Problems with Apache proxy with Let's encrypt

hesh · June 27, 2022, 12:15pm

Helo
I am experiencing problems accessing a site with Apache Proxy Server with SSL access.

Configuration:

Internet → (https) → Apache Proxy → (http) → Joomla (Apache)
Display does not work properly.

Internet → (http) → Apache Proxy → (http) → Joomla (Apache)
Representation works correctly.

VirtualHost Proxy without SSL (test.koller.ch)
<VirtualHost *:80>
ServerName test.koller.ch
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyPreserveHost On
	ProxyRequests Off
	ProxyVia full
	ProxyPass / http://192.168.1.34/
	ProxyPassReverse / http://192.168.1.34/

VirtualHost Proxy with SSL

<VirtualHost *:443>
ServerName oc.koller.ch
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

ProxyPreserveHost On
ProxyPass / http://192.168.1.34:80/
ProxyPassReverse / http://192.168.1.34:80/

SSLCertificateFile /etc/letsencrypt/live/koller.ch/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/koller.ch/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

Apache log see attachment
LogApacheMitOhneSSL-EN.txt (10.3 KB)

Does anyone have any ideas to help solve this?

Thanks in advance for your efforts.

MikeMcQ · June 27, 2022, 12:21pm

Can you explain what the problem is? I see many HTTP 200 OK responses in your log for both domain names. I also successfully connect to both of your domain names.

Osiris · June 27, 2022, 12:32pm

Your certificate is not valid for the test subdomain.

MikeMcQ · June 27, 2022, 12:38pm

It is not. But, in the log they used test domain with http and robert domain (*) for https. They both work like that but I agree the test domain is not in the cert so would show errors if tried with https.

(*) The first post shows VirtualHost for oc domain but the log is robert for https. I see both oc and robert working fine and both those names are in the cert.

hesh · June 27, 2022, 12:48pm

Yes. I therefore only use test.koller.ch with http.

hesh · June 27, 2022, 12:53pm

Yes, the log is different. Sorry for the confusion. I first tested the configuration with robert.koller.ch and extracted the log. But to continue using robert.koller.ch, I set up oc.koller.ch as domain name for https. It behaves exactly the same.

So testing is now possible with

or
http:test.koller.ch

MikeMcQ · June 27, 2022, 1:05pm

But what is the problem? Please explain.

And, did you mean to type oc rather than nc? Because I do see a problem with the nc domain in that it redirects to HTTP from HTTPS.

curl -I https://nc.koller.ch
HTTP/1.1 302 Found
Server: Apache/2.4.41 (Ubuntu)
Location: http://nc.koller.ch/index.php/login

Many http headers omitted for readability

Osiris · June 27, 2022, 1:20pm

This site has mixed content (CSS), which is blocked by the browser.

hesh · June 27, 2022, 1:24pm

With http://test.koller.ch the display of the website of the internal server 192.168.1.34 works.

With encryption https://oc.koller.ch the display of the website of the internal server 192.168.1.34 does NOT work correctly.

rg305 · June 27, 2022, 1:26pm

What does that do?
And why are they only used on the HTTP server block?

And just for overall neatness, you can remove the :80 form these:

hesh · June 27, 2022, 1:27pm

I can't relate to that. Wouldn't the log be identical then?
Thanks for the answer.

MikeMcQ · June 27, 2022, 1:27pm

As osiris pointed out you have mixed content. Your website can be connected with HTTPS just fine. That means your certificates are fine. But take a look at this site

Osiris · June 27, 2022, 1:28pm

Please check your log yourself: in one of the two parts there are requests for .css files visible while in the other part there are none. They are blocked by the client, so no, the logs wouldn't be identical.

hesh · June 27, 2022, 1:32pm

Thank you Osiris. I now understand that this is a source of error.

Do you have any idea how I can fix it? And why this error does not occur without encryption (http)?

Osiris · June 27, 2022, 1:33pm

Change http:// in your code to https://. Note that HTML/server side scripting is not the expertise of this Community

Because without HTTPS there is no mixed content possible? Please search the meaning of "mixed content" if you don't know what it is and educate yourself

MikeMcQ · June 27, 2022, 1:40pm

The WhyNoPadlock link I provided earlier describes exactly what changes are needed. Even shows the line numbers.

hesh · June 27, 2022, 1:41pm

@Osiris
Thank you Osiris. You have helped my understanding a lot. In this respect I am now closer to a solution

hesh · June 27, 2022, 1:55pm

Thank you Mike McQ. This website is really a help.

system · July 27, 2022, 1:55pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Apache, Reverse Proxy and SSL Help	6	3989	October 14, 2019
This site can’t provide a secure connection ERR_SSL_PROTOCOL_ERROR Help	7	1587	April 8, 2021
Need help with requesting Certificat for Apache reverse Proxy Help	7	1089	February 22, 2023
Error: Connection refused on HTTPS with Letsencrypt SSL, apache Help	14	3530	December 17, 2020
Err Connection Reset: Accessing my HTTPS Website from Corporate Proxy Server	15	7822	January 13, 2017

Problems with Apache proxy with Let's encrypt

Related topics