Using Apache2 as proxy to redirect traffic within LAN not working as intended

[Vincent “Giantvince1” Meadows]

Hello, I've been having an issue with Apache2 refusing to proxy requests to the proper server based on domain name. Say, for example you've got mail.whatever.domain on one machine, then you've got otherservice.whatever.domain on another machine, and you want to have a proxy server receive requests for both domains to redirect the traffic where it belongs.

In my case, when I have this set up in such a manner, it seems to only proxy to one machine in particular, regardless of the fact that the IP addresses in the proxy rules are pointing to the correct machines in each "Server" block in the configs. Can someone please help me figure this out? It's driving me nuts!

[Marco Moock]

Am 10.05.2023 um 09:34:04 Uhr schrieb Vincent “Giantvince1” Meadows:

> In my case, when I have this set up in such a manner, it seems to
> only proxy to one machine in particular, regardless of the fact that
> the IP addresses in the proxy rules are pointing to the correct
> machines in each "Server" block in the configs. Can someone please
> help me figure this out? It's driving me nuts!

Please post your configuration.

[Vincent “Giantvince1” Meadows]

My entire config is below this line; I obfuscated my IPv6 for privacy reasons, my IPv4 addresses are actually private due to only having one public IPv4 and requiring NAT.
Also, as of right now, I have instigated my router to force IPv6 NAT so that I can avoid the problem for now, since it seems that forcing the router to ALWAYS pick 10.0.0.4 (and the associated IPv6 address) to pass traffic to makes things just *work*.

<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
ServerName pihole.meadowsburklepcrepair.com
ServerAdmin vin...@villageofgamers.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/html/admin
<Directory "/var/www/html/admin">
DirectoryIndex index.php
<RequireAny>
Require ip 10.0.0.0/24
Require ip fd00::/64
</RequireAny>
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName dynmap.villageofgamers.net
ServerAdmin vin...@villageofgamers.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/html/dynmap
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName mail.maxxburkleservices.com
ServerAdmin vin...@maxxburkleservices.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy *>
<RequireAll>
Require all granted
Require not ip 10.0.2.0/24
</RequireAll>
</Proxy>
SSLProxyEngine on
SSLProxyVerify none
ProxyPass / https://10.0.0.5/
ProxyPassReverse / https://10.0.0.5/
ProxyRequests off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName mail.meadowsburklepcrepair.com
ServerAdmin vin...@meadowsburklepcrepair.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy *>
<RequireAll>
Require all granted
Require not ip 10.0.2.0/24
</RequireAll>
</Proxy>
SSLProxyEngine on
SSLProxyVerify none
ProxyPass / https://10.0.0.5/
ProxyPassReverse / https://10.0.0.5/
ProxyRequests off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName mail.villageofgamers.net
ServerAdmin vin...@villageofgamers.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy *>
<RequireAll>
Require all granted
Require not ip 10.0.2.0/24
</RequireAll>
</Proxy>
SSLProxyEngine on
SSLProxyVerify none
ProxyPass / https://10.0.0.5/
ProxyPassReverse / https://10.0.0.5/
ProxyRequests off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName maxxburkleservices.com
ServerAdmin vin...@maxxburkleservices.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/html/redirects
DirectoryIndex index.php
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName meadowsburklepcrepair.com
ServerAdmin vin...@meadowsburklepcrepair.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/html/redirects
DirectoryIndex index.php
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName nextcloud.meadowsburklepcrepair.com
ServerAdmin vin...@meadowsburklepcrepair.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>
<Directory /var/www/html/nextcloud>
<RequireAll>
Require all granted
Require not ip 10.0.2.0/24
</RequireAll>
DirectoryIndex index.php
</Directory>
DocumentRoot /var/www/html/nextcloud
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName radio.villageofgamers.net
ServerAdmin vin...@villageofgamers.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLProxyEngine on
SSLProxyVerify none
ProxyPass / https://127.0.0.1:8443/
ProxyPassReverse / https://127.0.0.1:8443/
ProxyRequests off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName support.meadowsburklepcrepair.com
ServerAdmin vin...@meadowsburklepcrepair.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy *>
<RequireAll>
Require all granted
Require not ip 10.0.2.0/24
</RequireAll>
</Proxy>
SSLProxyEngine on
SSLProxyVerify none
ProxyPass / https://10.0.0.3/
ProxyPassReverse / https://10.0.0.3/
ProxyRequests off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName vaultwarden.meadowsburklepcrepair.com
ServerAdmin vin...@maxxburkleservices.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Proxy *>
<RequireAll>
Require all granted
Require not ip 10.0.2.0/24
</RequireAll>
</Proxy>
SSLProxyEngine on
SSLProxyVerify none
ProxyPass / https://10.0.0.3/
ProxyPassReverse / https://10.0.0.3/
ProxyRequests off
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
ServerName villageofgamers.net
ServerAdmin vin...@villageofgamers.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
DocumentRoot /var/www/html/redirects
DirectoryIndex index.php
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/meadowsburklepcrepair.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/meadowsburklepcrepair.com/privkey.pem
</VirtualHost>

[Vincent “Giantvince1” Meadows]

I think I got it figured out; for some reason it was only affecting one service within my LAN, a ticketing system known as FreeScout. I have a Vaultwarden instance running on the same server that was on as well, but that has been accessible this whole time, and not getting overrun by my mail server on the next-door-neighbor VM. I'm not sure what would have caused the problems I was seeing, but since FreeScout was not in use in the first place, I just went and got rid of it entirely.