Cant configure reverse proxy "HOST not supported by backend server, ignoring"

[epachirkov]

Hello, have a problem with configuration. Have 2 proftpd. I want to set up reverse proxy. Frontend (proftpd 1.3.6c, ipv4,ubuntu 20.04,port 22) -> backend (proftpd 1.3.5e, ipv4, ubuntu 18.04, users saved in mysql, port 221)

my log:

2024-06-24 07:33:58,967 [552857] <proxy.uri:17>: parsed host 'ftp.s.mydomain.com' out of URI 'ftp://second.mydomain.com:221'

2024-06-24 07:34:23,978 [552857] <tls:14>: obtaining passphrase/password for RSA cert for path /etc/letsencrypt/live/ftp.s.mydomain.com/privkey.pem
2024-06-24 07:34:39,207 [552864] <proxy.conn:12>: connecting to backend address BACKEND_IP#221 from FRONTEND_IP#44087
2024-06-24 07:34:39,372 [552864] <proxy.conn:5>: successfully connected to BACKEND_IP#221 from FRONTEND_IP#44087
2024-06-24 07:34:39,372 [552864] <proxy.netio:18>: (inet_openrw) found tls ctrl NetIO
2024-06-24 07:34:39,372 [552864] <proxy.netio:18>: (netio_read) found tls ctrl NetIO
2024-06-24 07:34:39,373 [552864] <proxy.ftp.ctrl:9>: received '220 ProFTPD 1.3.5e Server (Debian) [BACKEND_IP]' response from backend to frontend
2024-06-24 07:34:39,373 [552864] <proxy.reverse:8>: connected to backend 'ftp://second.mydomain.com:221' in 166 ms
2024-06-24 07:34:39,374 [552864] <proxy.ftp.ctrl:9>: proxied FEAT command from frontend to backend
2024-06-24 07:34:39,374 [552864] <proxy.netio:18>: (netio_printf) found tls ctrl NetIO
2024-06-24 07:34:39,374 [552864] <proxy.netio:18>: (netio_read) found tls ctrl NetIO
2024-06-24 07:34:39,411 [552864] <proxy.ftp.ctrl:9>: received '211--Features:
 CCC
 SITE MKDIR
 PBSZ
 AUTH TLS
 MFF modify;UNIX.group;UNIX.mode;
 REST STREAM
 MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
 UTF8
 EPRT
 SITE SYMLINK
 EPSV
 SITE UTIME
 LANG ru-RU.UTF-8;ru-RU;en-US.UTF-8*;en-US
 MDTM
 SITE RMDIR
 SSCN
 TVFS
 SITE COPY
 MFMT
 SIZE
 PROT
211 End' response from backend to frontend
2024-06-24 07:34:39,411 [552864] <proxy.ftp.ctrl:9>: backend->frontend response: 220 ProFTPD 1.3.5e Server (Debian) [BACKEND_IP]
2024-06-24 07:34:39,411 [552864] <proxy.ftp.sess:9>: HOST not supported by backend server, ignoring`

My config mod_proxy:

<IfModule mod_proxy.c>
    ProxyEngine on
    ProxyLog /var/log/proftpd/proxy.log
    ProxyTables /var/ftp/proxy
    ProxyRole reverse
    ProxyReverseServers ftp://second.mydomain.com:221
    ProxyTimeoutConnect 30sec
</IfModule>

Problem in "HOST not supported by backend server, ignoring"? If yes, how to fix it?

[Castaglia]

The log message "HOST not supported by backend server, ignoring" is not necessarily a problem; it is more informational. It is saying that the backend host (ProFTPD 1.3.5e, in your case) doesn't have support for the HOST FTP command mentioned in the FEAT response. The mod_proxy module will send a HOST command to the backend server, if it is supported -- but the lack of HOST support is not a problem.

Your proxied sessions should still work as expected. Do they?

