Http to https: Error 503

Moderator: crythias

Post Reply
FSF
Znuny newbie
Posts: 31
Joined: 08 Dec 2022, 12:13
Znuny Version: 6.0.37
Real Name: Frederic

Http to https: Error 503

Post by FSF »

Hello

I use znuny 6.3 and I have been using otrs for a long time in http version with a local .lan address.

I followed the official tutorial and went to modify the configuration of znuny as shown in the screenshot

Image

I went to configure my reverse proxy (which works perfectly with a gitlab and a nextcloud behind)

here is the apache configuration file dedicated to znuny

Code: Select all

<VirtualHost *:80>
        ServerName otrs.domain.lan
        ServerAlias otrs.domain.com
        RedirectMatch ^/$ http://otrs.domain.lan/otrs/index.pl?
        RewriteEngine On
        RewriteCond %{HTTP:X-Forwarded-Proto} !https
        RewriteRule / https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
        ProxyPass / https://172.16.xxx.xxx
        ProxyPassReverse / https://172.16.xxx.xxx

</VirtualHost>

<VirtualHost *:443>
        ServerName otrs.domain.lan
        ServerAlias otrs.domain.com
        SSLCertificateFile /etc/letsencrypt/live/otrs.domain.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/otrs.domain.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        ErrorLog /var/log/apache2/otrs-error.log
        CustomLog /var/log/apache2/otrs-access.log combined
        SSLProxyEngine On
        SSLProxyVerify none
        SSLProtocol -all +TLSv1.2 +TLSv1.3
        # Suite de chiffrements TLSv1.2
        SSLCipherSuite SSL ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        # Suite de chiffrements TLSv1.3
        SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

        SSLHonorCipherOrder     on
        SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        <IfModule security2_module>
        SecRuleEngine Off
        </IfModule>

        <Proxy *>
                order deny,allow
                Allow from all
        </Proxy>

        ProxyRequests     Off
        ProxyPreserveHost On
        ProxyPass         / https://172.16.xxx.xxx:443/ keepalive=On retry=5
        ProxyPassReverse  / https://172.16.xxx.xxx:443/

</VirtualHost>
the problem is that the url https://otrs.domain.com/otrs/index.pl? answers:

Service Unavailable (503)
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

So I have an apache2 server and, it seems to me, modified the configuration of znuny as it should but it does not work.

Can you help me to solve my problem?

Thank you in advance
Top
FSF
Znuny newbie
Posts: 31
Joined: 08 Dec 2022, 12:13
Znuny Version: 6.0.37
Real Name: Frederic

Re: Http to https: Error 503

Post by FSF »

after several days of hard work, I finally have the configuration that works for an apache reverseproxy.

so here it is for those who want it:

First of all you must not touch HttpType, you must stay in http.

Code: Select all

<VirtualHost *:80>
        ServerName otrs.domain.lan
        ServerAlias otrs.domain.com
        RedirectMatch ^/$ http://otrs.domain.com/otrs/index.pl?
        RewriteEngine On
        RewriteCond %{HTTP:X-Forwarded-Proto} !https
        RewriteRule / https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
        ProxyPass / https://172.16.xxx.xxx/ (Local IP of my server)
        ProxyPassReverse / https://172.16.xxx.xxx/ (Local IP of my server)

</VirtualHost>

<VirtualHost *:443>
        ServerName otrs.domain.lan
        ServerAlias otrs.domain.com
        SSLCertificateFile /etc/letsencrypt/live/otrs.domain.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/otrs.domain.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf
        ErrorLog /var/log/apache2/otrs-error.log
        CustomLog /var/log/apache2/otrs-access.log combined
        SSLProxyEngine On
        SSLProxyVerify none
        SSLProtocol -all +TLSv1.2 +TLSv1.3
        # Suite de chiffrements TLSv1.2
        SSLCipherSuite SSL ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        # Suite de chiffrements TLSv1.3
        SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
        SSLHonorCipherOrder     on
        SSLOpenSSLConfCmd Curves X25519:secp521r1:secp384r1:prime256v1
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        #SSLProxyCheckPeerExpire On
        #SSLProxyVerifyDepth     10

        <IfModule security2_module>
        SecRuleEngine Off
        </IfModule>

        <Proxy *>
                order deny,allow
                # Allow all other IPs (to be activated only for test or dns server update)
                Allow from all
        </Proxy>

