Join Log in
Score:1
avatar Server

Accessing server's web server on local network with its local IP address

au flag
grasswistle

I have a server with Apache as a proxy for requests to a Node web service. I am currently able to connect using a browser outside of my local network using my domain name: https://mydomain.ca. I believe I used to be able to connect using a browser inside my local network using the server's local IP address: https://10.0.0.13. However, when I try now, I get a 500 error. I'm looking for help with getting this to work again. I'd also be okay with not using SSL on my local network and accessing the server with http://10.0.0.13 if that's more achievable.

I get the following text with the 500 error:

The proxy server could not handle the request 
Reason: Error during SSL Handshake with remote server

I went looking in my Apache error log (/var/log/apache2/error.log) for more clues, but I didn't find the text I found super helpful:

[Sun Nov 28 23:11:42.609115 2021] [proxy_http:error] [pid 28560:tid 140085584455424] [client 10.0.0.220:26070] AH01097: pass request body failed to 127.0.0.1:4201 (loca lhost) from 10.0.0.220 () 
[Sun Nov 28 23:11:42.769782 2021] [proxy:error] [pid 28560:tid 140085567670016] (20014)Internal error (specific information not available): [client
10.0.0.220:26071] AH 01084: pass request body failed to 127.0.0.1:4201 (localhost) 
[Sun Nov 28 23:11:42.769805 2021] [proxy:error] [pid 28560:tid 140085567670016] [client 10.0.0.220:26071] AH00898: Error during SSL Handshake with remote server returne d by /

Here is what my conf files look like:

mydomain.ca-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName mydomain.ca
    ServerAlias www.mydomain.ca
    ProxyPreserveHost on
    SSLProxyEngine on
    ProxyPass / https://localhost:4201/
    ProxyPassReverse / https://localhost:4201/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

ServerAlias mydomain.ca
SSLCertificateFile /etc/letsencrypt/live/mydomain.ca/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.ca/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

mydomain.ca.conf

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName mydomain.ca
    ServerAlias www.mydomain.ca
    DocumentRoot /var/www/mydomain.ca
    ProxyPreserveHost on
    ProxyPass / http://localhost:4201/
    ProxyPassReverse / http://localhost:4201/
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost>

EDIT - Here is some information about the Node web service: The Node web service is listening on a single port and it is only listening to https connections.

282
0 + 0
ssl
ru flag
Zada Zorg
`http://10.0.0.13` should work. Just ensure, that browser do not redirect to https automatically, which is most likely due to latest trends to become https only.
0
Reply
au flag
grasswistle
I double checked that I was not getting redirected and can confirm that the problem described above continues to occur even when I navigate to `http://10.0.013` from within my local network
0
Reply
Score:2
avatar Server
in flag
Gerald Schneider

You have configured both HTTP and HTTPS to connect to the same port on the backend server.

It is highly unlikely that your backend server supports both protocols on the same port.

Either use HTTP in both VirtualHosts, or use the correct port for HTTPS if your backend server supports both.

0 + 0
ru flag
Zada Zorg
Backend support only http. The SSL termination is happen on apache side. So that configuration is OK.
0
Reply
in flag
Gerald Schneider
no, it's not. You have `ProxyPass / https://localhost:4201/` in your config. Apache tries to talk to your backend with https, but it answers with HTTP. Hence the `Error during SSL Handshake`.
2
Reply
ru flag
Zada Zorg
Ah, correct. That is another mistake. Both virtual hosts should use http I think. But for sure, we do not know about backend anything.
0
Reply
au flag
grasswistle
I edited my original post with some additional information about how the Node web service is set up. I tried `ProxyPass / https://localhost:4201/` in `mydomain.ca.conf` and then navigating to `http://mydomain.ca`, but then got a different "Internal Service Error". I also tried navigating to `https://10.0.0.13` and that continues to get me the same "Proxy Error" described above. In particular, I'm not sure why this last approach doesn't work when `https://mydomain.ca` works from outside of my network.
0
Reply
Score:1
avatar Server
au flag
grasswistle

Some of the comments above got me thinking about this the right way. The approach I went with was to

  • run separate http & https servers on different ports within my Node web service,
  • update the port numbers in mydomain.ca.conf and mydomain.ca-le-ssl.conf to correspond to the right port numbers, and
  • update mydomain.ca.conf to only respond to requests from localhost or LAN as shown below.
<VirtualHost *:80>
  # We should only access the web server via http if on localhost
  # or within LAN.
  <Location />
    Require local
    Require ip 10.0.0.0/24
  </Location>
  ...

With all this in place, I can now access http://10.0.0.13 from inside my local network and https://mydomain.ca from outside my local network.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.