[epachirkov]

Unfortunately it doesn't work. I don’t understand the problem is in the proxy or in the backend. About HOST error - its only one error in log files. Backend server (ProFTPD 1.3.5e) work fine if i connect to him directly. In filezilla, when connecting to a proxy after AUTH TLS, I get a "connection closed by server" error. No errors on auth, In backend server logs i see only: `proftpd[3191989] submit-dev ([]): FTP session opened.

proftpd[3191989] submit-dev ([]): FTP session closed.`

[Castaglia]

Would it be possible to configure your backend ProFTPD 1.3.5e server for debug logging, debug level 10, to get more information on what the errrs might be?

[epachirkov]

 ROOT PRIVS at main.c:1034
 SETUP PRIVS at main.c:1039
 session requested from client in unknown class
 performing module session initializations
 mod_unique_id/0.2: generating unique session ID
 mod_unique_id/0.2: unique session ID is 'ZoJANgoSAWq84VH9ADOvuajf'
 ROOT PRIVS at mod_sql.c:6155
 RELINQUISH PRIVS at mod_sql.c:6158
 mod_sql/4.3: defaulting to 'mysql' backend
 ROOT PRIVS at mod_tls.c:7647
 RELINQUISH PRIVS at mod_tls.c:7650
 ROOT PRIVS at mod_tls.c:2277
 RELINQUISH PRIVS at mod_tls.c:2303
 mod_tls/2.6: supporting SSLv3, TLSv1, TLSv1.1, TLSv1.2 protocols
 ROOT PRIVS at mod_tls.c:3059
 RELINQUISH PRIVS at mod_tls.c:3068
 ROOT PRIVS at mod_tls.c:3124
 RELINQUISH PRIVS at mod_tls.c:3126
 ROOT PRIVS at mod_tls.c:3209
 RELINQUISH PRIVS at mod_tls.c:3728
 mod_cap/1.1: adding CAP_AUDIT_WRITE capability
 mod_ident/1.0: ident lookup disabled
 ROOT PRIVS at mod_delay.c:1756
 RELINQUISH PRIVS at mod_delay.c:1759
 ROOT PRIVS at mod_log.c:2119
 RELINQUISH PRIVS at mod_log.c:2122
 ROOT PRIVS at mod_auth.c:140
 opening scoreboard '/run/proftpd.scoreboard'
 RELINQUISH PRIVS at mod_auth.c:142
 connected - local  : <backend_ip>:221
 connected - remote : <proxy_ip>:39597
 FTP session opened.
 dispatching PRE_CMD command 'FEAT' to mod_exec
 dispatching PRE_CMD command 'FEAT' to mod_rewrite
 dispatching PRE_CMD command 'FEAT' to mod_tls
 dispatching PRE_CMD command 'FEAT' to mod_core
 dispatching PRE_CMD command 'FEAT' to mod_core
 dispatching CMD command 'FEAT' to mod_core
 in dir_check_full(): path = '', fullpath = ''.
 dispatching POST_CMD command 'FEAT' to mod_exec
 dispatching POST_CMD command 'FEAT' to mod_sql
 dispatching LOG_CMD command 'FEAT' to mod_sql
 dispatching LOG_CMD command 'FEAT' to mod_log
 mod_tls/2.6: scrubbing 1 passphrase from memory
 FTP session closed.
 scrubbing scoreboard
 ROOT PRIVS at scoreboard.c:1541
 RELINQUISH PRIVS at scoreboard.c:1544
 ROOT PRIVS at scoreboard.c:1575
 RELINQUISH PRIVS at scoreboard.c:1681
 finished scrubbing scoreboard

[Castaglia]

Hmm. Those backend logs don't seem to indicate any issue.

Do the logs from the proxy server (ProxyLog, and/or debug logging) show any other details or clues? Could you provide those logs in full, so we can see what else might be occurring?

[epachirkov]

Try debug logging with command proftpd -nd10 and see this error. proftpd: (accepting connections): symbol lookup error: /usr/lib/proftpd/mod_proxy.so: undefined symbol: pr_snprintf I am attaching the full log file proftpd.log