I have a strange problem that looks to me like a bug.
I am using apache 2.2 as a simple forward proxy.
The same setup works on another server (same operation system, same version).
I simply install apache2 and enable the modules
proxy_connect and set up proper authentication methods.
Normal http requests work fine, but https requests display (after some waiting time) the following erro in the browser (chrome);
Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
The apache errror log displays the following:
[Tue Dec 27 18:30:17 2011] [error] [client ***] (20014)Internal error: proxy: error reading status line from remote server ***.com [Tue Dec 27 18:30:17 2011] [error] [client ***] proxy: Error reading from remote server returned by ***.com:443
I read some bug reports and googled for the error and found some stuff that in reverse proxy setups and set some some environment variables to disable keep alives, but it did not solve the problem.
The strange thing is that on another server it seems to work just fine!
Can anybody point me in the right direction with this error?
The servers run on
Ubuntu 10.04.3 LTS but I also reproduced the probelm on a test server which runs
Ubuntu 10.04 LTS
The exact apache version affected is:
[email protected]:/home/pm-peer# apache2ctl -V Server version: Apache/2.2.14 (Ubuntu) Server built: Nov 3 2011 03:29:23 Server's Module Magic Number: 20051115:23 Server loaded: APR 1.3.8, APR-Util 1.3.9 Compiled using: APR 1.3.8, APR-Util 1.3.9 Architecture: 64-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT="" -D SUEXEC_BIN="/usr/lib/apache2/suexec" -D DEFAULT_PIDLOG="/var/run/apache2.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types" -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"
My configuration which differs from the default is the following:
ServerLimit 1024 ProxyRequests On ProxyVia Block ProxyStatus Off # i tried the following to solve the problem #SetEnv force-proxy-request-1.0 1 #SetEnv proxy-nokeepalive 1 #SSLProxyEngine on DefineExternalAuth proxy_auth pipe /home/pm-peer/proxy_auth.php <Proxy *> Allow from 127.0.0.1 AuthType Basic AuthName "Password Required" AuthBasicProvider external AuthExternal proxy_auth Require valid-user # tried the following directives also inside the proxy container #SetEnv force-proxy-request-1.0 1 #SetEnv proxy-nokeepalive 1 </Proxy>
I also tried upgrading the other server where everything works with apt-get upgrade, because I suspected that maby an update caused this error. But after the ugprade and an apache restart everything still worked.
I think I must have (without knowing it) done something on the other server that made it work, but I have no clue what it could be. Maby I installed a package or library that is missing?
I start with a ubuntu minimal version and isntall the following, thats pretty much it:
apt-get install -y php5-cli libapache2-mod-php5 php5-curl libapache2-mod-authnz-external logrotate php5-mysql a2enmod proxy a2enmod proxy_http a2enmod proxy_connect a2enmod rewrite a2enmod headers a2enmod authnz_external