Activities

February 2014
M T W T F S S
« Jan   Jun »
 12
3456789
10111213141516
17181920212223
2425262728  

Apache : proxy: HTTP: disabled connection for,Permission denied: proxy: HTTP: attempt to connect to

I’m setting up GitLab for one of my friend on CentOS 6.5 Server. Installations are went through smoothly and I could able to run gitlab service. But it does not showing up on GitLab site over Apache portal and displaying “503 “Service temporarily unavailable” error in Firefox.

After analyzing Apache logs (/var/log/httpd/error) I have noticed that it’s showing some errors as shown below,

root@gitweb01 gitlab]# tail -f /var/log/httpd/error_log
[Thu Feb 20 11:19:22 2014] [error] proxy: HTTP: disabled connection for (192.168.0.100)
[Thu Feb 20 11:19:22 2014] [error] proxy: HTTP: disabled connection for (192.168.0.100)
[Thu Feb 20 11:19:22 2014] [error] proxy: HTTP: disabled connection for (192.168.0.100)
[Thu Feb 20 14:42:58 2014] [error] (13)Permission denied: proxy: HTTP: attempt to connect to 192.168.0.100:8080 (192.168.0.100) failed
[Thu Feb 20 14:42:58 2014] [error] ap_proxy_connect_backend disabling worker for (192.168.0.100)
[Thu Feb 20 14:42:58 2014] [error] proxy: HTTP: disabled connection for (192.168.0.100)

Solution

The problem is that the Apache proxy module, recognizing that the service was unavailable, stopped redirecting requests to it for one minute.

ProxyPass / http://192.168.0.100:8080/ retry=0 timeout=5
ProxyPassReverse / http://192.168.0.100:8080/

Another issue which I got was, something related to file permission in Apache error log. Surprisingly I’m stuck at first when I see this error (Permission denied: proxy: HTTP: attempt to connect to192.168.0.100).

Solution

This is due to SELinux policy. So we need to disable it. How do I disable SELinux ,

Option 1 : Execute the following command to take effect at run-time.

[root@gitweb01 ~]# setenforce 0

Option 2 : For permanent fix, we need to edit the file “/etc/selinux/config” set the variable of SELINUX to “disabled”

[root@gitweb01 ~]# cat /etc/selinux/config
 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled

8 comments to Apache : proxy: HTTP: disabled connection for,Permission denied: proxy: HTTP: attempt to connect to

  • Kristjan

    Before you disable selinux you could try:

    $ setsebool -P httpd_can_network_connect on

  • Perhaps, the problem is the network.
    For example. If the IP of the webserver is 192.168.1.1 and the other webserver is 192.168.0.100, the servers are in a different subnet range.

    Matias Colli
    Consultor IT

  • Pete

    the fist solution given above is the correct way to solve the problem. SElinux can remain set to “enforcing” if this method is used. That would make for a much more secure proxy than disabling SELinux.

  • Chris

    Interesting, I have the exact same issue but SELinux is disabled.

    > setenforce 0
    setenforce: SELinux is disabled

    What else could cause this to happen?

  • http proxy was turned off how can I turn it back on can,t get into my web site

  • Rado

    Please stop giving this bulshit advice to turn off selinux. It is not a good answer!

  • Jeff

    This is horrible advice. When you straight up disable SELinux instead of troubleshooting the permission problem you are worse off. It’s like turning up your music when your car starts making strange noises. This is not a real solution.

    • I’m sorry that this is not a straight approach But it’s a quick turn around since I haven’t seen any servers which SE Linux enabled except of some audit and complaince showing ‘off future’ status

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>