Apache :: 2.4.3 Mod Proxy Not Stable In Production
Dec 25, 2013
Have run through a bunch of threads on mod_proxy race conditions, possible causes, and potential solutions.
What is the status? Is there a fix for this, maybe in 2.4.7?
On 2.4.3 in production we literally have 10K errors in the past 2 months along the lines of:
Code : AH00898: Error reading from remote server returned by...
Application server (JVM webapp) issues no errors at the time of mod_proxy error occurring. It seems then that mod_proxy is sporadically broken, which is horrible for end users accessing an otherwise rock solid production application.
I'm not sure if i posted this in the right place - but couldn't find a better place. Here is my problem.
I am converting my current site [URL] ... from one software to another. I am testing it on a temporary domain name [URL] .....
Once i finish testing i want to move the .co site to the .com site and i don't know the best way to do this.
An obvious way would be to move all of the files and databases to the .com site after first deleting all of the files at the .com site. I would also have to do a few tweaks to the software to make sure it's pointing to the .com and not .co where iI tested.
but this method seems clunky.
Is there a way to just point the .com to the .co when I'm ready to 'move' and therefore nothing would actually get 'moved'?? both the .com and .co are on the same VPS.
I'm using the isapi rewrite module for iis 6 which uses the exact same syntax as mod_rewrite in apache. I'm not very well versed in apache and need getting this to work asap. Basically I have a directory in our website: URL....
I need to forward this to an IP address, for example to this address:100.12.33.45/folder.While keeping the original URL (www.xyz.edu/folder). I'm unsure of the apache syntax for this.
I want to setup a failover approach in which if after a particular timeout say 10secs the load shifts to some other website like Refer.com | The world. The timeout should be in Proxy Pass and if timeout occurs it shifts to Refer.com | The world
Im using AJAX on my site and i need to access a seperate server instance on a different port. AJAX wont allow me to do that so i want to use Apache as a proxy but only for one page.
Loading a page with ~150 files (most images and js files) i keep runing into "locked requests" that are not comeing back and block the whole page from finishing loading. The files differ every time.
I see this warnings in my error.log (looks like they are connected to the behauviour above).
Code:
[Tue Nov 19 20:38:10.890013 2013] [cache_disk:warn] [pid 216692:tid 15924] (OS 5)Access is denied. : [client x.x.x.x:58963] AH00699: rename tempfile to file failed: C:/temp/cache/aptmpcBQArf -> C:/temp/cache/H8Cta/9ha4U/Uhhhs/OlQfU/1Q.data,
I m trying to setup a reverse proxy with several site that will redirect the request into several internal server.I wanted to do that with several VirtualHost (like shown below). Unfortunatly whatever I type on my browser testsupport.xxxx.com or support2.xxxx.com I m redirected at the first of the config file (in the exemple http://10.253.12.41/.Is it the ServerName key that will redirect to the right proxypass ?
We are struggling to configure our Apache reverse proxy (on WIN 2008) server to force https.
We have the cert installed on the proxy server, and it seems to be working but we are unable to force connections to https: and the site is still available via http:
How do you enforce https on the site?
reading read about the .htaccess file, virtual hosts but still having a hell of a time putting it all together
I have a setup where Apache connects to a F5 load balancer which in turn balances between two jboss app servers.
Apache using mod_proxy -> F5 (hardware load balancer) -> 2 jboss application server
It uses jsessionid. I sometimes get 500 errors for the post methods. I think the request goes to the incorrect jboss server because of the F5 load balancer. Everything works just right when I shutdown one of the jboss app servers.
I'm trying to do a setup of alfresco.It has two basic sites. [URL]. Both use kerberos authentication. Alfresco has SSO and share has not. Both sites are on the same server (its just one site but different subs)
I want to put this behind a reverse proxy to eliminate the servername:port combination.
When I put it in a normal config with ajp everything works fine for the share website. I can login without problems. Not so however for the alfresco website. I get a browser login request (not the alfresco one) when i enter my credentials he asks them again and again and then he ends on the regular login page of alfresco at which point everything works. The username I entered is displayed at this point. When I do not enter my credentials correct I do not reach the page.
If I remove the SSO from the alfresco website everything is normal (but i have to login)
I have apache 2.2 on Linux going through the a firewall to a backend sharepoint server. My sharepoint application has anonymous and authenticated traffic. This works fine most of the time but we randomly get (104)Connection reset by peer: proxy: error reading status line from remote server. I was able to fix this by adding *SetEnv force-proxy-request-1.0 1 *SetEnv proxy-nokeepalive 1 *RequestHeader unset Expect early But after I added this I was then no longer able to log in. I would receive a *HTTP/1.1" 401 my understanding is KeepAlive is required for NTLM to work so making sure I can stop the connection resets which are unacceptable and still allow the authenticated users to log in.
I'm currently in the process of configuring a red hat linux server as a proxy server for a number of back end web servers. I set up reverse proxying to hide the web server url's, but I've run into a problem with the second web server, because some of the directory structures are identical on both servers.
