代理服务器接收到来自上游服务器的无效响应 [英] The proxy server received an invalid response from an upstream server
问题描述
我们已经部署在Tomcat的应用程序。
要访问,我们使用的是Apache,它发送请求到Tomcat应用程序。
随意浏览器提供以下响应。
代理错误
代理服务器接收到来自上游服务器的无效响应。
代理服务器无法处理请求GET /sampleapp/<http://samplehost.com:8080/sampleapp/> ;.
原因:错误从远程服务器读取
________________________________
在samplehost.com端口8080的Apache / 2.2.21(Unix的)服务器
此错误是不是来一直到目前为止,我们在客户机只有IE浏览器得到这个。在同一台客户机与Firefox它工作得很好。
以下是从Apache日志的跟踪误差为失败的请求
[周四3月22日2时51分08秒2012] [错误] [客户端10.36.64.137(20014)内部错误:代理服务器:错误从远程服务器本地主机阅读状态行:8081 ,引用者:http://samplehost.com:8080/sampleapp/opp/showSearchHome.htm
[周四3月22日2时51分08秒2012] [错误] [客户端10.36.64.137]代理:错误从/sampleapp/opp/searchResult.htm返回远程服务器上读取,引用者:http://samplehost.com:8080/ sampleapp / OPP / showSearchHome.htm
没有什么是越来越印在tomcat的日志时请求失败。
以下是阿帕奇的相关信息,安装的版本。
-bash-3.00 $ ./httpd -v
服务器版本:阿帕奇/ 2.2.21(Unix的)
Server内置:2011年9月21日二十时00分58秒
在试图找出模块加载我得到以下错误
-bash-3.00 $在/ usr /本地/ Apache2的/斌/ apachectl中-t -D DUMP_MODULES
httpd的:对/usr/local/apache2/conf/httpd.conf的64行语法错误:无法加载到/usr/local/apache2/modules/mod_authnz_ldap.so服务器:程序ld.so.1:httpd的:致命的:libldap- 2.4.so.2:打开失败:没有这样的文件或目录
这是没有提到在您的文章,但我怀疑你正着手从浏览器到Apache,在那里VirtualHosts配置SSL连接,和Apache做了revese代理到Tomcat。
有是IE的一个严重的错误(有些版本?)发送SSL连接的错误的主机的信息(见下面的编辑),并混淆了Apache VirtualHosts。总之服务器名称presented是IP,而不是一个在URL的反向DNS解析之一。
解决方法是让每个SSL虚拟主机/服务器名称一个IP地址。是短暂的,你必须用类似最终
1服务器名称== 1个IP地址== 1证书== 1 Apache虚拟主机
修改
虽然结论是正确的,问题的识别更好这里描述
<一href=\"http://en.wikipedia.org/wiki/Server_Name_Indication\">http://en.wikipedia.org/wiki/Server_Name_Indication
We have an application deployed on tomcat. To access application we are using apache which sends requests to tomcat. At random browser gives following response.
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /sampleapp/<http://samplehost.com:8080/sampleapp/>.
Reason: Error reading from remote server
________________________________
Apache/2.2.21 (Unix) Server at samplehost.com Port 8080
This error is not coming always and so far we are getting this in a client machine with IE only. On the same client machine with Firefox it works well.
Following is the error trace from Apache logs for a failed request
[Thu Mar 22 02:51:08 2012] [error] [client 10.36.64.137] (20014)Internal error: proxy: error reading status line from remote server localhost:8081, referer: http://samplehost.com:8080/sampleapp/opp/showSearchHome.htm
[Thu Mar 22 02:51:08 2012] [error] [client 10.36.64.137] proxy: Error reading from remote server returned by /sampleapp/opp/searchResult.htm, referer: http://samplehost.com:8080/sampleapp/opp/showSearchHome.htm
Nothing is getting printed on tomcat logs when a request is failing.
Following is the information related installed version of apache
-bash-3.00$ ./httpd -v
Server version: Apache/2.2.21 (Unix)
Server built: Sep 21 2011 20:00:58
When trying to find out modules loaded I get following error
-bash-3.00$ /usr/local/apache2/bin/apachectl -t -D DUMP_MODULES
httpd: Syntax error on line 64 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_authnz_ldap.so into server: ld.so.1: httpd: fatal: libldap-2.4.so.2: open failed: No such file or directory
This is not mentioned in you post but I suspect you are initiating an SSL connection from the browser to Apache, where VirtualHosts are configured, and Apache does a revese proxy to your Tomcat.
There is a serious bug in (some versions ?) of IE that sends the 'wrong' host information in an SSL connection (see EDIT below) and confuses the Apache VirtualHosts. In short the server name presented is the one of the reverse DNS resolution of the IP, not the one in the URL.
The workaround is to have one IP address per SSL virtual hosts/server name. Is short, you must end up with something like
1 server name == 1 IP address == 1 certificate == 1 Apache Virtual Host
EDIT
Though the conclusion is correct, the identification of the problem is better described here http://en.wikipedia.org/wiki/Server_Name_Indication
这篇关于代理服务器接收到来自上游服务器的无效响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