        RedirectMatch ^/$ https://otrs.domain.com/otrs/index.pl
        ProxyRequests     Off
        ProxyPreserveHost On
        ProxyPass         /otrs http://172.16.xxx.xxx/otrs keepalive=On retry=5
        ProxyPassReverse  /otrs http://172.16.xxx.xxx/otrs
        ProxyPass         /otrs-web http://172.16.xxx.xxx/otrs-web keepalive=On retry=5
        ProxyPassReverse  /otrs-web http://172.16.xxx.xxx/otrs-web

</VirtualHost>
Top
FSF
Znuny newbie
Posts: 31
Joined: 08 Dec 2022, 12:13
Znuny Version: 6.0.37
Real Name: Frederic

Re: Http to https: Error 503

Post by FSF »

Hello

So the implementation of this configuration has solved a part of the problem since now it is a question of setting up the link with the 0365 mailbox

So I configured znuny but when I validate the link I get this error message:
AADSTS50011: The redirect URI 'http://otrs.domain.com/otrs/get-oauth2- ... on-code.pl' specified in the request does not match the redirect URIs configured for the application '6fxxx-xxxx-xxxx-xxx-xxxxx1f2'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.
so I added the following line to the end of /opt/otrs/Kernel/Config.pm

Code: Select all

$Self->{HttpType} = 'https':
but then when I try to connect to https://orts.domain.com/otrs/index.pl have have this error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.

Code: Select all

[proxy:error] [pid 28554:tid 140393236633344] (111)Connection refused: AH00957: HTTPS: attempt to connect to 172.16.xxx.xxx:443 (172.16.xxx.xxx) failed
[proxy_http:error] [pid 28554:tid 140393236633344] [client 172.16.xxx.xxx:37368] AH01114: HTTP: failed to make connection to backend: 172.16.xxx.xxx
[proxy:error] [pid 28554:tid 140393536792320] (111)Connection refused: AH00957: HTTPS: attempt to connect to 172.16.xxx.xxx:443 (172.16.xxx.xxx) failed
[proxy_http:error] [pid 28554:tid 140393536792320] [client 172.16.xxx.xxx:37369] AH01114: HTTP: failed to make connection to backend: 172.16.xxx.xxx

So I modified again the configuration in my reverse proxy and replaced the lines:

Code: Select all

ProxyPass         /otrs http://172.16.xxx.xxx/otrs keepalive=On retry=5
ProxyPassReverse  /otrs http://172.16.xxx.xxx/otrs
ProxyPass         /otrs-web http://172.16.xxx.xxx/otrs-web keepalive=On retry=5
ProxyPassReverse  /otrs-web http://172.16.xxx.xxx/otrs-web
By the lines

Code: Select all

ProxyPass         /otrs https://172.16.xxx.xxx/otrs keepalive=On retry=5
ProxyPassReverse  /otrs https://172.16.xxx.xxx/otrs
ProxyPass         /otrs-web https://172.16.xxx.xxx/otrs-web keepalive=On retry=5
ProxyPassReverse  /otrs-web https://172.16.xxx.xxx/otrs-web
And then I have this error again:
Service Unavailable (503)
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Code: Select all

[proxy:error] [pid 28749:tid 140593984423680] (111)Connection refused: AH00957: HTTPS: attempt to connect to 172.16.xxx.xxx:443 (172.16.xxx.xxx) failed
 [proxy_http:error] [pid 28749:tid 140593984423680] [client 172.16.xxx.xxx:37874] AH01114: HTTP: failed to make connection to backend: 172.16.xxx.xxx
:evil: :evil: :evil:

Code: Select all

root@otrs:/opt/otrs/Kernel# netstat -tanpl|grep 80
tcp6       0      0 :::80                   :::*                    LISTEN      905/apache2
root@otrs:/opt/otrs/Kernel# netstat -tanpl|grep 443
root@otrs:/opt/otrs/Kernel#
Why is there nothing on port 443 on the znuny server itself?

What did I forget?

Can I have some help please?

Thank you in advance
Top
FSF
Znuny newbie
Posts: 31
Joined: 08 Dec 2022, 12:13
Znuny Version: 6.0.37
Real Name: Frederic

Re: Http to https: Error 503

Post by FSF »

Up :?: :(
Top
root
Administrator
Posts: 3954
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:
Contact root

Re: Http to https: Error 503

Post by root »

FSF wrote: 09 Feb 2023, 10:45Up :?: :(
Hi,

Configuring https is not related to the ticket system. Ask your Linux server administrator

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
Top
Post Reply

Return to “Help”