Menu
We have an application deployed on tomcat. To access application we are using apache which sends requests to tomcat. At random browser gives following response.
Proxy Error The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /sampleapp/<http://samplehost.com:8080/sampleapp/>. Reason: Error reading from remote server ________________________________ Apache/2.2.21 (Unix) Server at samplehost.com Port 8080 This error is not coming always and so far we are getting this in a client machine with IE only. On the same client machine with Firefox it works well.
Following is the error trace from Apache logs for a failed request
[Thu Mar 22 02:51:08 2012] [error] [client 10.36.64.137] (20014)Internal error: proxy: error reading status line from remote server localhost:8081, referer: http://samplehost.com:8080/sampleapp/opp/showSearchHome.htm [Thu Mar 22 02:51:08 2012] [error] [client 10.36.64.137] proxy: Error reading from remote server returned by /sampleapp/opp/searchResult.htm, referer: http://samplehost.com:8080/sampleapp/opp/showSearchHome.htm Nothing is getting printed on tomcat logs when a request is failing.
Following is the information related installed version of apache
-bash-3.00$ ./httpd -v Server version: Apache/2.2.21 (Unix) Server built: Sep 21 2011 20:00:58 When trying to find out modules loaded I get following error
-bash-3.00$ /usr/local/apache2/bin/apachectl -t -D DUMP_MODULES httpd: Syntax error on line 64 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_authnz_ldap.so into server: ld.so.1: httpd: fatal: libldap-2.4.so.2: open failed: No such file or directory 
355
The HTTP 502 - bad gateway error occurs when either: The timeout of the proxy was reached prior to the request completion. If the connection proxy > server drops. When the response from the server is invalid.
This is not mentioned in you post but I suspect you are initiating an SSL connection from the browser to Apache, where VirtualHosts are configured, and Apache does a revese proxy to your Tomcat.
There is a serious bug in (some versions ?) of IE that sends the 'wrong' host information in an SSL connection (see EDIT below) and confuses the Apache VirtualHosts. In short the server name presented is the one of the reverse DNS resolution of the IP, not the one in the URL.
The workaround is to have one IP address per SSL virtual hosts/server name. Is short, you must end up with something like
1 server name == 1 IP address == 1 certificate == 1 Apache Virtual Host
EDIT
Though the conclusion is correct, the identification of the problem is better described here http://en.wikipedia.org/wiki/Server_Name_Indication
145
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
