apache2 reverse proxy to docker container 403 forbidden?

Question

I've set up apache2 on Ubuntu 18.04 on a VPS - I'm having SSL certificate problems, but anyway, I've set the default conf to reverse proxy to an unsecure docker container, currently running a test node app (I want to use .net core eventually.) Here's the settings in the conf file:

    <VirtualHost 77.68.7.249:443>
            ServerName www.thegatehousewereham.com
            ServerAlias *.thegatehousewereham.com
            ServerAdmin [email protected]

            ProxyPreserveHost On
            ProxyPass / http://localhost:8000/
            ProxyPassReverse / http://localhost:8000/

            <Proxy http://localhost:8000/*>
              Order deny,allow
              Allow from all
            </Proxy>

I'm getting a 403 forbidden in the browser - in the error.log I see:

[Tue Jan 21 20:56:11.109712 2020] [authz_core:error] [pid 1251:tid 140677341959936] [client 94.197.37.81:53133] AH01630: client denied by server configuration: proxy:http://localhost:8000/ [Tue Jan 21 20:56:11.216718 2020] [authz_core:error] [pid 1251:tid 140677493028608] [client 94.197.37.81:53133] AH01630: client denied by server configuration: proxy:http://localhost:8000/favicon.ico, referer: https://www.thegatehousewereham.com/ r

Could this be a firewall issue?

Any help appreciated. Spending too long on this, just want to get on. Thanks, Andy.

UPDATE: I'm using apache 2.4 and I'm not sure about that proxy instruction. i changed it to

            <Proxy http://localhost:8000/*>
              Require all granted
            </Proxy>

and now I see this:

[Tue Jan 21 21:57:01.084817 2020] [proxy:warn] [pid 6618:tid 139968717412096] [client 94.197.37.81:54689] AH01144: No protocol handler was valid for the URL / (scheme 'http'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule. [Tue Jan 21 21:57:01.169791 2020] [proxy:warn] [pid 6618:tid 139968709019392] [client 94.197.37.81:54688] AH01144: No protocol handler was valid for the URL /favicon.ico (scheme 'http'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule., referer: https://thegatehousewereham.com/

I'm not sure this is an improvement, but it's different.

Andrew Douglas Andrew Douglas · Accepted Answer · 2020-01-21T22:09:46

OK, so using the proper Proxy scheme got me somewhere - I think made sure i had enabled the modules proxy, proxy_http and proxy_balancer - the first two were already enabled - the third it 'said' was already enabled, but this was the output:

a2enmod proxy_balancer Considering dependency proxy for proxy_balancer: Module proxy already enabled Considering dependency alias for proxy_balancer: Module alias already enabled Considering dependency slotmem_shm for proxy_balancer: Enabling module slotmem_shm. Enabling module proxy_balancer. To activate the new configuration, you need to run: systemctl restart apache2

And now it seems to work ok - I'm seeing the application ok, it's all under SSL. We'll see how it goes from here.

apache2 reverse proxy to docker container 403 forbidden?

1 Answers