How to Set Up a Reverse Proxy With Apache

Join 5,000 subscribers and get a periodic digest of news, articles, and more.
By submitting your email, you agree to the Terms of Use and Privacy Policy.
James Walker is a CloudSavvy IT contributor. He is the founder of Heron Web, a UK-based digital agency providing bespoke software development services to SMEs. He has experience managing complete end-to-end web development workflows with DevOps, CI/CD, Docker, and Kubernetes. Read more…
 
Apache is a versatile web server which offers a full complement of supporting features, some of them via extensions. In this article, we’ll use the mod_proxy module to configure Apache in a reverse proxy role.
While Apache might not be your first choice as a reverse proxy, with more modern alternatives like NGINX tending to steal attention, mod_proxy is useful for servers which are already running Apache and now need to route traffic to another service. You can set up an Apache virtual host to pass on requests for a given domain to a separate web server.
We’re using Apache 2.4 with a Debian-based system for the purposes of this guide. We’ll also assume the servers you want to proxy traffic to are already network-accessible from your Apache host. This article focuses on enabling proxying based on a unique virtual host but mod_proxy is also configurable globally, as part of your Apache server config, or at the directory-level via .htaccess files.
mod_proxy is included with the default Apache installation. Use a2enmod to activate the module and its independent HTTP component now:
This sets up Apache to support proxying HTTP connections to other hosts. The module is configured using Proxy-prefixed instructions in your Apache config files. We’ll set these up next.
Let’s set up a virtual host that forwards example.com to the internal IP address 192.168.0.1. You should add a DNS record for example.com that points to your Apache host.
Proxying in this scenario lets visitors transparently access your internal web server via an external address. Apache is acting as the gatekeeper that routes traffic to its final destination. The user will see example.com, even though Apache actually resolves requests via the separate server.
Add a new virtual host file inside /etc/apache2/sites-available with the following content:
The ProxyPass and ProxyPassReverse directives specify that traffic to example.com should be proxied to 192.168.0.1. The optional nocanon keyword instructs Apache to pass the raw URL to the remote server. Without this keyword, Apache will automatically canonicalize the URL, which can be incompatible with some servers and frameworks. Using nocanon guarantees compatibility but can affect your security posture as it disables Apache’s built-in protection against URL-based proxy attacks.
ProxyPassReverse must be provided to distinguish your configuration as a reverse proxy setup. Apache will use the provided URL to rewrite Location, Content-Location, and URI response headers issued by your backend. This ensures subsequent requests continue to hit the reverse proxy, instead of trying to reach the internal server directly.
This configuration will proxy all requests. You can restrict proxying to a specific path such as /media by adjusting the ProxyPass and ProxyPassReverse instructions:
Adding multiple ProxyPass rules lets you route requests between several targets using one virtual host. Rules are matched in the order they’re written. If you need more complex routing behavior, use the ProxyPassMatch directive instead. This is equivalent to ProxyPass but matches incoming URLs against a regular expression:
Save your virtual host file and enable it using the a2ensite command. This takes the basename of your file, relative to the sites-available directory:
Restart Apache to apply your changes:
Your simple proxy should now be operational. Try visiting example.com – you should see the content served by 192.168.0.1. The request terminates at your Apache host which then proxies it to your internal server.
The above example omits SSL. In a production workload, you’d want to set this up by adding SSLCertificateFile and SSLCertificateKeyFile settings to your virtual host. These specify the SSL certificate and key to use when validating SSL connections. You could also use Let’s Encrypt’s certbot to automate set up.
Configuring SSL in this way means the secure connection will be terminated at your Apache host. The connection between Apache and your proxy target will be made over plain HTTP.
If you need the proxy connection to be secured too, you must use the SSLProxy options provided by mod_ssl. SSLProxyEngine = On will work as the most basic config, provided both Apache and your proxy target server have access to the same certificates. This option instructs SSL information to be fed over the proxied connection.
Apache reverse proxies have several optional directives you can use to adjust forwarding behavior. Here are some commonly used options:
You can set these directives as additional lines in your virtual host file. Remember to restart the Apache service each time you apply a change.
Apache’s reverse proxy implementation also supports load balancing between multiple different backends. This lets a request to example.com hit any of the servers in your balancing pool.
This example routes requests to one of two servers in the example-balancer pool. The load balancing algorithm is defined by the lbmethod setting; the bytraffic value used here tries to ensure each of the servers handle an equal amount of traffic.
The alternative  byrequests balancing method is a simpler version of bytraffic that gives each backend an equal share of the incoming requests. The  bybusyness balancer tracks how many requests each backend is serving, then assigns new ones to the least “busy” backend.
The mod_proxy module can turn Apache into a reverse proxy host that lets you use name-based routing to access multiple independent services. You can add load balancing too to ensure stability and uptime by distributing requests across your server fleet.
Other proxy flavors are available too. You can proxy FTP, WebSocket, and HTTP2 connections, among others, by installing additional addons alongside mod_proxy. The full list of modules is available in the Apache docs.
The above article may contain affiliate links, which help support CloudSavvy IT.
Facebook
Twitter
LinkedIn
RSS Feed
Cloud wisdom in your inbox
By submitting your email, you agree to the Terms of Use and Privacy Policy.

source

Digital Strategist Chris Hood

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2022 SHAQ HAX - Proudly powered by theme Octo