Httpd returning 503 Service Unavailable with mod_proxy for Tomcat 8

Question

I'm trying to integrate Tomcat with Apache. My aim is to redirect all the requests with http://localhost/myapp to http://localhost:8080

I followed this guide: http://tomcat.apache.org/tomcat-8.0-doc/proxy-howto.html

My httpd.conf looks like this:

Include conf.modules.d/*.conf
LoadModule proxy_module  modules/mod_proxy.so

ProxyPass         /myapp  http://localhost:8080 retry=0 timeout=5
ProxyPassReverse  /myapp  http://localhost:8080

My server.xml in apache-tomcat looks like this:

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" proxyPort="80" />

Now when I try the url http://localhost/myapp, it gives 503 Service Unavailable error.

Both Tomcat and Apache are up and running. The URL http://localhost:8080 works fine.

Can there be an issue with file permissions?

For tomcat the user and group are root/root and for httpd, the user and group are apache/apache

Am I missing something or am I doing it wrong?

Httpd version is 2.4.6 and Tomcat's version is 8.0

The httpd error logs:

[proxy:error] [pid 19905] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:8080 (localhost) failed

[proxy:error] [pid 19905] AH00959: ap_proxy_connect_backend disabling worker for (localhost) for 0s

[proxy_http:error] [pid 19905] [client ::1:51615] AH01114: HTTP: failed to make connection to backend: localhost

Solved!

The answer is here: http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/

Answer 1

(Answered by the OP in a question edit. Converted to a community wiki answer. See Question with no answers, but issue solved in the comments (or extended in chat) )

The OP wrote:

The answer is here: http://sysadminsjourney.com/content/2010/02/01/apache-modproxy-error-13permission-denied-error-rhel/

Which is a link to a blog that explains:

SELinux on RHEL/CentOS by default ships so that httpd processes cannot initiate outbound connections, which is just what mod_proxy attempts to do.

If this is the problem, it can be solved by running:

 /usr/sbin/setsebool -P httpd_can_network_connect 1

And for a more definitive source of information, see https://wiki.apache.org/httpd/13PermissionDenied

Answer 2

Resolve issue Immediate, It's related to internal security

We, SnippetBucket.com working for enterprise linux RedHat, found httpd server don't allow proxy to run, neither localhost or 127.0.0.1, nor any other external domain.

As investigate in server log found

[error] (13)Permission denied: proxy: AJP: attempt to connect to
   10.x.x.x:8069 (virtualhost.virtualdomain.com) failed

Audit log found similar port issue

type=AVC msg=audit(1265039669.305:14): avc:  denied  { name_connect } for  pid=4343 comm="httpd" dest=8069 
scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

Due to internal default security of linux, this cause, now to fix (temporary)

 /usr/sbin/setsebool httpd_can_network_connect 1

Resolve Permanent Issue

/usr/sbin/setsebool -P httpd_can_network_connect 1