DA in local VM; Apache reverse proxy to different system refused

ixoniq

New member
Joined
Jan 28, 2023
Messages
2
Hi there,

Recently I tried Virtualmin, which has the option to point a host to a proxy with one line, and it then works. I however dislike basically every other part of the platform so I bought DA yesterday. I wanted to setup a reverse proxy to another service in another VM.

My current setup is, I host my personal projects at home, in a VM within Proxmox, which is a clean Ubuntu Server install with DA on top of it. Then I host another VM mainly used for docker projects, which exposes a specific port.

Let say my DA VM is 192.168.1.100, and the Docker VM is 192.168.1.200, I want to do a reverse proxy on a subdomain, to 192.168.1.200:8000, and within DA I use the following CUSTOM4 modification on the HTTPD config for my test.mydomain.com subdomain (for example):

Code:
|*if SUB="test"|
ProxyPreserveHost On
ProxyRequests off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass /api/websocket ws://192.168.1.200:8000/api/websocket
ProxyPassReverse /api/websocket ws://192.168.1.200:8000/api/websocket
ProxyPass / http://192.168.1.200:8000/
ProxyPassReverse / http://192.168.1.200:8000/
|*endif|

Something like this works on any reverse proxy I did before, but now I get the following error in the Apache log:

Code:
[Sat Jan 28 13:52:24.569506 2023] [proxy:error] [pid 493482:tid 139758515127872] (111)Connection refused: AH00957: http: attempt to connect to 192.168.1.200:8000 (192.168.1.200:8000) failed
[Sat Jan 28 13:52:24.569553 2023] [proxy_http:error] [pid 493482:tid 139758515127872] [remote 217.xxx.xxx.xxx:0] AH01114: HTTP: failed to make connection to backend: 192.168.1.200

What I find strange, the error shows my remote IP (217.xxx.xxx.xxx, which is masked), almost like it tries to escape outside, and then dive in to a LAN IP which isn't available from outside (therefor the reverse proxy).

In DA there are also 2 IP-adresses known, one is the local 192 address, and the other the external 217 address. It could be an issue there, but I don't understand what to do, since in the other platforms I tried, it worked directly, never seen this error before.
 
Years of experience with DA, and not thinking about that and tinkering for 2 days. I feel dumb right now. Never thought about outgoing ports, only incoming ports and IP’s. With temporary disable CSF for testing it works.

Thanks for pointing it me in the right direction!
 
Back
Top