Reverse Proxy - Apache + certbot

[luchris]

⚠️ Please verify that this bug has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

📝 Describe your problem

Hi am seeing uptime-kuma is running.

tcp       84      0 0.0.0.0:3001            0.0.0.0:*               LISTEN      41346/conmon

Did a reverse proxy with certbot by adding httpd.conf

<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
  ServerName uptime.server.com

  Protocols h2 http/1.1

  ProxyPass / http://localhost:3001/
  RewriteEngine on
  RewriteCond %{HTTP:Upgrade} =websocket
  RewriteRule /(.*) ws://localhost:3001/$1 [P,L]
  RewriteCond %{HTTP:Upgrade} !=websocket
  RewriteRule /(.*) http://localhost:3001/$1 [P,L]

SSLCertificateFile /etc/letsencrypt/live/uptime.server.com
/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/uptime.server.com
/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
</VirtualHost>
</IfModule>

Apache restarted without any complaint.

But i got the below error.

Error logged as follows:-

[Mon Dec 04 11:14:13.912098 2023] [proxy_http:error] [pid 44847:tid 44970] (70007)The timeout specified has expired: [client 165.13.1.29:58861] AH01102: error reading status line from remote server localhost:3001
[Mon Dec 04 11:14:13.912494 2023] [proxy:error] [pid 44847:tid 44970] [client 165.13.1.29:58861] AH00898: Error reading from remote server returned by /

How can i trouble shoot this?

Thank you.

📝 Error Message(s) or Log

Browser displayed error

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request

Reason: Error reading from remote server

🐻 Uptime-Kuma Version

Latest docker version

💻 Operating System and Arch

Rocky 9

🌐 Browser

Google Chrome Version 119.0.6045.200

🐋 Docker Version

Podman-docker 2:4.6.1-5.el9

🟩 NodeJS Version

No response

[CommanderStorm]

Your configuration is missing some configuration options from https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#apache

Could you try the configuration with SSLEngine On?

[kmbuthia]

Facing the exact same issue and seeing the exact same errors with the same Apache + docker + certbot setup

[CommanderStorm]

with the same Apache + docker + certbot setup

I don't see this setup for Apache in our docs.

So let's go at it logically.
The error message states that Apache cannot contact uptime kuma.
=> let's see if we can reproduce this:

• what are you seeing if you visit htttps://localhost:3001 ?
• How have you plumbed these services together? Are you using docker-compose? => please share your commands/... to reproduce this
• Which docker network type did you use?

[kmbuthia]

I got this to work with the following docker-compose.yml

version: '3'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:1
    container_name: uptime-kuma
    volumes:
      - ./:/app/data
    ports:
      - "3001:3001"  # <Host Port>:<Container Port>
    restart: always
    environment:
      UPTIME_KUMA_HOST: 0.0.0.0
      UPTIME_KUMA_PORT: 3001
    network_mode: "host"

volumes:
  uptime-kuma:

However I got completely stuck getting the websocket (socket.io) to work behind an apache reverse proxy setup despite following this configuration: https://github.com/louislam/uptime-kuma/wiki/Reverse-Proxy#apache

I did not get any helpful error other than "websocket failed" and I think there are likely some steps I am missing needed to get websocket traffic to get from the client (front-end) all the way past the apache reverse proxy and into the docker container 🤷🏽‍♂️

[CommanderStorm]

While cleaning up other issues, I came across louislam/uptime-kuma-wiki#73
Could you have a look if you have these paramerters enabled?

[CommanderStorm]

Closing in favour of #4210

[chakflying]

I don't think this is related to #4210, since 1.23.9 is not available when this issue was created.

[github-actions]

We are clearing up our old help-issues and your issue has been open for 60 days with no activity.
If no comment is made and the stale label is not removed, this issue will be closed in 7 days.