Proxy Error with https - Apache2

(Giwenn Launay) #1


I contact you because I have a problem with Apache.
When I use Apache without http it works correctly but when that pass in http the following error appears:

Proxy Error
The proxy server received an invalid
response from an upstream server.

The proxy server could not handle the request GET /.
Reason: Error reading from remote server

Apache/2.4.10 (Debian) Server at Port 443

Except(Off) I connect well with the addresse to inform in "RequestHeader"
Thus here is the Apache configuration of my waiter(server):

<VirtualHost *:443>
    ProxyRequests Off
    SSLEngine on
    SSLCertificateFile "/etc/graylog/certificat2/graylogcert.pem"
    SSLCertificateKeyFile "/etc/graylog/certificat2/graykey.pem"

    <Proxy *>
        Order deny,allow
        Allow from all

    <Location />
        RequestHeader set X-Graylog-Server-URL ""

Furthermore when I go to the logs of appache ( error.log ) here is the error message which I meet:

[Tue Apr 11 12:19:08.318976 2017] [proxy_http:error] [pid 3290:tid 140176919619328] (20014)Internal error: [client] AH01102: error reading status line from remote server
[Tue Apr 11 12:19:08.319004 2017] [proxy:error] [pid 3290:tid 140176919619328] [client] AH00898: Error reading from remote server returned by /

Can anybody help me?

Thank you


JerseyService won't start after enabling https
(Jochen) #2

There are working examples for how to do this at

Please post the configuration and the logs of your Graylog node.

You can use triple backticks to retain the formatting of your text snippets:


(Giwenn Launay) #3

Here is the configuration of graylog server:

is_master = true
node_id_file = /etc/graylog/server/node-id
root_username = admin
rest_listen_uri =
rest_transport_uri =
rest_enable_cors = true
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/XXXX/XXX/graycert.pem
rest_tls_key_file = /etc/graylog/XXX/XXXX/graykey.pem
rest_tls_key_password = XXXXXX
web_listen_uri = -
web_endpoint_uri = -
web_enable_tls = true
web_tls_cert_file = /etc/graylog/XXXX/XXX/graycert.pem
web_tls_key_file = /etc/graylog/XXXX/XXXX/graykey.pem
web_tls_key_password = XXXXXX
elasticsearch_shards = 1
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_highlighting = false
elasticsearch_cluster_name = graylog
elasticsearch_node_name = node1
elasticsearch_discovery_zen_ping_unicast_hosts =
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_network_host =

I did not put everything as the parameters of mongodb, etc.

If besion of something else does not hesitate has to tell it to me and thank you for your answers

PS: I put “-” in front of http to avoid that ca is links

(Jochen) #4

As I said before, you can use triple backticks to retain formatting…

(Jochen) #5

This won’t work with the Apache httpd configuration you’ve posted.

HTTPS termination happens in your Apache httpd, you don’t need to do that in Graylog.

(Giwenn Launay) #6

For what I look has credit note it is to reach has the Web interface without putting the number of the port has every time of the blow I set up one put back proxy It is not that it is necessary to make?

(Jochen) #7

Please elaborate, I don’t understand your question.

(Giwenn Launay) #8

Sorry I’m French and I’m bad in English

HTTPS that I configured in graylog is functional. I have set up apache so that when I connect to the web interface I do not need to re-enter the port number each time.
Is setting up Apache useful?

Also if I use Apache, I do not need to reiseigner:
rest_tls_cert_file and rest_tls_key_file
Did I understand right ?

(Jochen) #9

It can be, depending on your requirements.

The problem is that your ProxyPass and ProxyPassReverse settings are wrong for the Graylog configuration you’ve posted (hint: https:// vs. http://).

(Giwenn Launay) #10

Je me suis rendu compte que c’était les paramètres ProxyPass et ProxyPassReverse, Je mis les deux paramètres suivent en https mais voici les erreur que j’obtient :

[Wed Apr 12 09:57:45.872297 2017] [ssl:error] [pid 3279:tid 140448123913984] [remote] AH01961: SSL Proxy requested for but not enabled [Hint: SSLProxyEngine]
[Wed Apr 12 09:57:45.872380 2017] [proxy:error] [pid 3279:tid 140448123913984] AH00961: HTTPS: failed to enable ssl support for (
In the Apache error.log file

(Giwenn Launay) #11

Should the ProxyPass and ProxyPassReverse parameters be removed?

(Jochen) #12

No, but you have to use the correct URIs as parameters…

(Giwenn Launay) #13

I found the error, this is because of the Apache version
SSLEngine We are not correct, we must put SSlProxyEngine On
In addition, add “/” after Proxypass and ProxyPassReverse as below:

<VirtualHost *:443>
    ProxyRequests Off
    SSLProxyEngine on
    SSLCertificateFile "/etc/graylog/XXXX/graylogcert.pem"
    SSLCertificateKeyFile "/etc/graylog/XXXXX/graykey.pem"

    <Proxy *>
        Order deny,allow
        Allow from all
        RequestHeader set X-Graylog-Server-URL ""
        ProxyPass /
        ProxyPassReverse /

ProxyPass and ProxyPassReverse must also be set to HTTPS

The configuration on the site is not Totally correct

Thank you very much Jochen for your help

(Jan Doberstein) #14

You are always welcomed to send a correction of the documentation via pr over github.