Gitea Reverse Proxy with Apache vis ISPConfig CP

Install/Maintain/Configure

dragonsway October 5, 2021, 4:58pm 1

I am on Debian 10 LAMP w. ISPConfig and I am trying to set up an apache reverse proxy.

Within ISPC I created a separate website at [git].example.com
“git” has a DNS A record with example.com DNS records

I also have a complete set of [git].example.com dns records.

I set up the website under ISPC domains interface and under the options interface I use this apache directive for the reverse (along with checking the ISPC box to enable proxies for sites):

 ProxyPreserveHost On
    ProxyRequests off
    AllowEncodedSlashes NoDecode
    SSLProxyEngine on
    ProxyPass / [post limitation replacement]127.0.0.1:3000/ nocanon
    ProxyPassReverse / [post limitation replacement]127.0.0.1:3000/

Unfortunately, I only get a 503 error

The apache log has:

[proxy:debug] [pid 29555] proxy_util.c(2316): AH00942: HTTP: has acquired connection for (127.0.0.1)
 [proxy:debug] [pid 29555] proxy_util.c(2369): [client 192.168.0.10:56412] AH00944: connecting [post limitation replacement]127.0.0.1:3000/error/503.html to 127.0.0.1:3000
 [proxy:debug] [pid 29555] proxy_util.c(2578): [client 192.168.0.10:56412] AH00947: connected /error/503.html to 127.0.0.1:3000
 [proxy:error] [pid 29555] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
 [proxy_http:error] [pid 29555] [client 192.168.0.10:56412] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[proxy:debug] [pid 29555] proxy_util.c(2331): AH00943: HTTP: has released connection for (127.0.0.1)

and this is my vhost

# cat 100-git.example.com.vhost 

<Directory /var/www/git.example.com>
		AllowOverride None
				Require all denied
		</Directory>

<VirtualHost *:80>


					DocumentRoot /var/www/clients/client1/web15/web
			
		ServerName git.example.[com]
		ServerAdmin webmaster@git.example.com


		ErrorLog /var/log/ispconfig/httpd/git.example.com/error.log

		Alias /error/ "/var/www/git.example.com/web/error/"
		ErrorDocument 400 /error/400.html
		ErrorDocument 401 /error/401.html
		ErrorDocument 403 /error/403.html
		ErrorDocument 404 /error/404.html
		ErrorDocument 405 /error/405.html
		ErrorDocument 500 /error/500.html
		ErrorDocument 502 /error/502.html
		ErrorDocument 503 /error/503.html


		<Directory /var/www/git.example.com/web>
				# Clear PHP settings of this website
				<FilesMatch ".+\.ph(p[345]?|t|tml)$">
						SetHandler None
				</FilesMatch>
				Options +SymlinksIfOwnerMatch
				AllowOverride All
								Require all granted
						</Directory>
		<Directory /var/www/clients/client1/web15/web>
				# Clear PHP settings of this website
				<FilesMatch ".+\.ph(p[345]?|t|tml)$">
						SetHandler None
				</FilesMatch>
				Options +SymlinksIfOwnerMatch
				AllowOverride All
								Require all granted
						</Directory>




		# suexec enabled
		<IfModule mod_suexec.c>
			SuexecUserGroup web15 client1
		</IfModule>
		<IfModule mod_fastcgi.c>
				<Directory /var/www/clients/client1/web15/cgi-bin>
										Require all granted
								    </Directory>
				<Directory /var/www/git.example.com/web>
					<FilesMatch "\.php[345]?$">
						<If "-f '%{REQUEST_FILENAME}'">
							SetHandler php-fcgi
						</If>
					</FilesMatch>
				</Directory>
				<Directory /var/www/clients/client1/web15/web>
					<FilesMatch "\.php[345]?$">
						<If "-f '%{REQUEST_FILENAME}'">
							SetHandler php-fcgi
						</If>
					</FilesMatch>
				</Directory>
                Action php-fcgi /php-fcgi virtual
				Alias /php-fcgi /var/www/clients/client1/web15/cgi-bin/php-fcgi-*-80-git.example.com
                FastCgiExternalServer /var/www/clients/client1/web15/cgi-bin/php-fcgi-*-80-git.example.com -idle-timeout 300 -socket /var/lib/php7.3-fpm/web15.sock -pass-header Authorization  -pass-header Content-Type
		</IfModule>
		<IfModule mod_proxy_fcgi.c>
			#ProxyPassMatch ^/(.*\.php[345]?(/.*)?)$ unix:///var/lib/php7.3-fpm/web15.sock|fcgi://localhost//var/www/clients/client1/web15/web/$1
			<Directory /var/www/clients/client1/web15/web>
				<FilesMatch "\.php[345]?$">
					<If "-f '%{REQUEST_FILENAME}'">
						SetHandler "proxy:unix:/var/lib/php7.3-fpm/web15.sock|fcgi://localhost"
					</If>
				</FilesMatch>
			</Directory>
			</IfModule>



		# add support for apache mpm_itk
		<IfModule mpm_itk_module>
			AssignUserId web15 client1
		</IfModule>

		<IfModule mod_dav_fs.c>
		# Do not execute PHP files in webdav directory
			<Directory /var/www/clients/client1/web15/webdav>
				<ifModule mod_security2.c>
					SecRuleRemoveById 960015
					SecRuleRemoveById 960032
				</ifModule>
				<FilesMatch "\.ph(p3?|tml)$">
					SetHandler None
				</FilesMatch>
			</Directory>
			DavLockDB /var/www/clients/client1/web15/tmp/DavLock
			# DO NOT REMOVE THE COMMENTS!
			# IF YOU REMOVE THEM, WEBDAV WILL NOT WORK ANYMORE!
      # WEBDAV BEGIN
			# WEBDAV END
		</IfModule>

			 ProxyPreserveHost On
    ProxyRequests off
    AllowEncodedSlashes NoDecode
    SSLProxyEngine on
    ProxyPass / [post limitation replacement]127.0.0.1:3000/ nocanon
    ProxyPassReverse / [post limitation replacement]127.0.0.1:3000/
	

</VirtualHost>

Might someone lend a hand? thx