Greenhorn
posted 4 years agoFor a reverse proxy, a common 5xx error message is 503, meaning that the backend server is not reachable. In the technical architecture of my blog site, the WordPress site with my blogs is hosted on a Raspberry Pi in my living room, while external access is through a reverse proxy hosted on Amazon EC2.
- Optional 'thank-you' note:
I'm following this guide to setup Tomcat 8 on Ubuntu Server 16.04 using Apache2's mod_jk module as a reverse proxy:
https://www.digitalocean.com/community/tutorials/how-to-encrypt-tomcat-8-connections-with-apache-or-nginx-on-ubuntu-16-04
Everything works until the last step, which is to change the HTTP and AJP Connectors in server.xml to only listen on localhost. Here's the change I made to the AJP Connector (added localhost in the address):
Before this change, typing https://myhostname takes me to the Tomcat administration page; after it, I get '503 Service Unavailable'.
Here's the relevant portion of mod_jk.log
https://www.digitalocean.com/community/tutorials/how-to-encrypt-tomcat-8-connections-with-apache-or-nginx-on-ubuntu-16-04
Everything works until the last step, which is to change the HTTP and AJP Connectors in server.xml to only listen on localhost. Here's the change I made to the AJP Connector (added localhost in the address):
Before this change, typing https://myhostname takes me to the Tomcat administration page; after it, I get '503 Service Unavailable'.
Here's the relevant portion of mod_jk.log
Saloon Keeper
posted 4 years ago- Optional 'thank-you' note:
You might want to check the Tomcat catalina.out and localhost log files to make sure that port 8009 didn't fail to open.
Although your proxy log message seems to be indicating that Apache might have been trying to connect using IPV6 and your allowable address (127.0.0.1) is an IPv4 address. If that's the case, I'd try and ensure that the Apache-to-Tomcat tunnel on port 8009 used IPv4, since I don't thing IPv6 gains you a lot on a loopback connection.
Although your proxy log message seems to be indicating that Apache might have been trying to connect using IPV6 and your allowable address (127.0.0.1) is an IPv4 address. If that's the case, I'd try and ensure that the Apache-to-Tomcat tunnel on port 8009 used IPv4, since I don't thing IPv6 gains you a lot on a loopback connection.
Some people, when well-known sources tell them that fire will burn them, don't put their hands in the fire.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.
Greenhorn
posted 4 years ago- Optional 'thank-you' note:
Here are the logs based on your suggestion, it doesn't seem like there is an issue with port 8009 starting as line 36 of the catalina.out says this 'Initializing ProtocolHandler ['ajp-nio-127.0.0.1-8009']' but I'm not 100% sure:
Also, how do I ensure that the Apache-to-Tomcat tunnel on port 8009 uses IPv4. I didn't see anything I could change in the server.xml connector config to specify IP Type??
Apologies, I'm new to configuring tomcat and this is a bit of a learning process for me.
Thanks much!
Localhost.log:
catalina.out after running systemctl restart tomcat as root
Also, how do I ensure that the Apache-to-Tomcat tunnel on port 8009 uses IPv4. I didn't see anything I could change in the server.xml connector config to specify IP Type??
Apologies, I'm new to configuring tomcat and this is a bit of a learning process for me.
Thanks much!
Localhost.log:
catalina.out after running systemctl restart tomcat as root
Saloon Keeper
posted 4 years ago- I am not sure this is what you really want: with your current config, the steps that follow after you open localhost:8080 are: 1. The local socket to 8080 is connected to the proxy container port 80 2. The proxy container proxies back to host on port 8001 (172.17.42.1 is the gateway of the docker network, ie. It is same host as localhost) 3. Port 8001 on the host is connected to the cicd.
- The primary idea behind ServiceQ is to have a concurrent reverse proxy providing first and foremost two capabilities — a) fair load balancing and b) failed request buffering.
- Apache is reporting that there isn't a socket to open on that port, which is why 'Service unavailable', not an apache problem.
- I created two VMs in the VirtualBox. One of them is Reverse Proxy server and another one is Apache Web Server. The specifications of VM1 (Reverse Proxy) are as follows: NIC 1 is NAT and Its IP address is '10.0.3.15'. NIC 2 is Internal Network and its IP address is '192.168.1.3'. The specifications of VM2 (Apache Web Server) are as follows.
- Optional 'thank-you' note:
You can use the command 'netstat -tnlp' to list what programs are listing on which ports/protocols.
But it does appear that Apache is attempting to use IPv6 to communicate and your listening address on the connector is set for IPv4.
