[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] Apache httpd reverse proxy returns SSL_ERROR_RX_RECORD_TOO_LONG when HTTP redirects to HTTPS

Dear all,

I am setting up an Apache v2.4 httpd reverse proxy for another server
hosting Atlassian Confluence.

The proxy's private IP address is, its public IP address is, and a DNS A record maps the public IP to

There is a NAT in place:
- ->
- ->
which is necessary because the proxy's public IP address is used also
for other services.

Name resolution on the proxy is done via /etc/hosts, which maps
confluence.example.com to, the private IP of the Confluence

Here's /etc/httpd/conf.d/confluence.conf (as you see, it also does a
redirect from HTTP to HTTPS):

<VirtualHost *:80>
    ServerName confluence.example.com
    ProxyRequests off
    ProxyPreserveHost off
    SetEnv force-proxy-request 1
    SetEnv proxy-nokeepalive 1
    ProxyPass        "/" "http://confluence.example.com:8090/";
    ProxyPassReverse "/" "http://confluence.example.com:8090/";
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

<VirtualHost *:443>
    ServerName confluence.example.com
    ServerSignature On
        <Proxy *>
            Order deny,allow
            Allow from all
    SSLEngine on
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    # SSL cipher suite shortened for clarity
    SSLCertificateFile    /etc/httpd/ssl/example.crt
    SSLCertificateKeyFile /etc/httpd/ssl/example.key
    SSLCACertificateFile  /etc/httpd/ssl/example.crt
    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass        "/" "http://confluence.example.com:8090/";
    ProxyPassReverse "/" "http://confluence.example.com:8090/";

When accessing http://confluence.example.com:10080 (or even from a browser, the URL changes to
https://confluence.example.com:10080 but, instead of showing the
Confluence login page, this error is returned:

Secure Connection Failed
An error occurred during a connection to SSL
received a record that exceeded the maximum permissible length. Error

This is what is logged (DEBUG level) to the http access log: - - [17/Sep/2018:17:06:59 +0200] "GET / HTTP/1.1" 302 208
"-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101
Firefox/62.0" - - [17/Sep/2018:17:06:59 +0200] "\x16\x03\x01\x02" 400 226 "-" "-"

and to the http error log:

[Mon Sep 17 17:11:58.095085 2018] [core:debug] [pid 23120]
protocol.c(1271): [client] AH00566: request failed:
malformed request line

I have set up separate https access and error logs, nothing is logged
there. As you might have guessed, is my outgoing public

Accessing https://confluence.example.com:10443 works fine.

The same config works on another Apache v2.2 reverse proxy.

Any hint or suggestion?  Thanks in advance.


To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx