0

I'm using Apache 2.4.10 on a Debian chroot system on an android system to https enable a legacy Android Java webserver that has no support for SSL. The vast majority of the features function correctly under the proxy, but any request that is uploading or posting a file to the webserver fails randomly a bit over half the time. Repeated presses of the post button with the same data will eventually succeed. The Android system is on armhf architecture.

It sends a 502 to the client when it has this problem. On the Java server, it receives the request, but none of the form parameters are received. When it fails, it posts the following error to the file. Every search for this error comes back with https on the back end rather than just on the front end. 

[Thu Nov 12 21:18:22.497590 2015] [proxy:error] [pid 6243:tid 1963979824] (104)Connection reset by peer: [client ###.###.###.###:52915] AH01084: pass request body failed to [::1]:8080 (::1), referer: 
[Thu Nov 12 21:18:22.497860 2015] [proxy_http:error] [pid 6243:tid 1963979824] [client ###.###.###.###:52915] AH01097: pass request body failed to [::1]:8080 (::1) from ###.###.###.### (), referer:

The relevant bit of the config for apache's ssl is as follows

    <IfModule mod_ssl.c>
    <VirtualHost _default_:443>
    WSGIDaemonProcess testssl.example.com user=www-data group=www-data processes=2 threads=25
    WSGIProcessGroup testssl.example.com
    Alias /static /var/www/static/
    WSGIScriptAlias / /var/lib/django/testweb/apache/django.wsgi
    SSLProxyEngine On
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    ProxyPass /provue/ http://[::1]:8080/ timeout=600 retry=0
    ProxyPassReverse /provue/ http://[::1]:8080/
    ProxyPreserveHost On

I've tried with the keepalive on proxy pass, as well as without it. I've also removed and tried many combinations of the SSL options. Nothing seems to eliminate the problem.

This is all being tested with a standard debian snakeoil ssl certificate.

I haven't seen this particular error occur in this way on the web, so I'm not entirely sure how relevant it would be to others, but it does occur and seems to be difficult to solve.

Using http to the same server, everything works perfectly every time, it only fails using https.

I've setup another server on a Ubuntu 14.04 server, apache 2.4.7, and proxypassed it to the ipv4 address of the :8080 server, and it works perfectly every time via https. This system is running x86-64 rather than armhf.

A debian VM on x86-64 with Apache 2.4.10 can also proxy to the system and run that upload with no errors whatsoever via https. It appears that it may be a problem with the armhf version? Will do more experiments.

ekthomson
  • 101
  • 2
  • `Connection reset by peer` means that the application disconnected from the web server before sending a (complete) response. – Michael Hampton Nov 13 '15 at 05:38
  • On the java webserver side, it's actually apparently losing the connection before the request has been completely received. I've done tests with other computers connecting remotely to the :8080 webserver (using apache 2.4.7 and similar settings but x86 instead of Arm) and it's never had the same problem either. Similarly, if I use http to talk to the apache2.4.10 server rather than https, it doesn't have this problem. – ekthomson Nov 13 '15 at 05:54
  • I ultimately switched to nginx for this and it's working perfectly, still don't know what's wrong, except that it's something about debian's armhf build. – ekthomson Nov 17 '15 at 00:10

0 Answers0