Unfortunately, Apache does its IPv6/IPv4 things with a certain amount of 'magic' these days, so it's not always easy to tell what protocols it's going to use. You'll probably have to read the Apache docs. I would expect that the mod_jk configuration options would deal with that, but unfortunately, the DigitalOcean tutorial doesn't show a functional and complete set of sample mod_jk directives
It's not totally essential that you limit the port 8009 listening address. That's not a public port, so access to it should be firewall-blocked both at the external entry to your site from the Internet, and in your case, on the local machine (iptables) itself. If someone managed to get far enough into your server to be able to send local requests inside the machine's firewall, you've probably already be totally eaten.
Also, are you the 'Bostich' that posted to the DigitalOcean site not long ago? We really would like to be notified when you cross-post stuff. Otherwise people get confused because sometime they'll answer on one site and sometimes on another.
But it does appear that Apache is attempting to use IPv6 to communicate and your listening address on the connector is set for IPv4.
Unfortunately, Apache does its IPv6/IPv4 things with a certain amount of 'magic' these days, so it's not always easy to tell what protocols it's going to use. You'll probably have to read the Apache docs. I would expect that the mod_jk configuration options would deal with that, but unfortunately, the DigitalOcean tutorial doesn't show a functional and complete set of sample mod_jk directives
It's not totally essential that you limit the port 8009 listening address. That's not a public port, so access to it should be firewall-blocked both at the external entry to your site from the Internet, and in your case, on the local machine (iptables) itself. If someone managed to get far enough into your server to be able to send local requests inside the machine's firewall, you've probably already be totally eaten.
Also, are you the 'Bostich' that posted to the DigitalOcean site not long ago? We really would like to be notified when you cross-post stuff. Otherwise people get confused because sometime they'll answer on one site and sometimes on another.
Some people, when well-known sources tell them that fire will burn them, don't put their hands in the fire.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.
Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.
And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.
Greenhorn
![Proxy Proxy](https://ibmimedia.com/assets/uploads/media-uploader/configure-varnish-with-apache-01616131425.png)
- Optional 'thank-you' note:
Tim,
Thank you for your clarifications! Yes that post on DO is mine.
Thank you for your clarifications! Yes that post on DO is mine.
Apache 503 Error
HTTP Error 503 on client when using reverse proxy in IIS?!
Jan 05, 2017 07:57 PM|seanvree|LINK
Hello,
I'm trying to redirect and rewrite all incoming requests to my IIS server (Seanvree.com) (DefaultAppPool)) from
jackett.seanvree.com
to
my internal (python based websever running on the same IIS machine at 192.168.1.20: 9117
And then rewrite back to the client as Jackett.seanvree.com
Reverse Proxy, right?
So my web.config looks like this:
Letter box with parcel box. <rule name='ReverseProxyInboundJackett' enabled='true' stopProcessing='true'>
<match url='(jackett.*)' />
<conditions logicalGrouping='MatchAll' trackAllCaptures='false' />
<action type='Redirect' url='192.168.1.20:9117' appendQueryString='false' />
</rule>
</rules>
<outboundRules>
<rule name='ReverseProxyOutboundRule1' preCondition='ResponseIsHtml1' enabled='true'>
<match filterByTags='A, Form, Img' pattern='^http(s)?://192.168.1.20:9117/(.*)' />
<action type='Rewrite' value='http{R:1}://jackett.seanvree.com' />
</rule>
<match url='(jackett.*)' />
<conditions logicalGrouping='MatchAll' trackAllCaptures='false' />
<action type='Redirect' url='192.168.1.20:9117' appendQueryString='false' />
</rule>
</rules>
<outboundRules>
<rule name='ReverseProxyOutboundRule1' preCondition='ResponseIsHtml1' enabled='true'>
<match filterByTags='A, Form, Img' pattern='^http(s)?://192.168.1.20:9117/(.*)' />
<action type='Rewrite' value='http{R:1}://jackett.seanvree.com' />
</rule>
I followed this reference:
Apache Reverse Proxy Https
https://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis
![Proxy Proxy](/uploads/1/3/4/8/134808431/232104769.jpg)
However, I keep getting 'HTTP Error 503. The service is unavailable.' on the requesting client.
In my failedreqlog files i see this error:
siteId='1'
appPoolId='DefaultAppPool'
processId='22800'
verb='GET'
authenticationType='NOT_AVAILABLE' activityId='{80000306-0002-D100-B63F-84710C7967BB}'
failureReason='STATUS_CODE'
statusCode='500.52'
triggerStatusCode='500.24'
timeTaken='0'
appPoolId='DefaultAppPool'
processId='22800'
verb='GET'
authenticationType='NOT_AVAILABLE' activityId='{80000306-0002-D100-B63F-84710C7967BB}'
failureReason='STATUS_CODE'
statusCode='500.52'
triggerStatusCode='500.24'
timeTaken='0'
So I'm not sure what that mens?
HELP!!!!
Apache Reverse Proxy 503 Service Unavailable Free
Thanks,