I am attempting to use ProxyPass and ProxyPassReverse to proxy requests through Apache to another server instance that is bound to the localhost on a different TCP port that the Vhost exists (VHost is bound to :80, when the target is bound to :5000).
However, I am repeatedly receiving HTTP 503 when accessing the Location.
According to the ProxyPass documentation...
<VirtualHost *:80>
ServerName apacheserver.domain.local
DocumentRoot /var/www/redmine/public
ErrorLog logs/redmine_error
<Directory /var/www/redmine/public>
Allow from all
Options -MultiViews
Order allow,deny
AllowOverride all
</Directory>
</VirtualHost>
PassengerTempDir /tmp/passenger
<Location /rhodecode>
ProxyPass http://127.0.0.1:5000/rhodecode
ProxyPassReverse http://127.0.0.1:5000/rhodecode
SetEnvIf X-Url-Scheme https HTTPS=1
</Location>
I have tested binding the alternate server to the interface IP address, and the same issue occurs.
The server servicing request is an instance of python paste:httpserver, and it has been configured to use the /rhodecode suffix (as I saw this to be mentioned in other posts about ProxyPass). The documentation from the project itself, Rhodecode, reports to use the above.
The issue is persistent if I target another server that is serving on a different port.
Does ProxyPass allow proxying to a different TCP port?
[update]
I won't delete this, in case someone comes across the same issue.
I had set an ErrorLog, and in that ErrorLog the following error was reported:
[Wed Nov 09 11:36:35 2011] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 127.0.0.1:5000 (192.168.100.100) failed
[Wed Nov 09 11:36:35 2011] [error] ap_proxy_connect_backend disabling worker for (192.168.100.100)
After some more research, I attempted to set SELinux to permissive (echo 0 >/selinux/enforce
), and try again.
It turns out the SELinux boolean httpd_can_network_connect
must be set to 1
.
For persistence on reboot:
setsebool -P httpd_can_network_connect=1
A nicer way to fix this (to have your cake and eat it) with regards to SELinux is to run this command to make httpd_t types aware of the port you are using..
You can turn off that boolean then and still get it to work.