apache reverse proxy with SSL gives '400 bad request'

Question

I have an Odoo instance running on port 9069 in an Ubuntu server. Right now, apache is listening on port 8069 and is proxypass-ing this to 9069 (which works fine). The working URL is http://example.com:8069

Now, I need to make this work with SSL on the front end URL. (https://example.com:8069). However this is giving me 400 Bad request error when accessed in a browser. The exact error is:

Bad Request: Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please.Apache/2.4.33 (Ubuntu) Server at example.com Port 8069

Also I noticed the URL gets changed to http version too.

The following is the virtualhost conf I've used for the domain.

<IfModule mod_ssl.c>
<VirtualHost *:8069>

  ServerName MySite
  ServerAlias example.com:8069

   SSLEngine on
   #SSLProxyEngine on
   SSLCertificateKeyFile /etc/apache2/sslfolder/mysite.key
   SSLCertificateFile    /etc/apache2/sslfolder/mysite.crt
   SSLCertificateChainFile /etc/apache2/sslfolder/mysite.txt

  ProxyPreserveHost On
  ProxyRequests Off

  ProxyPass /longpolling/ http://localhost:8072/
  ProxyPassReverse /longpolling/ http://localhost:8072/

  ProxyPass / http://localhost:9069/
  ProxyPassReverse / http://localhost:9069/

</VirtualHost>
</IfModule>

Already checked the apache error logs, but there's no useful information there.

Note: There is another virtualhost file for example.com, which is a pretty standard one with 80 and 443 ports configured. (It's just for the website, not odoo). I will post the virtualhost if you think it's relevant.

score 1 · Accepted Answer · answered Jul 09 '18 at 07:37

I actually fixed it using the below modifications.

ServerName MySite

is changed to

ServerName example.com:8069

And

ProxyPass / http://localhost:9069/
ProxyPassReverse / http://localhost:9069/

is changed to

ProxyPass / http://localhost:9069/
ProxyPassReverse / http://example.com:8069/

Matt Muggeridge · Answer 2 · 2018-11-01T19:05:29.260

1

I see this is months old and stumbled on it after a search. In case this is helpful to future searchers...

I do something similar with a reverse-proxy configuration, though I have not had to change the ServerName field and the ProxyPassReverse did not require the port number. So using your configuration, I would have tried:

ProxyPass / http://localhost:9069/
ProxyPassReverse / http://localhost/

edited Nov 01 '18 at 19:05

answered Oct 31 '18 at 21:11

Matt Muggeridge

153
1
3
10

score 1 · Answer 3 · answered Aug 09 '19 at 22:53

1

If it helps someone: In my case only some requests were returning 400 code.

I fixed with:

ProxyPreserveHost On

answered Aug 09 '19 at 22:53

Rafael

11
1

score 0 · Answer 4 · edited Jul 22 '19 at 21:36

You don't want users typing the port 8069 after the url.

use traditional 80/443 approach and let the proxy handle / hide the 8069 port.

Listen 80
##AAdd rewrite rules here to convert http to https
<VirtualHost *:443>

  ServerName MySite
  ServerAlias example.com

   SSLEngine on
   #SSLProxyEngine on
   SSLCertificateKeyFile /etc/apache2/sslfolder/mysite.key
   SSLCertificateFile    /etc/apache2/sslfolder/mysite.crt
   SSLCertificateChainFile /etc/apache2/sslfolder/mysite.txt

  ProxyPreserveHost On
  ProxyRequests Off

 ## if odoo is on local host 
  ProxyPass / http://localhost:8069/
  ProxyPassReverse / http://localhost:8069/
## if odoo is on remote host and you do not want intranet users interception non ssl traffic
  ProxyPass / https://odoo_ip_address:8070
  ProxyPassReverse https://odoo_ip_adress:8070

##odoo http port is 8069 and https port is 8070

</VirtualHost>

apache reverse proxy with SSL gives '400 bad request'

4 Answers4