Apache2 Balancer Manager not working after dist-upgrade to focal behind a Proxy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Apache2 Web Server |
Confirmed
|
Medium
|
|||
apache2 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Description: Ubuntu 20.04.2 LTS
Release: 20.04
Codename: focal
Approximately two years ago i creat the following bug report.
https:/
At the end talk to that bug report is a hin "that bug is still opend in
apache 2.4.41" and further on "it should be fixed in 2.4.42". mybe this is
now forgotten to fix in focal and it is a regression bug or the
"(e.g. want to have it broken for better security)." ist happend.
any suggestion is appreciated
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
To Reproduced i create two new Virtual Box VMs on my local Machine
-------------
|Bastian Host |
|Apache Proxy | -----------> LB Apache Balancer Manger
-------------
Debian 10 -> Bastion Host (Proxy) / 192.168.56.90
Ubuntu 18.04 -> LB Manager / 192.168.56.160
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Ubuntu 18.04 with LB Manager
:~# apt-get install apache2
:~# dpkg -l | grep apache2
ii apache2 2.4.29-1ubuntu4.16 amd64 Apache HTTP Server
ii apache2-bin 2.4.29-1ubuntu4.16 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.29-1ubuntu4.16 all Apache HTTP Server (common files)
ii apache2-utils 2.4.29-1ubuntu4.16 amd64 Apache HTTP Server (utility programs for web servers)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:~# vim /etc/apache2/
<VirtualHost 192.168.56.160:81 127.0.0.1:81>
Servername 127.0.0.1
ServerAdmin root@localhost
<Location /balancer-manager>
SetHandler balancer-manager
Require local
#Require ip 192.168.56.0/24 127.0.0.1/24
Require all granted
</Location>
<Location /test-web01/
SetHandler balancer-manager
Require local
#Require ip 192.168.56.0/24 127.0.0.1/24
Require all granted
</Location>
LogLevel warn
ErrorLog ${APACHE_
CustomLog ${APACHE_
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:~# vim /etc/apache2/
<Proxy "balancer://test">
ProxySet lbmethod=bybusyness
</Proxy>
<VirtualHost 127.0.0.1:8100>
ServerAdmin root@localhost
ServerName testapp01
ServerAlias 127.0.0.1:8100
ProxyPass "/test" "balancer://test"
ProxyPassRe
CustomLog ${APACHE_
ErrorLog ${APACHE_
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
:~# a2enmod proxy_balancer proxy_http lbmethod_bybusyness lbmethod_byrequests
:~# a2ensite management proxytest
:~# vim /etc/apache2/
[...]
Listen 81
Listen 8100
:~# systemctl restart apache2
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
At that point i install also some console Browsers for testing.
:~# apt-get install lynx elinks
:~# tail -f /var/log/
:~# elinks http://
:~# lynx http://
LB Manager -> "Edit worker settings for..." is visible and usable, no error log entrys
- - - - - - - - - - - - - - - - - - - - - - - - -
Connect with firefox from outside
http://
LB Manager -> "Edit worker settings for..." is visible and usable, no error log entrys
-------
Create Debian 10 Proxy VM
:~# apt-get install apache2 lynx elinks
:~# dpkg -l | grep apache
ii apache2 2.4.38-3+deb10u5 amd64 Apache HTTP Server
ii apache2-bin 2.4.38-3+deb10u5 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.38-3+deb10u5 all Apache HTTP Server (common files)
ii apache2-utils 2.4.38-3+deb10u5 amd64 Apache HTTP Server (utility programs for web servers)
Check from that VM that LB Manager is usable
:~# elinks 192.168.
:~# elinks 192.168.
check direkt in Firefox
http://
:~# tail -f /var/log/
LB Manager -> "Edit worker settings for..." is visible and usable, no error log entrys
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Create Proxy Config
~# vim /etc/apache2/
[...]
<Location /test-web01>
</Location>
[...]
:~# a2enmod proxy_http substitute
:~# systemctl restart apache2
Check now over proxy config
:~# elinks 192.168.