I am having a little trouble getting a reverse proxy redirect to work. I have a Linux server running Apache2. I have installed SABnzbd+, Sickbeard, Couchpotato & Headphones onto this device. I want to access SABnzbd+, Sickbeard, Couchpotato & Headphones from the outside world (via a DYNDNS name).
I know that I could just forward the ports through the router, but I don't want all the extra ports opened. I was told that I can have Apache to do a revers proxy, but I can't get it to work. I basically want to be able to do type myname.dyndns.org/sickbeard instead of typing in myname.dyndns.org:8081.
I'm trying to fix a problem with open proxy on my website. It's running ubuntu & apache2. I also run pfsense for a firewall with snort. I have a SSL for the website, so I have regular port 80 redirect to https.
At first I did notice right away when I checked & saw this happen that proxy was turned on. So I got that turned off.
My firewall is still allowing these bad IPs to port 80. I would like to figure out what I could turn on the firewall or snort to stop those connections in addition to what needs fixing in apache. I've read the solution is to make the redirects go to a 403 error page.
I also tried adding a mod_security rule but ended up blocking all people from website, though I may have accidentally turned some other rules on too.
There are a few different problems it looks like.
First - It looks like they're trying to connect to my HTTPS then redirect to an ad through my domain name? Second - It looks like they're still trying to use my website for open proxy but directly accessing ib.adnxs.com through my port 80. My logs indicate I'm redirecting to a 301 page.
I am running a few different web servers on my home network and have found a way of binding each wb server (and any virtual hosts) to domain names and having a "central" web server rerouting a request to the appropriate server using reverse-proy. at the moment, this central web server is IIS (Windows Server 2008 R2) based and it works perfectly. I want to change the central server to an Apache based one.
As an example; I want the central server to see an incoming http request (e.g sub.domain.com) and reroute it using reverse-proxy to a different web server that wouldn't normaly be accessible from the Internet (e.g 192.168.1.122/index.html).
My question is how do you reverse-proxy to a different server on the LAN with mod_rewrite in Apache?
I'm running both Apache (on port 81) and Lighttpd (port 80) on my VPS. I would like to have Apache run CGI/Perl scripts only for virtual hosts in the Lighttpd.conf. My Lighttpd.conf already has fastCGI enabled though.
a question on mod_proxy. We're using mod_proxy as a simple reverse proxy (ProxyPass & ProxyPassReverse) to reverse-proxy various back-end PHP and Mono/.NET apps.
One problem we see is that when the back-end PHP app suffers an error (e.g. a 404 or 500) , then mod_proxy ignores the nicely-formatted custom error page served up by our PHP app, and instead serves a very plain generic mod_proxy 404 or 500 error page back to the client. Is there a way to configure mod_proxy to serve up the 500/404 error page content which is created by the back-end app ?
(We thought ProxyErrorOverride might work, but it seems to be intended for the opposite scenario, where I want to *ignore* the 404 page content from the back-end and show a mod_proxy-defined error page instead.We're using apache 2.2 on 64-bit CentOS 6.5 ( httpd-2.2.15-31.el6.centos.x86_64 )
I am trying to set up a reverse proxy to the application Surveillance Station on my Synology NAS. Altough the reverse proxy works ok for other apps like Webadmin, Download Station and such, parts of the Surveillance Station app do not work, particulary the Live View & Time Line.
From the logs, I suspect an authorisation problem (because of the 401), but I'm not sure. I have tried ProxyPreserveHost on, ProxyVia full, and some rewrite rules, but I'm not sure what I'm doing Direct access to the port of the app works (i.e. 83.xxx.x.xxx:9900), so i know it has something to do with the reverse proxy.
Some of websites like youtube and facebook are blocked in my country and we can't access them .in addition most of tunneling protocols like PPTP are blocked too . I want to create a website that tunnels between our network and this website like proxy or other ways. Scripts like phpProxy are not secure and many websites don't permit the visitors who come with this scripts. A very good sample for my idea is walww.com . This websites is like alternate for blocked addresses like facebook, but it's premium and require charging cash .
How can I create website like walww.com . I have my own VPS and Host for this issue. Is that possible to serve this blocked websites trough proxy by configuring apache settings?
Own Build Apache 2.4.4 (32bit) with IPv6 support Openssl 1.0.1e on Windows Server 2012.
We implemented this as a reverse proxy with Exchange 2010 behind it. We published Webmail out through Apache. Thought it was going well until users reported strange things. Exchange Web Services users were sending email and they arrived having been posted from another user's mailbox. Also, sometimes viewing the mailbox provides a view of somebody else's mailbox.
We checked out the logs on the Exchange CAS server and what appears to be happening is that the body of the post is being sent with the header of another post.
I have diesel generator controller card (IB Lite made by Comap) and the built-in webserver supports only a single user/session connected.
I want to set apache in front and serve multiple connection while apache is keeping a single session with the IB Lite card in background no matter how sessions it have.
I tried ProxyPass but it doesn't seems to be a solution.
I've been working with the Apache server (primary under CentOS, but some under Red Hat and on XAMPP stacks as well) and have been tasked with a project.
Periodically, we need to have our web sites down for maintenance - updates, backups, etc. What I've been told to do is find a way to have a 'front end' to our web sites so that, when they are down for maintenance, that then end-users will receive a message 'This site is down for maintenance till XX:XX AM/PM' or such.
