How to fix 502 error when using reverse proxy on Fedora

In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the proxy server itself.

Reverse proxy can be useful in many ways. You can hide your application original URL by masking it with proxy. You can easily control who visit your URL with “allow” & “deny” function. You can add HTTPS protocol on top of the application that not supporting it (I’m looking at you Transmission Webui).

Reverse proxy can be archive in Nginx simply by using this line of code inside the server block.

location / {
proxy_pass http://www.example.com;
}

With Apache, you need to activate mod_proxy first before enabling the reverse proxy function.

a2enmod proxy
a2enmod proxy_http

This only cover basic mode only. Add this line of code.

<VirtualHost *:*>
ProxyPreserveHost On

ProxyPass / http://www.example.com
ProxyPassReverse / http://www.example.com

ServerName localhost
</VirtualHost>

By right your reverse proxy should work out of box. But that only with SE-Linux disable. With SE-Linux enable, you tend to get 502 Bad Gateway error when connecting with internal web applications. To fix it we need to verify first if SE-Linux is the culprit.

sudo cat /var/log/audit/audit.log | grep yourapplicationname | grep denied

Run the above command to check if your reverse proxy being denied access to your application. If it’s there and you want to enable access to it, there is 2 way.

1. Told SE-Linux to allow your reverse proxy to that specific application. This can be archive by using this command.

sudo cat /var/log/audit/audit.log | grep yourapplicationname | grep denied | audit2allow -M custompolicy
sudo semodule -i custompolicy.pp

2. Told SE-Linux to enable HTTP access to your application.

sudo setsebool httpd_can_network_connect 1

After choosing either 2 step. Your reverse proxy should be able to use your internal application website.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s