A reverse proxy server acts as an intermediary for requests from clients seeking resources from other servers. It provides an additional layer of abstraction and control to ensure the smooth flow of network traffic between clients and servers. Apache, a popular web server software, can be easily configured as a reverse proxy server.
Using Apache as a reverse proxy means that Apache receives requests from the Internet and forwards them to servers in an internal network. Those servers process the requests and reply to Apache, which then sends the replies back to the client. This setup can be beneficial for load balancing, caching, and separating public from private network traffic.
Configuring Apache as a reverse proxy requires the use of the mod_proxy module, which is typically included in the default Apache installation. The module provides the necessary directives to handle proxy functions.
$ sudo a2enmod proxy proxy_http [sudo] password for user: Enabling module proxy. Considering dependency proxy for proxy_http: Module proxy already enabled Enabling module proxy_http. To activate the new configuration, you need to run: systemctl restart apache2
Options | Debian, Ubuntu | openSUSE and SLES | Fedora Core, CentOS, RHEL | macOS | homebrew | xampp |
---|---|---|---|---|---|---|
a2enmod support | yes | yes | no | no | no | no |
Modules to install | none | |||||
Module name | n/a | proxy, proxy_http | ||||
Loadmodule directive | n/a | LoadModule proxy_module <module_locations>/mod_proxy.so LoadModule proxy_http_module <module_locations>/mod_proxy_http.so |
$ sudo vi /etc/apache2/sites-available/your-site.conf
<VirtualHost *:80> ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass "/backend-service-01" "http://backend-service-01.local/" ProxyPassReverse "/backend-service-01" "http:///backend-service-01.local" ProxyPass "/backend-service-02" "http://backend-service-02.local/" ProxyPassReverse "/backend-service-02" "http://backend-service-02.local" </VirtualHost>
Directive/Option | Description |
---|---|
ProxyRequests Off | Disables forward proxy requests. This is important for a reverse proxy setup to ensure that your server doesn't unintentionally act as a forward proxy. |
<Proxy *> … </Proxy> | Defines access control for a proxy. The * means it applies to all proxied content. |
Order deny,allow | Sets the order of processing the Deny and Allow directives. In this case, deny rules are processed before allow rules. |
Allow from all | Allows access from all IP addresses. |
ProxyPass | Maps remote servers into the namespace of the local server. For example, ProxyPass "/backend-service-01" "http://backend-service-01.local/" means that when someone accesses http://your-apache-server/backend-service-01, they are actually accessing http://backend-service-01.local/ behind the scenes. |
ProxyPassReverse | Adjusts the URL in the Location, Content-Location, and URI headers on HTTP redirect responses. This is essential for ensuring that redirects issued by the backend server point to the reverse proxy, not the original server. |
$ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES $ sudo systemctl restart httpd # CentOS and Red Hat
$ curl http://backend-service-01.local I am backend-service-01.local
The request will fail if the backend service is hosted in a private network under a NAT.
This test could also be done by browsing the URL using a web browser.
$ curl http://proxy-server/backend-service-01 I am backend-service-01.local
Comment anonymously. Login not required.