Sep 13 2015
Apache Reverse Proxy 503 Permission Denied
Apache configured as a reverse proxy forwards requests to a web backend. But your browser throws an enigmatic 503 error: “Service temporarily unavailable”.
The first thing I do is looking at the http logs in /var/log/httpd/ssl_error_log, where I am getting some permission issue:
(13)Permission denied: proxy: HTTP: attempt to connect to 192.168.1.250:8080 (*) failed
You may also get this error in the logs:
AH01114: HTTP: failed to make connection to backend
If SELinux i enabled on your system, it is most likely the root cause of your problem. SELinux denies Apache from initiating connections to the outside. You can check temporarily by turning off SELinux in /etc/selinux/config. A reboot is required.
If confirmed, turn it back on to keep a higher security level, and add this rule exception:
$ sudo setsebool -P httpd_can_network_connect 1
This variable allows HTTPD processes and modules to connect to the network. There are other boolean variables adding restrictions to HTTPD. To get a list of them, run getsebool -a | grep httpd.
You will find some interesting variables in that list such as:
– httpd_can_network_connect_db (default off)
– httpd_enable_ftp_server (default off)
– httpd_enable_cgi (default on)
etc…
The -P switch makes the change persistant across reboots. You may need to restart Apache:
$ sudo systemctl restart httpdThis error is known and documented on the Apache website.