Apache 2.4 not working as a proxy

[Anima79]

Hello there,

after two happy years with Mailcow 0.13 and 0.14 I now decided to upgrade to the dockerized version. By the way, many thanks for your great work, andryyy! Originally, my plan has been to run mailcow: dockerized behind a proxying Apache 2.4, since I am also running an instance of Nextcloud and some Wordpress sites. However, although I am following the documentation down to the t, whenever I try to reach my mail.domain.tld via the Apache, I am only getting a 502 error (Bad Gateway! The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET. Reason: Error reading from remote server).
For testing purposes, I switched the Apache off and changed nginx's settings back to listening on port 80 and 443 (via mailcow.conf) - and surely it worked like it should. All services are up and running fine, and, as far I can tell from nginx logs, there seem to be no problems either.
So, I am really open to all help and appreciate it a lot! Michael

P.S.: Debian Stretch, all packages are up to date.

[lazyfrosch]

Maybe you should share the config you have tried?

I wouldn't recommend running those kind of split setups, mailcow does a good job managing ssl certs and everything. But you certainly can disable that.

[Anima79]

Yeah, I missed that simpliest of all things. Sorry for that. Here is the content of my Apache virtual host file for mailcow :
<VirtualHost *:443>
ServerName "mail.XXX.me"
ServerAlias "autodiscover.XXX.me"
ServerAlias "autoconfig.XXX.me"
#You should proxy to a plain HTTP session to offload SSL processing
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
ProxyPreserveHost On
ProxyAddHeaders On
# This header does not need to be set when using http
# RequestHeader set X-Forwarded-Proto "https"
#your-ssl-configuration-here
#[...]
# If you plan to proxy to a HTTPS host:
#SSLProxyEngine On

    # If you plan to proxy to an untrusted HTTPS host:
    #SSLProxyVerify none
    #SSLProxyCheckPeerCN off
    #SSLProxyCheckPeerName off
    #SSLProxyCheckPeerExpire off

And this is the important part from mailcow.conf:

# ------------------------------
# HTTP/S Bindings
# ------------------------------
# You should use HTTPS, but in case of SSL offloaded reverse proxies:
HTTP_PORT=8080
HTTP_BIND=127.0.0.1
HTTPS_PORT=8443
HTTPS_BIND=127.0.0.1

Did I miss something there?

[Anima79]

My system is a pretty straightforward debian installation by the way. I am running a Shorewall firewall however. But this can't be the reason for the connection problems, as far as I can tell.

[lazyfrosch]

First of all your problem is that mailcow forces you a redirect to SSL, so you will need to proxy to: https://localhost:8443

mailcow-dockerized/data/conf/nginx/site.conf

Lines 10 to 15 in ad03257

	server {
	listen 80 default_server;
	listen [::]:80 default_server;
	include /etc/nginx/conf.d/server_name.active;
	return 301 https://$host$request_uri;
	}

P.S. Please use backticks for code, like so:

```
code
```

[andryyy]

That's correct, but I removed that forced redirect in dev.

I will try to find a better way to check wether or not we are behind a reverse proxy.

[Anima79]

That was fast, thanks a lot! I will try that tonight. I am just a little irritated, since I thought that the documentation would be not misleading on that part.

[Anima79]

Hi Andryyy,

what would be the best way then? Just using the dev-branch? Thanks a lot four your input!

[Anima79]

Hello,
two days ago I tried lazyfroschs advice but to no avail - still no luck in proxying to mailcow. I just don't get why using Apaches proxying capabilities work in general (I proxy to one music server at port 4040), but it won't work in this case. Oh well, seems to me that I have to stick to 0.14 for the time being.

Thanks for your time and help!

Michael

[andryyy]

It works without that redirect. Restarted nginx-maicow?

[Anima79]

Hi andryyy,

yes, I restarted nginx-mailcow several times. In the next few days I will try to recreate my setup on my testing server and will check what possibly causes the problem. I will report back as soon as I find the cause.

Btw: For testing reasons I switched of Shorewall, but that had no effect at all.

Thanks again for your help!

Michael

[Anima79]

Weird - after a new run of tests everything turned out to be fine. It seems to me that indeed Shorewall had been the cause of my problems. After completely purging it (and installing ufw afterwards), Mailcow Dockerized seems to run fine now. The topic therefore can be closed - thanks for your help again!

[toffelwurst]

Weird - after a new run of tests everything turned out to be fine. It seems to me that indeed Shorewall had been the cause of my problems.

Hi Anima79,
i'am facing the exact same problem and think i'am to stupid to permit traffic from/to the docker interface in shorewall. Did you find a way or did you just stop using shorewall?

[Anima79]

No, I am using UFW now since I never succeded with Shorewall and Mailcow playing nice together. But I am not looking back either. UFW works fine for me! Best wishes, Michael