Here are my questions:
- What would you call what I am trying to setup? The reading I've done implies that what I really want to setup is a reverse proxy server. Is that what I want to do? - If it isn't a reverse proxy I want to set up, what do I want to setup? - Of the different types of solutions available, What I could use for this? I've read about using Nginx in front of Apache, I've heard of Squid, I've heard about Tomcat. - Is this a type of 'clustering/high availability' project I'm really looking at here? I've been hearing those terms thrown about as well.
In case it makes any kind of a difference, the Apache instances are pretty simple - PHP, MySQL and that's about it - not very involved (for now). I'm hoping that I can learn what/how to do this correctly and, when I'm ready to add more capabilities, that I'll be able to extrapolate out from there what I'd need to do.
I am using apache proxypass to proxy to 4 different ports (java/jsp applications) with the following configurations (for each):
<VirtualHost *:80> ProxyPreserveHost On ProxyRequests Off ServerName *****.org ProxyPass / http://*****.org:8080/ retry=0 ProxyPassReverse / http://*****.org:8080/ </VirtualHost>
Everything seems work fine until an awkward delay / connection timeout occurs. The web application hangs for about 5 to 15 seconds and starts working normally after that period. It's certainly not the application's issue because everything is fine when using IP address to access it.
When I enabled the debug log in apache, I found out that every time the server seems to hang, the following error appears in the apache error log and the number of apache child processes keep on increasing (ps aux | grep apache).
[Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 4 in child 13208 for worker proxy:reverse [Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1837): proxy: worker proxy:reverse already initialized [Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1934): proxy: initialized single connection worker 4 in child 13208 for (*) [Thu Apr 11 10:20:41 2013] [debug] proxy_util.c(1818): proxy: grabbed scoreboard slot 3 in child 13208 for worker http://*****.org:8080/ ..... Also, the access log (access.log) completely stops during that hang period.
This debug message keeps on repeating as long as Apache/web-application is not responding. The application starts to work normally after that duration and the number of apache child process decrease to the normal number.
Apache version : 2.2.16 (Debian) OS : Debian GNU/Linux 6.0 root@server:~# apache2 -V Server version: Apache/2.2.16 (Debian) Server built: Nov 30 2012 08:58:36
-1 Public IP -Host Windows Server 2008 R2 AD/DNS/Hyper-V (server0) + VM Windows Server 2008 R2 Exchange 2010/IIS (server1) + VM Ubuntu server 13.11 Apache 2.4.6 with virtual hosts (server2) + VM Windows Server 2008 R2 Blackberry Enterprise Server running on a Jboss webserver (server3) -All port 80,443 requests points Ubuntu server 13.11 (server2)
Within Apache 2.4.6 I have virtualhost where the setup are as followed
For learning purpose I am configuring a blackberry enterprise server(bes) on server3. It's a clean installation with only the needed applications to run a bes. Because I only have 1 public ip I am trying to reverse proxy this webservice two like server1. The bes webservice is configured to accept connections on port 443. So my first web.conf setup was similar to the setup I used for server1 but I noticed that the webpage was displayed but I couldn't interact with the page because it was a java application. So digging deeper into this i found that the webpage that bes provided me to use isn't the real application but more like a iframe setup.
Example: BES Console address: https://server3.com/webconsole/login Real address: https://server3.com/websconsole/app
Unfortunately after finding this and editing my web.conf to proxypass reverse to this real address I encountered a other problem. The bes webconsole works with session is and parameters
I am using a Windows 7 and the proxy server is working fine. However, I need to run a web content filtering on the server. This should be able to replace or change specific words or phrases from an incoming html and deliver it to the client. I have searched the internet for days for a working configuration but none of them worked. Here is the current configuration I added on the httpd.conf file:
Behind a pfsense box we have a computer who act as a forward proxy with apache. At the end we have the family computer.This is the problem: i can't hide the forward proxy on internet, the forward proxy is reported "detected".
Currently i am trying to install an Apache 2.4.3 as a caching reverse proxy. I would like to use memcached as my cache backend. I figured out there is a mod_socache_memcache, which from my understanding, should do exactly that(in combination with mod_cache_socache). So i compiled mod_cache_socache from trunk, loaded mod_cache, mod_cache_socache and mod_socache_memcache, but now i am stuck with the configuration. Here is what i tried:
where do i configure the path to my memcached instance? The reason for memcached as chaching backend, is that the machine is a windows machine, and from my understanding mod_cache_disk is not as efficient on a NTFS filesystem as it is on EXT3/4.
Another reason is, that later on there should be a possibility to put a second Reverse Proxy machine which shares the cache with the first one by using the same memcached instance (is that possible at all?).
We are getting the error from the SAP portal where we have installed Apache as a reverse Proxy on Windows server.
The Apache Server received an invalid response from an upstream server.
The Proxy server could not handle the request POST/irj/portal
Reason: Error reading from remote server -------------------------------------------------- Apache/2.4.9 (Win32)OpenSSL/1.0.1h Server at www.xyz.com port 80
