Apache proxy:  Error reading status line from remote server"

Ludwig Diehl
Ludwig Diehl used Ask the Experts™
on
I have recently set up a proxy server using apache. However I randomly receive this message "502 Proxy error : Error reading status line from remote server".
What is supposed to be the proper way to solve this issue?. I mean, I prefer not using fixes like the ones I had to include to getr rid of this error temporally

        SetEnv force-proxy-request-1.0 1
                SetEnv proxy-nokeepalive 1
                SetEnv proxy-initial-not-pooled 1

Open in new window


This is my configuration:

<VirtualHost *:443>
        ServerName subdomain.mydomain.com
        ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/}
        <Proxy *>
               AddDefaultCharset off
               Order deny,allow
        </Proxy>
        <Proxy balancer://hostingCluster>
               BalancerMember http://server1:80 timeout=10 retry=3 hcmethod=HEAD hcexpr=ok234 hcinterval=10
               BalancerMember http://server2:80 timeout=10 retry=3 hcmethod=HEAD hcexpr=ok234 hcinterval=10
               ProxySet lbmethod=byrequests
               ProxySet stickysession=PHPSESSID

                SetEnv force-proxy-request-1.0 1
                SetEnv proxy-nokeepalive 1
                SetEnv proxy-initial-not-pooled 1

        </Proxy>
        <Location /manager>
                SetHandler balancer-manager
                AuthType Basic
                Require valid-user
                AuthUserFile /var/www/.htpasswd
                AuthName "Authorization Required"
        </Location>
        ProxyPreserveHost On
        SSLProxyEngine On
        ProxyTimeout 1200
        ProxyBadHeader Ignore
        ProxyRequests off
        ProxyVia Off
        ProxyPass /manager !
        ProxyPass / balancer://hostingCluster/
        ProxyPassReverse / balancer://hostingCluster/
        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/mycert.crt
        SSLCertificateKeyFile /etc/ssl/certs/mycert.key
        SSLCertificateChainFile /etc/ssl/certs/mycerCA.crt
        LogLevel info
        ErrorLog /var/log/httpd/error_log
        TransferLog /var/log/httpd/access_log
        ServerSignature Off
        HostnameLookups On
</VirtualHost>

Open in new window


By the way, is there anything you recommend to improve my configuration in terms of security, performance, etc?

Thanks in advance
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
If you want a reverse proxy then maybe using haproxy instead of apache is a better option.
haproxy is to weapon of chaice for load balancers.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Likely this message means exactly what it says.

Your remote server is glitchy out occasionally. You can verify this by looking at Apache logs + your remote server (whatever that may be) logs for the period when you see the 502. You can determine an exact time of 502s by searching /var/log/apache2/access.log or your Distro's equivalent.

As @noci suggested, HAProxy may be a better option.

An even better option is to run your remote server in an LXD container with a public IP, then if required, you can always ACL your LXD container using iptables.

If you use Apache or HAProxy or any other code between your remote server, then throughput to your remote will likely drop by a minimum 50% (HAProxy) + maybe more for Apache, depending on many factors.

Switch over to running your remote App/API server in an LXD container + you'll be surprised how many complex issues this resolves... instantly...
Ludwig DiehlSystems Architect

Author

Commented:
Thanks for the answers. I will consider migrating to HAProxy or any other solution however for now I cannot do that because it is in production, so it would be great if anyone can help me to get rid of that problem. I have try looking into my backends servers (apache and php ) logs. Still have not found anything.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Likely a first consideration is to look at your backend App code, which is throwing the error.

HAProxy (or any other code) many times is better avoided, as each layer of software added, means another layer of debugging each time a problem arises.

A far better option, retool your App code to work blazing fast, 100% of the time.

Writing fast API systems is dirt simple with all the tools available today.

Start with an audit of your App code first.
Systems Architect
Commented:
Thanks for the advice. But unfortunately that's not the case. I will proceed to close this. Thanks everyone.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial