2

As mentioned I am receiving the following error message in my apache logs.

[Sat Jun 22 12:57:53.746190 2019] [proxy:error] [pid 10299:tid 140435221571328] (111)Connection refused: AH00957: HTTPS: attempt to connect to 127.0.0.1:5001 (127.0.0.1) failed
[Sat Jun 22 12:57:53.746228 2019] [proxy:error] [pid 10299:tid 140435221571328] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 60s
[Sat Jun 22 12:57:53.746233 2019] [proxy_http:error] [pid 10299:tid 140435221571328] [client myip:65168] AH01114: HTTP: failed to make connection to backend: 127.0.0.1

When deploying with code-pipline I see no error messages.

I have tried all of the following;

  • Restarting and rebuilding my application.
  • Adjusting the launchSettings.json file in my ASP project.
  • Adjusting the ports and enabling / disabling HTTPS redirect in my Program class.
  • Adjusting my vhsosts file in apache.

Here are some important files for you to browse;

launchSettings.json

{
  "iisSettings": {
    "windowsAuthentication": false,
    "anonymousAuthentication": true,
    "iisExpress": {
      "applicationUrl": "https://localhost:44335",
      "sslPort": 44335
    }
  },
  "profiles": {
    "IIS Express": {
      "commandName": "IISExpress",
      "launchBrowser": true,
      "environmentVariables": {
        "ASPNETCORE_My_Environment": "1",
        "ASPNETCORE_DETAILEDERRORS": "1",
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    },
    "ProjectName": {
      "commandName": "Project",
      "launchBrowser": true,
      "applicationUrl": "https://localhost:5001;http://localhost:5000",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Production"
      }
    }
  }
}

/etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyPass "/" "http://127.0.0.1:5000/"
    ProxyPassReverse "/" "http://127.0.0.1:5000/"
</VirtualHost>

/etc/apache2/sites-enabled/000-default-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    SSLEngine on
    SSLProxyEngine on

    ProxyPreserveHost On
    ProxyPass "/" "https://127.0.0.1:5001/"
    ProxyPassReverse "/" "https://127.0.0.1:5001/"
    ServerName mydomain.com
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>

Startup.cs

        public void ConfigureServices(IServiceCollection services)
        {
            var logger = _loggerFactory.CreateLogger<Startup>();


            logger.LogInformation($"Environment: {_env.EnvironmentName}");

            // Development service configuration
            if (_env.IsDevelopment())
            {
                logger.LogInformation("Development environment");

                services.Configure<ForwardedHeadersOptions>(options =>
                {
                    options.KnownProxies.Add(IPAddress.Parse("127.0.0.1"));
                });

                services.AddHttpsRedirection(options =>
                {
                    options.RedirectStatusCode = StatusCodes.Status307TemporaryRedirect;
                    options.HttpsPort = 44335;
                });
            }

            // Live Service Config
            if (!_env.IsDevelopment())
            {
                services.AddHttpsRedirection(options =>
                {
                    options.RedirectStatusCode = StatusCodes.Status308PermanentRedirect;
                    options.HttpsPort = 5001;
                });

                services.Configure<ForwardedHeadersOptions>(options =>
                {
                    options.KnownProxies.Add(IPAddress.Parse("127.0.0.1"));
                });

                services.AddHsts(options =>
                {
                    options.Preload = true;
                    options.IncludeSubDomains = true;
                    options.MaxAge = TimeSpan.FromDays(60);
                });

            }

            //lines removed for berevity.
}
        public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
            // Dev Envoronments
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
                app.UseHttpsRedirection();
            }

            if (env.IsProduction())
            {
                app.UseExceptionHandler("/Home/Error");
                app.UseHsts();

                app.UseForwardedHeaders(new ForwardedHeadersOptions
                {
                    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
                });
            }


            app.UseHttpsRedirection();
            //lines removed for berevity.
}

If you need any more information please let me know.

EDIT: Server: EC2 Ubuntu (Build via Code Star), Web service: Apache, Project Code: asp.net core 2.1, SSL Certificates: LetsEncrypt, Proxy: Not 100% sure.

Connor Willoughby
  • 86
  • 1
  • 1
  • 10
  • If it cannot connect to itself (127.0.0.1) on port 5001, it could just be that port 5001 is not listening to requests? Is there an application associated to port 5001? Is it running? Also did you configure your OS to allow connections to 5001? – Nic3500 Jun 23 '19 at 03:44
  • So, i have opened the ports.conf, the application is set listen to 5000 then https redirect to 5001. When you say os, im not surewhat you mean? The EC2 security group allows 80 and 443 traffic, when navigating to the domain this works fine, the ssl also works however i hit the 503 error message and also see the above mentioned error messages. – Connor Willoughby Jun 23 '19 at 12:47
  • OS, operating system. If your security group allows 80 and 443, shouldn't is also allow 5000 and 5001? I am not a EC2 expert, I do not know if the security group applies to connections to itself or not... – Nic3500 Jun 24 '19 at 01:36

1 Answers1

3

Try the following code that enables HTTPD scripts and modules to connect to the network.

/usr/sbin/setsebool -P httpd_can_network_connect 1
Can PERK
  • 590
  • 8
  • 24