Proxy reversing SSL server in Apache

0
votes

I am struggling with proxy reversing an SSL server in Apache. Right now I have many websites under many subdomains in one domain.
For example:

gitlab.mydomain.com
nextcloud.mydomain.com
plex.mydomain.com

All the websites use Letsencrypt certificates so they are HTTPS enabled.

The thing is, that so far no server running at my localhost was HTTPS. For example Plex is running as a standalone HTTP server on my localhost which I simply proxy reverse using Apache and in the internet it is secured with Letsencrypt.

Now I need to proxy reverse an already secured HTTP server. Namely Jenkins - it is running with Letsencrypt on my localhost for various reasons. I should also mention that the certificate used to encrypt it on localhost is the same as the certificate I use in Apache.

So my Jenkins is running on port 8443 and my Apache configuration for Jenkins is the following:

# Just to redirect HTTP to HTTPS
<VirtualHost *:80>
  ServerName jenkins.mydomain.com
  ServerAlias www.jenkins.mydomain.com
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<Virtualhost *:443>
    ServerName jenkins.mydomain.com
    ServerAlias https://jenkins.mydomain.com
    ProxyRequests Off
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode

    <Proxy https://localhost:8443/jenkins*>
      Order deny,allow
      Allow from all
    </Proxy>

    ProxyPass         /jenkins  http://localhost:8443/jenkins nocanon
    ProxyPassReverse  /jenkins  http://localhost:8443/jenkins
    ProxyPassReverse  /jenkins  http://jenkins.mydomain.com/jenkins
    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"
    RequestHeader set X-Forwarded-Ssl on

    RewriteEngine on
    RewriteRule   "^/$"  "/jenkins/"  [R]

    SSLEngine on
    SSLCertificateFile  path/to/fullchain.pem
    SSLCertificateKeyFile path/to/privkey.pem
</Virtualhost>

However, with this configuration I get an error 502 (Proxy Error):

The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /jenkins/. Reason: Error reading from remote server

1
apachessljenkinsreverse-proxy

1 Answers

0
votes

The 502 you're getting is because Apache isn't receiving a response from http://localhost:8443/jenkins. This is the first issue that needs to be resolved before anything else can work. Ensure that you are able to access Jenkins by utilizing cURL.

For example: curl http://localhost:8443/jenkins if no response then try curl https://localhost:8443/jenkins if no response there, then I'd take a look and see if Jenkins is configured properly.

There are a couple things I did notice that should be updated in your Virtual Host configuration.

  1. ServerAlias https://jenkins.mydomain.com should be ServerAlias www.jenkins.mydomain.com as https:// should not be included in a ServerAlias directive, plus you may want to be able to get to the site using https://www.jenkins.mydomain.com since that's in the non-https directive. You also most likely will want to include a rewrite in your https virtual host that rewrites www.jenkins.mydomain.com to jenkins.mydomain.com.

  2. You probably don't need the second ProxyPassReverse directive.