"503 Service Unavailable"

H.Furukawa · June 15, 2023, 7:56am

"I'm trying to SSL "mattermost" but after doing "certbot --apache" I set up the config file but when I access https I get a "503 Service Unavailable".

My domain is:my_domain

I ran this command:

It produced this output:
"certbot --apache" ended successfully.
Then, the following settings were made.

/opt/mattermost/config/config.json

"ServiceSettings": {
   ...
   "SiteURL": "https://my_domain/",
   "ListenAddress": ":443",
   "TLSCertFile": "/etc/letsencrypt/live/my_domain/fullchain.pem",
   "TLSKeyFile": "/etc/letsencrypt/live/my_domain/privkey.pem",
   ...
},

/etc/httpd/conf/httpd-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
   DocumentRoot /var/www/html
   ServerName my_domain
   ProxyPreserveHost On
   RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
   RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}

   RewriteEngine On
   RewriteCond %{REQUEST_URI} /api/v[0-9]+/(users/)?websocket [NC]
   RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
   RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
   RewriteRule .* ws://127.0.0.1:8065%{REQUEST_URI} [P,QSA,L]

   <Location />
      Require all granted
      ProxyPass http://127.0.0.1:8065/
      ProxyPassReverse http://127.0.0.1:8065/
      ProxyPassReverseCookieDomain 127.0.0.1 my_domain
   </Location>

   SSLCertificateFile /etc/letsencrypt/live/my_domain/fullchain.pem
   SSLCertificateKeyFile /etc/letsencrypt/live/my_domain/privkey.pem
   Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

/etc/httpd/httpd.conf (The end result was the same whether this setup was done or not.)

<VirtualHost *:443>
    ServerName my_domain

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/my_domain/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/my_domain/privkey.pem

    ProxyPass / http://localhost:8065/
    ProxyPassReverse / http://localhost:8065/
    ProxyPreserveHost On
    RequestHeader set X-Forwarded-Proto "https" 
    RequestHeader set X-Forwarded-Port "443" 
</VirtualHost>

systemctl restart httpd

My web server is (include version):Apache/2.4.37

The operating system my web server runs on is (include version):Oracle Linux 8

My hosting provider, if applicable, is:Oracle Cloud

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):2.6.0

Osiris · June 15, 2023, 8:55am

Your Apache reverse proxy is trying to connect to localhost on port 8065 using HTTP, but your Mattermost configuration specifies to listen on port 443 with HTTPS. Which is in conflict with Apache which also tries to listen on port 443.

You should configure Mattermost to listen on port 8065 with just HTTP instead of HTTPS.

Also, I'm not sure why you have a duplicate HTTPS VirtualHost in httpd-le-ssl.confas well as httpd.conf? Duplicate virtualhosts are a recipe for trouble. It also seems these duplicates are not exactly the same, as the reverse proxy directives are slightly different and the two configurations have different additional reverse proxy directives missing in the other.

H.Furukawa · June 16, 2023, 4:38am

I will try to fix it and give it a try.
Will let you know the result.

system · July 16, 2023, 4:39am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.