Reverse proxy via Apache Problem

I have read through many of the posts and articles to configure Apache http to act as a proxy for Grafana. I’ve tried numerous changes (ie using localhost instead of 127.0.0.1, using FQDN, etc), but get the same results. When I go to http://myhostname.domain.tld/grafana (not the real FQDN, obviously), I get the Service Unavailable [503] error.

Here are my configs:

/etc/httpd/conf.d/grafana.conf
<VirtualHost *:80>
ServerName myhostname.domain.tld
RewriteEngine on
RewriteRule ^/?$ /grafana/ [R=permanent,L]
<Location “/grafana”>
ProxyPass http://127.0.0.1:3000

ProxyPassReverse /grafana http://127.0.0.1:3000

/etc/grafana/grafana.ini
domain = myhostname.domain.tld
root_url = http://myhostname.domain.tld/grafana/
serve_from_sub_path = true

Here’s a snippet from /var/log/httpd/error_log

[Tue Jan 05 13:13:23.620624 2021] [authz_core:debug] [pid 69285] mod_authz_core.c(835): [client 130.55.153.126:56028] AH01628: authorization result: granted (no directives)
[Tue Jan 05 13:13:23.621040 2021] [proxy:debug] [pid 69285] mod_proxy.c(1123): [client 130.55.153.126:56028] AH01143: Running scheme http handler (attempt 0)
[Tue Jan 05 13:13:23.621055 2021] [proxy_ajp:debug] [pid 69285] mod_proxy_ajp.c(722): [client 130.55.153.126:56028] AH00894: declining URL http://127.0.0.1:3000/
[Tue Jan 05 13:13:23.621065 2021] [proxy_fcgi:debug] [pid 69285] mod_proxy_fcgi.c(972): [client 130.55.153.126:56028] AH01076: url: http://127.0.0.1:3000/ proxyname: (null)
proxyport: 0
[Tue Jan 05 13:13:23.621070 2021] [proxy_fcgi:debug] [pid 69285] mod_proxy_fcgi.c(975): [client 130.55.153.126:56028] AH01077: declining URL http://127.0.0.1:3000/
[Tue Jan 05 13:13:23.621082 2021] [proxy:debug] [pid 69285] proxy_util.c(2209): AH00942: HTTP: has acquired connection for (127.0.0.1)
[Tue Jan 05 13:13:23.621108 2021] [proxy:debug] [pid 69285] proxy_util.c(2262): [client 130.55.153.126:56028] AH00944: connecting http://127.0.0.1:3000/ to 127.0.0.1:3000
[Tue Jan 05 13:13:23.621240 2021] [proxy:debug] [pid 69285] proxy_util.c(2442): [client 130.55.153.126:56028] AH00947: connected / to 127.0.0.1:3000
[Tue Jan 05 13:13:23.621348 2021] [proxy:error] [pid 69285] (13)Permission denied: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Jan 05 13:13:23.621383 2021] [proxy:error] [pid 69285] AH00959: ap_proxy_connect_backend disabling worker for (127.0.0.1) for 60s
[Tue Jan 05 13:13:23.621387 2021] [proxy_http:error] [pid 69285] [client 130.55.153.126:56028] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue Jan 05 13:13:23.621390 2021] [proxy:debug] [pid 69285] proxy_util.c(2224): AH00943: HTTP: has released connection for (127.0.0.1)

Does anyone have any thoughts/suggestions?

Thanks,

Stephen Johnson

I figured it out. The server is configured with SELinux, and httpd was not allowed to establish a network connection. I ran the command ‘setsebool -P httpd_can_network_connect 1’ to resolve the problem.

Stephen Johnson