-> "Edit worker settings for..." is visible and usable, no error log entrys
Browser: Firefox and Chrome
http://
:~# tail -f /var/log/
LB Manager -> "Edit worker settings for..." is visible and usable, no error log entrys
=> Conclusion everything worked for me as expected. LB Manager is usable
through the Proxy Bastion Host.
-------
dist-upgrade from the LB Manager VM 18.04 -> 20.04
:~# do-release-upgrade
:~# shutdown -r now
:~# dpkg -l | grep apache2
ii apache2 2.4.41-4ubuntu3.4 amd64 Apache HTTP Server
ii apache2-bin 2.4.41-4ubuntu3.4 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.41-4ubuntu3.4 all Apache HTTP Server (common files)
ii apache2-utils 2.4.41-4ubuntu3.4 amd64 Apache HTTP Server (utility programs for web servers)
Check from the LB Manager VM directly now 20.04
:~# elinks http://
:~# lynx http://
:~# tail -f /var/log/
[Thu Aug 12 11:07:45.381180 2021] [proxy_
check direct in Firefox
http://
:~# tail -f /var/log/
[Thu Aug 12 11:09:10.362535 2021] [proxy_
every connect makes a single Log entry, but LB Manager directly is usable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Check over Proxy on Debian 10 VM
:~# elinks http://
[Thu Aug 12 11:11:41.379048 2021] [proxy_
LB Manager ist not usable
The "Edit worker settings for..." is not visible
- - - - - - - - - - - - - - - - - - - - - - - - -
Browser: Firefox and Chrome
http://
[Thu Aug 12 11:12:48.035479 2021] [proxy_
[Thu Aug 12 11:12:50.842842 2021] [proxy_
[Thu Aug 12 11:12:51.653153 2021] [proxy_
[Thu Aug 12 11:12:53.183729 2021] [proxy_
[Thu Aug 12 11:12:53.639131 2021] [proxy_
First connect and every singel klick create an error entry.
LB Manager is not usable
The "Edit worker settings for..." is not visible
=> Conclusion after Update to focal i can't use the LB Manager behind
that Proxy Bastion Host. Unfortunately for me there is no other
way to jump in the Production environment.
As i say any suggestion is appreciated is this now a bug (regression) or
is it now a security feature. That will be for me a realy bad news.
Regard Horst
Changed in apache2: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Changed in apache2 (Ubuntu): | |
status: | Incomplete → Invalid |
mybe i thought with a newer apache the problem is solved but with no luck.
LB Manager VM dist-upgrade 21.04 / hirsute
:~# vim /etc/update- manager/ release- upgrades
[...]
#Prompt=lts
Prompt=normal
:~# do-release-upgrade
:~# shutdown -r now
:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 21.04
Release: 21.04
Codename: hirsute
:~# dpkg -l | grep apache2
ii apache2 2.4.46-4ubuntu1.1 amd64 Apache HTTP Server
ii apache2-bin 2.4.46-4ubuntu1.1 amd64 Apache HTTP Server (modules and other binary files)
ii apache2-data 2.4.46-4ubuntu1.1 all Apache HTTP Server (common files)
ii apache2-utils 2.4.46-4ubuntu1.1 amd64 Apache HTTP Server (utility programs for web servers)
Browser: Firefox and Chrome
http:// 192.168. 56.90/test- web01/balancer- manager
:~# tail -f /var/log/ apache2/ management_ error.log balancer: error] [pid 717:tid 140627126277696] [client 192.168. 56.90:44938] AH10187: ignoring params in balancer-manager cross-site access balancer: error] [pid 717:tid 140627117884992] [client 192.168. 56.90:44938] AH10187: ignoring params in balancer-manager cross-site access, referer: http:// 192.168. 56.90/test- web01/balancer- manager balancer: error] [pid 717:tid 140627109492288] [client 192.168. 56.90:44938] AH10187: ignoring params in balancer-manager cross-site access, referer: http:// 192.168. 56.90/test- web01/balancer- manager? b=test& w=http: //192.168. 168.130/ test&nonce= 936feca7- 14cd-c118- d222-c6b172c972 9e
[Fri Aug 13 16:56:31.818801 2021] [proxy_
[Fri Aug 13 16:56:34.088176 2021] [proxy_
[Fri Aug 13 16:56:34.663154 2021] [proxy_