Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: 502 Error after upgrading from 2.4.12 to 2.4.51 |
|
| Author |
|
doganomer
Joined: 16 Mar 2022
Posts: 1
Location: Turkey Ankara
|
 Posted: Wed 16 Mar '22 11:25 Post subject: 502 Error after upgrading from 2.4.12 to 2.4.51 |
 |
|
I have 2.4.12 version configured as reverse-proxy. It gets requests from IIS application and transfers to XMPP chat servers. There are 2 http (4503 and 7070) and 2 https (7443 and 5280) configurations, as shown in the following configuration files. All works fine with 2.4.12 version.
Silverlight client-->IIS WCF Service --> Apache --> XMPP Server
https://apaste.info/jVSG
https://apaste.info/KheH
When I upgrade to 2.4.51 (I also tried using 2.4.41, 2.4.52 and 2.4.53), both http ones (4503 and 7070) and https with 7443 works fine. However, I get 502 Bad Gateway error with 5280. In the logs, no error is shown. Log files show exactly the same steps with the same results for 7443 and 5280. The only error I could find is in the logs of XMPP server, saying that the connection is closed unexpectedly.
One thing to note is that, this works fine when I send request from Silverlight client to Apache Server (without IIS)
Silverlight client--> Apache --> XMPP Server (works fine)
I hope you can help me find the right configuration.
Thanks |
|
| Back to top |
|
tangent
Moderator
Joined: 16 Aug 2020
Posts: 312
Location: UK
|
| Posted: Fri 18 Mar '22 16:39 Post subject: |
|
|
Your two secure virtual host configurations appear to be equivalent, so I would suspect the 502 connection issue is down to a change in SSL functionality between your 2.4.12 Apache and that with OpenSSL in the later Apache versions.
I'd review and revise the SSLCipherSuite directive (and define SSLProxyCipherSuite), to match recent best practice, e.g. start with:
| Code: | SSLProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
SSLCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL
SSLHonorCipherOrder on |
and assuming your XMPP server supports TLSv1.2
| Code: | SSLProxyProtocol all -TLSv1.1 -TLSv1 -SSLv2 -SSLv3
SSLProxyCipherSuite ALL:+HIGH:!ADH:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL |
I'd also specify a separate log file for the 5280 port server, and then turn up SSL debug to see what that reveals.
| Code: | | LogLevel info ssl:debug |
|
|
| Back to top |
|
|
|
|
|
|
