Search code examples
apachejiraiptablesmod-proxyconfluence

Can wget site, but not access externally

I am trying to set up Atlassian Confluence and JIRA on one host using Apache 2 as a reverse proxy.

When I do 

wget http://localhost:8080
--2014-07-11 17:40:41--  http://localhost:8080/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://localhost:8080/secure/MyJiraHome.jspa [following]
--2014-07-11 17:40:41--  http://localhost:8080/secure/MyJiraHome.jspa
Reusing existing connection to localhost:8080.
HTTP request sent, awaiting response... 302 Found
Location: http://localhost:8080/secure/Dashboard.jspa [following]
--2014-07-11 17:40:41--  http://localhost:8080/secure/Dashboard.jspa
Reusing existing connection to localhost:8080.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: âindex.html.7â

The same goes for :8090 - it gets the page, and downloads it. Also, wget works normal from external servers as well.

However, when trying to access them via the browser, only :8090 is accessible when using the IP, and neither one of them is accessible via the domain name.

Here's the relevant section of my apache2.conf:

ServerName conf.site.com
<VirtualHost *:80>
ServerName conf.site.com
ServerAlias conf

ProxyPreserveHost On
ProxyRequests Off

ProxyPass / `http://127.0.0.1:8090/`
ProxyPassReverse / `http://127.0.0.1:8090/`

Order allow,deny Allow from all

ServerName jira.site.com ServerAlias jira

ProxyPreserveHost On ProxyRequests Off ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/

Order allow,deny Allow from all

Here's my iptables (ufw is disabled)

iptables -L -v -n
Chain INPUT (policy ACCEPT 12963 packets, 1222K bytes)
pkts bytes target     prot opt in     out     source               destination
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0             tcp dpt:8090
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
33  3723 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
10   716 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
38  3375 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
28  1969 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
8804  734K fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
33 11768 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0             udp dpt:68

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 13032 packets, 1227K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain fail2ban-ssh (1 references)
pkts bytes target     prot opt in     out     source               destination
8779  732K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Also, netstat -tulp shows that 80, 8080, and 8090 are listening:

tcp6       0      0 [::]:http               [::]:*                  LISTEN      18312/apache2
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      4868/java
tcp6       0      0 [::]:8090               [::]:*                  LISTEN      3578/java

This seems very strange to me, so any advise would be much appreciated.

Solution

  • Solved this a while back, but forgot to post. The issue was that the HTTP Proxy apache2 module was not on for some reason.

    a2enmod proxy_http

    did the trick.