Httpd returning 503 Service Unavailable with mod_proxy for Tomcat 8
ApacheTomcatApache Problem Overview
I'm trying to integrate Tomcat with Apache. My aim is to redirect all the requests with
http://localhost/myapp to http://localhost:8080
I followed this guide: http://tomcat.apache.org/tomcat-8.0-doc/proxy-howto.html
My httpd.conf looks like this:
Include conf.modules.d/*.conf
LoadModule proxy_module modules/mod_proxy.so
ProxyPass /myapp http://localhost:8080 retry=0 timeout=5
ProxyPassReverse /myapp http://localhost:8080
My server.xml in apache-tomcat looks like this:
<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" proxyPort="80" />
Now when I try the url http://localhost/myapp, it gives 503 Service Unavailable error.
Both Tomcat and Apache are up and running. The URL http://localhost:8080 works fine.
Can there be an issue with file permissions?
For tomcat the user and group are root/root and for httpd, the user and group are apache/apache
Am I missing something or am I doing it wrong?
Httpd version is 2.4.6 and Tomcat's version is 8.0
The httpd error logs:
[proxy:error] [pid 19905] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed
[proxy:error] [pid 19905] AH00959: ap_proxy_connect_backend disabling worker for (localhost) for 0s
[proxy_http:error] [pid 19905] [client ::1:51615] AH01114: HTTP: failed to make connection to backend: localhost
Solved!
The answer is here: http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/
Apache Solutions
Solution 1 - Apache
(Answered by the OP in a question edit. Converted to a community wiki answer. See <https://meta.stackoverflow.com/questions/251597/question-with-no-answers-but-issue-solved-in-the-comments> )
The OP wrote: > The answer is here: <http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/>
Which is a link to a blog that explains: > SELinux on RHEL/CentOS by default ships so that httpd processes cannot initiate outbound connections, which is just what mod_proxy attempts to do.
If this is the problem, it can be solved by running:
/usr/sbin/setsebool -P httpd_can_network_connect 1
And for a more definitive source of information, see https://wiki.apache.org/httpd/13PermissionDenied
Solution 2 - Apache
Resolve issue Immediate, It's related to internal security
We, SnippetBucket.com working for enterprise linux RedHat, found httpd server don't allow proxy to run, neither localhost or 127.0.0.1, nor any other external domain.
As investigate in server log found
[error] (13)Permission denied: proxy: AJP: attempt to connect to
10.x.x.x:8069 (virtualhost.virtualdomain.com) failed
Audit log found similar port issue
type=AVC msg=audit(1265039669.305:14): avc: denied { name_connect } for pid=4343 comm="httpd" dest=8069
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket
Due to internal default security of linux, this cause, now to fix (temporary)
/usr/sbin/setsebool httpd_can_network_connect 1
Resolve Permanent Issue
/usr/sbin/setsebool -P httpd_can_network_connect 1
Solution 3 - Apache
this worked for me by editing my *.conf file in apache:
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine On
<Proxy http://localhost:8123>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /node http://localhost:8123
ProxyPassReverse /node http://localhost:8123
Solution 4 - Apache
On CentOS Linux release 7.5.1804, we were able to make this work by editing /etc/selinux/config and changing the setting of SELINUX like so:
SELINUX=disabled