[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] Apache httpd reverse proxy returns SSL_ERROR_RX_RECORD_TOO_LONG when HTTP redirects to HTTPS

Dear all,

I am setting up an Apache v2.4 httpd reverse proxy for another server
hosting Atlassian Confluence.

The proxy's private IP address is, its public IP address is, and a DNS A record maps the public IP to

There is a NAT in place:
- ->
- ->
which is necessary because the proxy's public IP address is used also
for other services.

Name resolution on the proxy is done via /etc/hosts, which maps to, the private IP of the Confluence

Here's /etc/httpd/conf.d/confluence.conf (as you see, it also does a
redirect from HTTP to HTTPS):

<VirtualHost *:80>
    ProxyRequests off
    ProxyPreserveHost off
    SetEnv force-proxy-request 1
    SetEnv proxy-nokeepalive 1
    ProxyPass        "/" "";
    ProxyPassReverse "/" "";
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

<VirtualHost *:443>
    ServerSignature On
        <Proxy *>
            Order deny,allow
            Allow from all
    SSLEngine on
    SSLProtocol ALL -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    # SSL cipher suite shortened for clarity
    SSLCertificateFile    /etc/httpd/ssl/example.crt
    SSLCertificateKeyFile /etc/httpd/ssl/example.key
    SSLCACertificateFile  /etc/httpd/ssl/example.crt
    ProxyRequests off
    ProxyPreserveHost on
    ProxyPass        "/" "";
    ProxyPassReverse "/" "";

When accessing (or even from a browser, the URL changes to but, instead of showing the
Confluence login page, this error is returned:

Secure Connection Failed
An error occurred during a connection to SSL
received a record that exceeded the maximum permissible length. Error

This is what is logged (DEBUG level) to the http access log: - - [17/Sep/2018:17:06:59 +0200] "GET / HTTP/1.1" 302 208
"-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101
Firefox/62.0" - - [17/Sep/2018:17:06:59 +0200] "\x16\x03\x01\x02" 400 226 "-" "-"

and to the http error log:

[Mon Sep 17 17:11:58.095085 2018] [core:debug] [pid 23120]
protocol.c(1271): [client] AH00566: request failed:
malformed request line

I have set up separate https access and error logs, nothing is logged
there. As you might have guessed, is my outgoing public

Accessing works fine.

The same config works on another Apache v2.2 reverse proxy.

Any hint or suggestion?  Thanks in advance.


To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx