Apache reverse proxy issues

Question

I have an apache server and transmission-daemon running together. Only ports 80 and 443 are open, I want to be able to access transmission's web interface from "https://address.net/transmission" instead of "localhost:9091"

I followed several guides but I can't make it work (ERR_CONNECTION_REFUSED or a 502), here's my last configuration. Thank you.

apache2.conf:

Mutex file:${APACHE_LOCK_DIR} default
PidFile ${APACHE_PID_FILE}
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}
HostnameLookups Off
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn

IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

Include ports.conf

<Directory /path/apache>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>


<Directory /path/apache/private>
        AuthType Basic
        AuthName "Restricted Content"
        AuthUserFile /path/.htpasswd
        Require valid-user
</Directory>

AccessFileName .htaccess
<FilesMatch "^\.ht">
    Require all denied
</FilesMatch>

IncludeOptional conf-enabled/*.conf
IncludeOptional sites-enabled/*.conf

ports.conf:

Listen 80
Listen 443

proxy.conf:

<IfModule mod_proxy.c>
    ProxyRequests Off
    ProxyPreserveHost On
    <Proxy *>
        AddDefaultCharset off
        Order deny,allow
            Allow from all
    </Proxy>

        ProxyPass /transmission https://localhost:9091
        ProxyPassReverse /transmission https://localhost:9091

    ProxyVia On

</IfModule>

/sites-enabled/000-default.conf:

<VirtualHost *:80>
    ServerName address.net

    DocumentRoot /path/apache

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined


        Redirect permanent / https://address.net/

</VirtualHost>

/sites-enabled/default-ssl.conf:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>

        ServerName address.net
        DocumentRoot /path/apache


        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined


        SSLEngine on

        SSLCertificateFile  /stuff.pem
        SSLCertificateKeyFile /morestuff.pem


        SSLProxyEngine on

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>

        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    </VirtualHost>
</IfModule>

Answer 1

Maybe

    ProxyPass /transmission https://localhost:9091
    ProxyPassReverse /transmission https://localhost:9091

should be:

    ProxyPass /transmission http://localhost:9091
    ProxyPassReverse /transmission http://localhost:9091

Answer 2

Setup which work for me (Debian jessie + apache2). I face problem connecting to webgui after permanent redirection to 443 using letsencrypt (SSL/TLS). First I need to enable proxy modules in Apache:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo systemctl restart apache2

Then I have to edit /etc/apache2/mods-available/proxy.conf file. But before that I backup proxy.conf file like so:

cd /etc/apache2/mods-available
sudo mv proxy.conf proxy.conf.default

Now I create a new file called proxy.conf with following lines to it:

<ifmodule mod_proxy.c>
  #turning ProxyRequests on and allowing proxying from all may allow
  #spammers to use your proxy to send email.

  ProxyRequests Off
  <proxy *>
    AddDefaultCharset off
    Order Allow,Deny
    Allow from all
  </proxy>

  ProxyPass /transmission http://localhost:9091/transmission
  ProxyPassReverse /transmission http://localhost:9091/transmission
  # Line below is optional
  Redirect permanent /transmission https://myserver.com/transmission/web/

  # Enable/disable the handling of HTTP/1.1 "Via:" headers.
  # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
  # Set to one of: Off | On | Full | Block

  ProxyVia On
</ifmodule>

The ProxyPass and ReverseProxyPass lines create an Transmission Apache proxy (actually a reverse proxy). The redirect statement (optional) permanently redirects http connections to https connections for security. Restart apache:

sudo systemctl restart apache2

Now you should be able to access transmission web interface using

https://myserver.com/transmission

I case of 409 conflict. Try

https://myserver.com/transmission/web/