Sometimes I get the following error (in apache's error.log) when viewing my site over https:
(502)Unknown error 502: proxy: pass request body failed to xxx.xxx.xxx.xxx:443
I'm not entirely sure what this is and why it happens, it's also not consistent.
The request route is:
- Browser
- Proxy server (apache with mod_proxy + mod_ssl)
- Load balancer (aws)
- Web server (apache with mod_ssl)
The configuration on the proxy server is as follows:
<VirtualHost *:443>
ProxyRequests Off
ProxyVia On
ServerName www.xxx.co.uk
ServerAlias xxx.co.uk
<Directory proxy:*>
Order deny,allow
Allow from all
</Directory>
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
</Proxy>
ProxyPass / balancer://cluster:443/ lbmethod=byrequests
ProxyPassReverse / balancer://cluster:443/
ProxyPreserveHost off
SSLProxyEngine On
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.cert
SSLCertificateKeyFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.key
<Proxy balancer://cluster>
BalancerMember https://xxx.eu-west-1.elb.amazonaws.com
</Proxy>
</VirtualHost>
Any idea what the issue might be?
In my case, the problem was the backend (stunnel) not accepting the SSL version that Apache was sending. I found in syslog that stunnel was reporting "routines:SSL3_GET_RECORD:wrong version number" and then i found the solution in https://serverfault.com/a/303851/69972