Apache can be used as a gateway to back-end services by configuring it to act as a reverse proxy server. Requests received by Apache will be passed to and processed by a back-end server or service. The back-end server or service will return the response to the Apache server before finally being passed back to the requesting client.

Reverse proxy configuration allows an Apache server to listen to a single IP address or a DNS name and serve multiple apps and services. Apache as a reverse proxy would then, among other things, provides centralized control of the back-end services while being more secure. The extra security is achieved by not directly exposing the back-end servers typically hosted in private networks.

Steps to configure Apache as a reverse proxy server:

  1. Launch terminal application.
  2. Enable proxy and proxy_http module for Apache.
    $ sudo a2enmod proxy_http #Ubuntu, Debian and SUSE variants
    Considering dependency proxy for proxy_http:
    Enabling module proxy.
    Enabling module proxy_http.
    • Distribution with a2enmod support can simply run the command above without having to manually enable the required modules.
    • CentOS and Red Hat enables both modules by default so requires no manual action to enable the modules.
    Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp
    a2enmod support yes yes no no no no
    Modules to install none
    Module name n/a proxy, proxy_http
    Loadmodule directive n/a LoadModule proxy_module <module_locations>/mod_proxy.so
    LoadModule proxy_http_module <module_locations>/mod_proxy_http.so
  3. Add proxy configuration to desired VirtualHost setting.
    <VirtualHost *:80>
            ProxyRequests Off
            ProxyPass "/backend-service-01" "http://backend-service-01.local/"
            ProxyPassReverse "/backend-service-01"  "http:///backend-service-01.local"
            ProxyPass "/backend-service-02" "http://backend-service-02.local/"
            ProxyPassReverse "/backend-service-02"  "http:///backend-service-02.local"
  4. Restart Apache service.
    $ sudo systemctl restart apache2 #Ubuntu, Debian, openSUSE and SLES
    $ sudo systemctl restart httpd # CentOS and Red Hat
  5. Test direct access to backend service.
    $ curl http://backend-service-01.local
    I am backend-service-01.local

    The request will fail if the backend service is hosted in a private network under a NAT.

    This test could also be done by browsing the URL using a web browser.

  6. Test accessing backend service via configured Apache reverse proxy.
    $ curl http://proxy-server/backend-service-01
    I am backend-service-01.local
Discuss the article:

Comment anonymously. Login not required.