651818 – www-servers/apache-2.4.33 breaks reverse proxy with SSL

Bug 651818 - www-servers/apache-2.4.33 breaks reverse proxy with SSL

Summary: www-servers/apache-2.4.33 breaks reverse proxy with SSL

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Lars Wendler (Polynomial-C) (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-28 12:25 UTC by Knut Masanetz
Modified:	2018-07-18 17:52 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
My emerge --info (emerge.info,6.39 KB, text/plain) 2018-03-28 12:25 UTC, Knut Masanetz	Details
apache module.conf for reverse proxy (syncself.conf,431 bytes, text/plain) 2018-03-28 12:26 UTC, Knut Masanetz	Details
apache-2.4.33 ssl_error_log (ssl_error_log,674 bytes, text/plain) 2018-03-28 12:28 UTC, Knut Masanetz	Details
ssl_error_log with debug enabled (ssl_error_log,35.16 KB, text/plain) 2018-03-29 14:09 UTC, Knut Masanetz	Details
ssl_error_log with debug enabled of working apache-2.4.29-r1 (ssl_error_log,311.41 KB, text/plain) 2018-03-29 16:24 UTC, Knut Masanetz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Knut Masanetz 2018-03-28 12:25:31 UTC

Created attachment 525838 [details]
My emerge --info

www-servers/apache-2.4.33 breaks reverse proxy on ssl sites

going back to apache-2.4.29-r1 makes it work again.

emerge -pv apache

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R    ] www-servers/apache-2.4.33:2::gentoo  USE="ldap ssl -debug -doc -libressl (-selinux) -static -suexec -threads" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_core authn_dbm authn_file authz_core authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers imagemap include info log_config logio mime mime_magic negotiation proxy proxy_html proxy_http rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack version vhost_alias xml2enc -access_compat -asis -auth_digest -authn_dbd -authz_dbd -brotli -cache_disk -cache_socache -cern_meta -charset_lite -dbd -dumpio -http2 -ident -lbmethod_bybusyness -lbmethod_byrequests -lbmethod_bytraffic -lbmethod_heartbeat -log_forensic -macro -proxy_ajp -proxy_balancer -proxy_connect -proxy_fcgi -proxy_ftp -proxy_scgi -proxy_wstunnel -ratelimit -remoteip -reqtimeout -slotmem_shm -substitute -watchdog" APACHE2_MPMS="-event -prefork -worker" 0 KiB

Comment 1 Knut Masanetz 2018-03-28 12:26:46 UTC

Created attachment 525840 [details]
apache module.conf for reverse proxy

Apache module conf (slightly anonymized)
working with apache-2.4.29-r1

Comment 2 Knut Masanetz 2018-03-28 12:28:25 UTC

Created attachment 525842 [details]
apache-2.4.33 ssl_error_log

slightly anonymized ssl_error_log, snippet of a proxying request (which works with apache-2.4.29-r1)

Comment 3 Knut Masanetz 2018-03-28 12:31:13 UTC

By the way, I'm getting an "502 Bad Gateway" on the proxy request...

Comment 4 Tomáš Mózes 2018-03-29 07:24:46 UTC

Can you please try to increase the verbosity of the logs if anything else is logged?

Comment 5 Knut Masanetz 2018-03-29 14:09:15 UTC

Created attachment 526054 [details]
ssl_error_log with debug enabled

Deleted ssl_error_log,
started apache,
tried to connect to proxied page,
stopped apache...

Comment 6 Knut Masanetz 2018-03-29 16:24:46 UTC

Created attachment 526108 [details]
ssl_error_log with debug enabled of working apache-2.4.29-r1

Same connection working with old apache-2.4.29-r1

Comment 7 Knut Masanetz 2018-06-23 14:18:00 UTC

Applying the fixes from upstream bug https://bz.apache.org/bugzilla/show_bug.cgi?id=62232 to 2.4.33-r1 works for me...

Comment 8 Knut Masanetz 2018-07-18 17:52:42 UTC

Fixed with www-servers/apache-2.4.34-r1

Thanks.