Re: reverse proxy issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you, i think i'm getting the idea

Indeed, there are a number of VirtualHost entries and somehow i didn't check if they all fail with described symptoms or just specific one.
Therefore my assumption is - when it happens - no matter for what reason - this VirtualHost somehow gets removed from
the routing/search order  (or whatever else, i'm not familiar with architecture) and requests are routed to different irrelevant VirtualHost.

I went deeper and found in logs that assumption seems to be correct.
AH02043: SSL virtual host for servername <my vhost> found
AH01964: Connection to child 4 established (server DEFAULT:443)

and this is WRONG one, actually the mock from 00default.conf

MPM module configuration i think is default, i can see

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

in /etc/httpd/conf.modules.d/00-mpm.conf
 

So the goal now is to determine the cause why the proper VirtualHost gets skipped.
And it would be nice to find a permanent fix for it.

Regarding the ProxyPass statement, it points to application FQDN,
is there any possibility that Application temporary outage (e.g. 404) will cause the VirtualHost elimination?


On Wed, Jun 8, 2022 at 8:07 PM Yann Ylavic <ylavic.dev@xxxxxxxxx> wrote:
On Wed, Jun 8, 2022 at 3:21 PM Serge Krawczenko <skrawczenko@xxxxxxxxx> wrote:
>
> We have application server behind httpd as a reverse proxy,
> with basic ldap auth, so only ldap authenticated users are able to get into the application.
> (    Require valid-user
>     Allow from all
> )

It's usually not a good idea to mix Require (httpd >= 2.4) and Allow
(httpd < 2.4) directives together, though I don't see how it could
lead to the symptoms you are seeing.

>
> Everything works well and configuration is very basic.
> However,
> Sometimes like once in a month or two it fails and httpd stops acting like a reverse proxy.
> I.e. https://url/my-app fails with 404 trying to find my-app locally.
> (the requested URL /my-app was not found on this server)

If there are multiple VirtualHosts on the same IP:port in your server,
possibly some requests reach one with no "ProxyPass /my-app ..."
defined?
It may happen if an unknown Host/SNI is handled by the default vhost
for instance, but it wouldn't explain why all the following requests
go there (unless the app/something at some point starts redirecting to
a different URL).

>
> It is 'fixed' by restarting httpd and is very annoying for users.
>
> Debug turned on for proxy and ldap modules and there's absolutely nothing suspicious.
> When the situation occurs, there's just no attempt to refer to the 'proxypass' it is
> just trying to get the local path immediately.
>
> It cannot be reproduced as well and there's no specific periodicity for this failure.
> Anything i'm missing? Any more debug to turn on?

Which httpd MPM and modules are used? It could be a non thread-safe
module running on a threaded MPM, corrupting some global state when
the load increases.


Regards;
Yann.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux