Search code examples
asp.net-coreapache2ubuntu-server

Reverse proxy does not work with https on ubuntu 20 using apache2

I have a very simple Asp.net Core app that I published to my linux server. The app works perfectly and I used curl http://1270.0.0.1:5000 and curl https://1270.0.0.1:5001 to verify that.

I followed the instructions here: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-5.0

servername is my domain

I can interact with my app from http://servername but I didn't get https to work!

https://servername returns 404

Here is my configuration (most of it is from microsoft link and the rest from some answers on stackoverflow):

<VirtualHost *:*>
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
</VirtualHost>

<VirtualHost *:80>
    ServerName servername.com
    ServerAlias *.servername.com
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:5000/
    ProxyPassReverse / http://127.0.0.1:5000/
</VirtualHost>

<VirtualHost *:443>
    ProxyPreserveHost On
    ProxyPass / https://127.0.0.1:5001/
    ProxyPassReverse / https://127.0.0.1:5001/
    ServerName servername.com
    ServerAlias *.servername.com
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerExpire off
    SSLEngine             on
    SSLProtocol           all -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder   off
    SSLCompression        off
    SSLSessionTickets     on
    SSLUseStapling        off
    SSLCertificateFile    /path/to/my/cert/file
    SSLCertificateKeyFile /path/to/ny/private/key/file
    SSLCipherSuite        ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
</VirtualHost>
Solution

  • After 2 long days, I solved it by disabling the default config for apache.

    Appartentlly I had 2 virtual hosts for 443. The one I created and apache craeted a file default-ssl.conf

    All I did was

    1. Disabled the default config a2dissite default-ssl
    2. Changed ProxyPreserveHost from ON to OFF
    3. Added SSLProxyCheckPeerName OFF
    4. And restarted apache systemctl restart apache2

    Before you follow these steps, verify that you have the same problem by listing all files in /etc/apache2/sites-enabled. If you have more than one config to the same host and port, then you've the same problem.