2

Sometimes I get the following error (in apache's error.log) when viewing my site over https:

(502)Unknown error 502: proxy: pass request body failed to xxx.xxx.xxx.xxx:443

I'm not entirely sure what this is and why it happens, it's also not consistent.

The request route is:

  • Browser
  • Proxy server (apache with mod_proxy + mod_ssl)
  • Load balancer (aws)
  • Web server (apache with mod_ssl)

The configuration on the proxy server is as follows:

<VirtualHost *:443>
    ProxyRequests Off
    ProxyVia On

    ServerName                      www.xxx.co.uk
    ServerAlias                     xxx.co.uk

    <Directory proxy:*>
        Order deny,allow
        Allow from all
    </Directory>

    <Proxy *>
        AddDefaultCharset off
        Order deny,allow
        Allow from all
    </Proxy>

    ProxyPass / balancer://cluster:443/ lbmethod=byrequests
    ProxyPassReverse / balancer://cluster:443/
    ProxyPreserveHost off

    SSLProxyEngine On
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.cert
    SSLCertificateKeyFile /var/www/vhosts/xxx/ssl/www.xxx.co.uk.key

    <Proxy balancer://cluster>
        BalancerMember https://xxx.eu-west-1.elb.amazonaws.com
    </Proxy>

</VirtualHost>

Any idea what the issue might be?

Andrei Serdeliuc
  • 895
  • 4
  • 14
  • 26

1 Answers1

1

In my case, the problem was the backend (stunnel) not accepting the SSL version that Apache was sending. I found in syslog that stunnel was reporting "routines:SSL3_GET_RECORD:wrong version number" and then i found the solution in https://serverfault.com/a/303851/69972

Community
  • 1
alexm
  • 491
  • 1
  • 4
  • 5