142.fr

		<Location "/">
			ProxyPass "unix:/run/gitea/gitea.sock|http://127.0.0.1"
			ProxyPassReverse "unix:/run/gitea/gitea.sock|http://127.0.0.1"
		</Location>
		                
		ErrorLog "/var/log/httpd/gitea.schmitt-etienne.fr/error.log"
		CustomLog "/var/log/httpd/gitea.schmitt-etienne.fr/access.log" common

		SSLEngine On
        
	    	Header always set Content-Security-Policy "upgrade-insecure-requests"
	    	Header always set Referrer-Policy "strict-origin"
	    	Header always set X-Frame-Options "SAMEORIGIN"
    		Header always set X-XSS-Protection "1; mode=block"
    		Header always set X-content-Type-Options "nosniff"
    		#Header always set Feature-Policy "" # Not Useful for now
    		Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
	</VirtualHost>
</IfModule>

Last edited by Vampire142 (2018-11-18 11:23:35)

Offline

#2 2018-11-17 18:34:58

twelveeighty
Member
From: Alberta, Canada
Registered: 2011-09-04
Posts: 1,096

Re: (Solved) HTTPD don't reverse proxy http protocol over unix socket

Is there anything in the httpd error logs? Check the logs during startup of httpd as well as when you make a request to the apache server.

Is there a specific reason you want to use the unix: USD? The Gitea documentation itself recommends a proxy to the Gitea https server (https://docs.gitea.io/en-us/reverse-proxies/)?

Offline

#3 2018-11-17 21:11:21

Vampire142
Member
Registered: 2018-06-13
Posts: 4

Re: (Solved) HTTPD don't reverse proxy http protocol over unix socket

Hello twelveeighty and thanks for your consideration,

I don't have any problem with the socket, it's totally working, I tried with :

 ➜  /run socat - UNIX-CONNECT:/run/gitea/gitea.sock
HEAD / HTTP/1.1
HOST: gitea.schmitt-etienne.fr    

HTTP/1.1 200 OK
Set-Cookie: lang=en-US; Path=/; Max-Age=2147483647
Set-Cookie: i_like_gitea=28e9e75e7882e4b4; Path=/; HttpOnly; Secure
Set-Cookie: _csrf=Y8fJZ3606PzyymZJYLIKQrz7_E06MTU0MjQ4ODg2NDgwNDg1NDE3MA%3D%3D; Path=/; Expires=Sun, 18 Nov 2018 21:07:44 GMT; HttpOnly; Secure
X-Frame-Options: SAMEORIGIN
Date: Sat, 17 Nov 2018 21:07:44 GMT

So, in my opinion the problem come from apache but I don't understand where smile
And I don't see any errors or even access to the unix socket everywhere in httpd logs hmm

Last edited by Vampire142 (2018-11-17 22:09:53)

Offline

#4 2018-11-17 22:16:24

twelveeighty
Member
From: Alberta, Canada
Registered: 2011-09-04
Posts: 1,096

Re: (Solved) HTTPD don't reverse proxy http protocol over unix socket

How exactly are you testing that the httpd connection is working? Are you doing a GET request from a Web browser, curl or a different client? Post the error and access logs from httpd that capture the startup of httpd as well as when you invoke the call to the 443 port.

Also, one thing that's not visible from the configs you have posted is where you are defining your SSL certs, I assume you have configured that in conf/extra/httpd-ssl.conf?

Offline

#5 2018-11-18 00:10:03

Vampire142
Member
Registered: 2018-06-13
Posts: 4

Re: (Solved) HTTPD don't reverse proxy http protocol over unix socket

Ho god, my dear twelveeighty,

I just found the cause !
Look at the third line of my file "/etc/httpd/conf/extra/gitea.schmitt-etienne.fr.443.conf"

ServerName admin.vampire142.fr

I'm feeling so dump... that was in front of me all this time..
Just changed to 

ServerName gitea.schmitt-etienne.fr

AND this is actually working !
Just a little problem only / is working not /css for example but i'm gonna work on it, I HOPE it's a piece of cake smile

Offline

Pages: 1

Board footer

Powered by FluxBB