Apache reverse proxy to localhost doesn't work

Question

I want to use the open source ELK stack. Kibana has no security at all in the free version. My Idea is, that I put Kibana behind an Apache reverse proxy using Apache's basic authentication, but somehow the reverse proxy doesn't work.

I have the only one site enabled, with the following content:

<VirtualHost *:80>
    ServerName          kibana2.softxs.ch
    ProxyPreserveHost   On
    ProxyRequests       Off
    ProxyPass           / http://127.0.0.1:5601/ retry=0
    ProxyPassReverse    / http://127.0.0.1/
</VirtualHost>

Kibana is listening on port 5601:

$ netstat -lnp | grep 5601
tcp        0      0 127.0.0.1:5601          0.0.0.0:*               LISTEN      16465/node

Apache is listening on port 80:

netstat -lnp | grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      21721/apache2

However if I'm using http://kibana2.softxs.ch, I get the Apache2 Ubuntu Default Page. I don't understand it, because there is no other file in site_enabled. There is no error message in apache log.

apachectl -S says:

VirtualHost configuration:                                                                          
ServerRoot: "/etc/apache2"                                                                          
Main DocumentRoot: "/var/www/html"                                                                  
Main ErrorLog: "/var/log/apache2/error.log"                                                         
Mutex ssl-stapling: using_defaults                                                                  
Mutex proxy: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/var/lock/apache2" mechanism=fcntl 
Mutex watchdog-callback: using_defaults
Mutex ssl-stapling-refresh: using_defaults
PidFile: "/var/run/apache2/apache2.pid"
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="www-data" id=33
Group: name="www-data" id=33

"/var/www/html" could come only from apache compile time. It is not defined anywhere, better said only in non-enabled virtual host:

/etc/apache2# grep -r '/var/www/html'
sites-available/000-default.conf:       DocumentRoot /var/www/html
sites-available/default-ssl.conf:               DocumentRoot /var/www/html

I see only simple entries in other_vhosts_access.log even if LogLevel debug proxy:trace5 is added to the VirtualHost config:

zg-3.softxs.ch:80 188.143.71.45 - - [03/May/2019:17:26:31 +0200] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"
zg-3.softxs.ch:80 188.143.71.45 - - [03/May/2019:17:26:31 +0200] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://kibana2.softxs.ch/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36"

Try to add `LogLevel debug proxy:trace5` into VirtualHost and see what is written to logs when you open a page. If issue is not clear from log, please post it here. This will help to debug. — Vladimir, Apr 30 '19 at 18:38
BTW, X-Pack was [opensourced](https://www.elastic.co/products/x-pack/open) in elasticseach version 6.3. So you might consider using native features of kibana now. — Vladimir, Apr 30 '19 at 18:54
@Vladimir I added the log output above to the question, nothing special. — Tibor Nagy, May 03 '19 at 15:32

score 2 · Accepted Answer · answered May 03 '19 at 15:47

2

The problem was quite trivial. In /etc/apache2/apache2.conf the following lines includes the virtual host configuration:

IncludeOptional sites-enabled/*.conf

But my virtual host config hasn't .conf extension. I added it and it works perfectly.

answered May 03 '19 at 15:47

Tibor Nagy

197
1
11

Apache reverse proxy to localhost doesn't work

1 Answers1