App running in subdirectory but needs 8080 port access, can't figure out reverse proxy

Question

I'm very new to managing a server, so please bear with me.

I have a cloud server from Microsoft Azure (not by choice) running Ubuntu 16.04 and Apache 2.4.18. I have multiple apps (/omeka, /wordpress, etc) running in web subdirectories that I can access just fine via any web browser and don't require any specific port proxies or forwarding. I'm trying to run another app (ArchivesSpace) in another web subdirectory (/archivesspace). The app has multiple interaction points at different ports:

localhost:8089/ – the backend
localhost:8080/ – the staff interface
localhost:8081/ – the public interface
localhost:8090/ – the Solr admin console

I've installed AS successfully. I can tell because when connected to the server via SSH, I can use $ curl localhost:8080 and the output is the HTML of the AS homepage.

My netstat shows:

Proto  Recv-Q  Send-Q  Local Address  Foreign Address  State   PID
tcp6        0       0  :::8080        :::*             LISTEN  1985/java
tcp6        0       0  :::8081        :::*             LISTEN  1985/java
tcp6        0       0  :::8089        :::*             LISTEN  1985/java
tcp6        0       0  :::8090        :::*             LISTEN  1985/java

I can't access any of those ports from a browser. I get always get an ERR_EMPTY_RESPONSE error.

I've tried talking with ArchivesSpace folks about this and their final word was basically "set up Apache as a reverse proxy." So I've tried doing that and have had zero luck. I'm hoping someone here can help. Here's what I have for reverse proxy stuff so far in my 000-default.conf file, just trying to get one of the ports (8080) working.

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
</VirtualHost>

Listen 8080

<VirtualHost *:8080>
    ProxyHTMLStripComments on
    ProxyRequests off
    SetOutputFilter proxy-html
    ProxyHTMLDoctype XHTML
    ProxyPreserveHost On

    ServerName http://server.net/archivesspace

<Location />
    ProxyPass http://server.net:8080
    ProxyPassReverse http://server.net:8080
    Order allow,deny
    Allow from all
</Location>
</VirtualHost>

I've enabled all of these Apache mods: proxy, proxy_ajp, proxy_http, rewrite, deflate, headers, proxy_balancer, proxy_connect, proxy_html

I'm clearly doing something wrong, I just have no idea what. I also am not even entirely sure what the appropriate URLs I need are. I'm assuming that server.net:8081 (or maybe server.net:8081/archivesspace ?) is supposed to take you to the AS public interface. Ideally it would be server.net/archivesspace. Is reverse proxy even the right way to go about this?

The instructions for the apache-2.4 tag say to post the output of apache2ctl -S, so here's that.

[Wed Feb 15 16:34:59.401845 2017] [proxy_html:notice] [pid 3722] AH01425: I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 10.2.0.4. Set the 'ServerName' directive globally to suppress this message
VirtualHost configuration:
*:80                   10.2.0.4 (/etc/apache2/sites-enabled/000-default.conf:1)
*:8080                 server.net/archivesspace (/etc/apache2/sites-enabled/000-default.conf:34)
ServerRoot: "/etc/apache2"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/var/log/apache2/error.log"
Mutex watchdog-callback: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex proxy: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex mpm-accept: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33 not_used
Group: name="www-data" id=33 not_used

Please let me know if there's any additional info I can provide that would help identify my problem. Thanks in advance for any guidance you can offer.

Answer 1

Thanks so much for this, Patrick! That did the trick. I removed everything outside of the VirtualHost *:80 block and added this inside it:

<Location /archivesspace>
    ProxyPass http://localhost:8081
    ProxyPassReverse http://localhost:8081
    Order allow,deny
    Allow from all
</Location>

<Location /archivesspace/admin>
    ProxyPass http://localhost:8080
    ProxyPassReverse http://localhost:8080
    Order allow,deny
    Allow from all
</Location>

Also of note, the order of those two Location blocks is important. If the 8080/admin is listed first, the 8081 port needs to have a subdirectory below /archivesspace (i.e. /archivesspace/home) which wasn't ideal. Putting 8081 first allows just /archivesspace to be accessible.

However, now that I'm able to access the pages via the browser, it looks like all of the CSS and images and such are missing. But that's another issue entirely that I might need to start a new post for if I can't figure it out.

UPDATE: figured out the CSS stuff. In the config/config.rb file, the following needed to be changed:

AppConfig[:frontend_proxy_url] = "http://server.net/archivesspace/admin"
AppConfig[:public_proxy_url] = "http://server.net/archivesspace"

Answer 2

By saying VirtualHost *:8080 you tell Apache to listen on this port, which is not possible since your Java application already listens on it. You need instead, in your VirtualHost *:80 block to add lines such as <Location /ArchivesSpaces/staff> with the ProxyPass/ProxyPassReverse to your server (or localhost) :8080 inside the Location block, and in the same way for the other 3 ports. You are free to choose whatever you want in the Location path.