Join Log in
Score:0
headrift avatar Server

Apache 2.4 ProxyPass to url results in errors 403 and 502 for Diaspora and Mastodon

in flag
headrift

I'm trying to run Diaspora and Mastodon on my server (crazy idea, right?) and Apache's ProxyPass won't work to localhost ports 3000 (Diaspora) and 4000 (Mastodon). I get a 403 for both https://diaspora.thechatpit.com and https://mastodon.thechatpit.com -- both have different users, but I've got both users in the same group for the user Apache uses, and the permissions have been expanded to give the same permissions to the file and directory for the group as per the user permissions. About the only thing I can think of from here is to chmod everything 777, but that's never the right thing to do.

I'm going to include the redacted config files for each, starting with Diaspora:

# Diaspora config file for Apache

<VirtualHost *:80>
  ServerName diaspora.thechatpit.com
  RedirectPermanent / https://diaspora.thechatpit.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName diaspora.thechatpit.com
  DocumentRoot "/usr/share/webapps/diaspora/public"

  SSLEngine on
  SSLCertificateFile <cert>
  SSLCertificateKeyFile <key>

  RewriteEngine on
  RewriteCond %{HTTP_HOST} !^diaspora\.thechatpit\.com [NC]
  RewriteRule ^/(.*)$ https://diaspora\.thechatpit\.com/$1 [L,R,QSA]

  # For Camo support
  RewriteRule ^/camo/(.*)$ balancer://camo/$1 [P,QSA,L]
 
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]

  <Proxy balancer://upstream>
    BalancerMember http://localhost:3000
    BalancerMember http://localhost:8081
  </Proxy>

  ProxyRequests on
  ProxyVia on  
  ProxyPreserveHost on
  RequestHeader set X_FORWARDED_PROTO https

  <Proxy *>
    Require all granted
  </Proxy>

  <Directory "/usr/share/webapps/diaspora/public">
    Options -MultiViews
    Require all granted
  </Directory>

  <Location "/usr/share/webapps/diaspora/public">
    ProxyPass "https://localhost:3000"
    ProxyPassReverse "https://localhost:3000"
  </Location>

</VirtualHost>

...and the one for Mastodon:

# Mastodon for Apache config file

<VirtualHost *:80>
  ServerName mastodon.thechatpit.com
  
  RedirectPermanent / https://mastodon.thechatpit.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName mastodon.thechatpit.com
  DocumentRoot /var/lib/mastodon/public

  SSLEngine on
  SSLCertificateFile <cert>
  SSLCertificateKeyFile <key>

  RewriteEngine On
  RewriteCond %{HTTP_HOST} !^mastodon\.thechatpit\.com [NC]
  RewriteRule ^/(.*)$ https://mastodon\.thechatpit\.com/$1 [L,R,QSA]

  ProxyRequests on
  ProxyVia on
  ProxyPreserveHost on
  RequestHeader set X_FORWARDED_PROTO https

  <Proxy balancer://upstream>
    BalancerMember https://localhost:4000
  </Proxy>

  <Proxy *>
    Require all granted
  </Proxy>

  <Directory /var/lib/mastodon/public>
    Options -MultiViews
    Require all granted
  </Directory>

  <Location /var/lib/mastodon/public>
    ProxyPass "https://localhost:4000"
    ProxyPassReverse "https://localhost:4000"
  </Location>
</VirtualHost>

It might be something simple with the proxies, but I've been banging my head against this all day and am ready for some help

30
0 + 4
jp flag
Esa Jokinen
You have tried many things and left them all in the configuration. You should either have a reverse proxy or serve (static) files directly with Apache, but you have configuration related to both.
0
Reply
jp flag
Esa Jokinen
Furthermore, with `<Location /var/lib/mastodon/public>` your proxy is in https://mastodon.thechatpit.com/var/lib/mastodon/public which replies with a "Proxy Error: Error during SSL Handshake with remote server". The error suggests it doesn't have a trusted certificate for `localhost`, but typocally it is ok to have these connections in plain text while terminating the TLS connection with the reverse proxy.
0
Reply
jp flag
Esa Jokinen
The other proxy is working in https://diaspora.thechatpit.com/usr/share/webapps/diaspora/public with a content type that causes a download rather than displaying a page.
0
Reply
jp flag
Esa Jokinen
Please read the official documentation that explains the difference between `Directory` & `Location` contexts and the introduction to reverse proxies. I'd advice removing the entire configuration and configuring from scratch according to them.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.