How to set up a reverse proxy using Apache

A reverse proxy server acts as an intermediary for requests from clients seeking resources from other servers. It provides an additional layer of abstraction and control to ensure the smooth flow of network traffic between clients and servers. Apache, a popular web server software, can be easily configured as a reverse proxy server.

Using Apache as a reverse proxy means that Apache receives requests from the Internet and forwards them to servers in an internal network. Those servers process the requests and reply to Apache, which then sends the replies back to the client. This setup can be beneficial for load balancing, caching, and separating public from private network traffic.

Configuring Apache as a reverse proxy requires the use of the mod_proxy module, which is typically included in the default Apache installation. The module provides the necessary directives to handle proxy functions.

Steps to configure Apache as a reverse proxy server:

Launch terminal application.

Enable proxy and proxy_http module for Apache.

$ sudo a2enmod proxy proxy_http
[sudo] password for user: 
Enabling module proxy.
Considering dependency proxy for proxy_http:
Module proxy already enabled
Enabling module proxy_http.
To activate the new configuration, you need to run:
  systemctl restart apache2

Distribution with a2enmod support can simply run the command above without having to manually enable the required modules.
CentOS and Red Hat enables both modules by default so requires no manual action to enable the modules.

Options	Debian, Ubuntu	openSUSE and SLES	Fedora Core, CentOS, RHEL	macOS	homebrew	xampp
a2enmod support	yes	yes	no	no	no	no
Modules to install	none
Module name	n/a			proxy, proxy_http
Loadmodule directive	n/a			LoadModule proxy_module <module_locations>/mod_proxy.so LoadModule proxy_http_module <module_locations>/mod_proxy_http.so

Create or edit the virtual host file where you want to set up the reverse proxy using your preferred text editor.
```
$ sudo vi /etc/apache2/sites-available/your-site.conf
```

Add proxy configuration to desired VirtualHost setting.

<VirtualHost *:80>
        ProxyRequests Off
 
        <Proxy *>
          Order deny,allow
          Allow from all
        </Proxy>
 
        ProxyPass "/backend-service-01" "http://backend-service-01.local/"
        ProxyPassReverse "/backend-service-01"  "http:///backend-service-01.local"
 
        ProxyPass "/backend-service-02" "http://backend-service-02.local/"
        ProxyPassReverse "/backend-service-02"  "http://backend-service-02.local"
</VirtualHost>

Directive/Option	Description
ProxyRequests Off	Disables forward proxy requests. This is important for a reverse proxy setup to ensure that your server doesn't unintentionally act as a forward proxy.
<Proxy *> … </Proxy>	Defines access control for a proxy. The * means it applies to all proxied content.
Order deny,allow	Sets the order of processing the Deny and Allow directives. In this case, deny rules are processed before allow rules.
Allow from all	Allows access from all IP addresses.
ProxyPass	Maps remote servers into the namespace of the local server. For example, ProxyPass "/backend-service-01" "http://backend-service-01.local/" means that when someone accesses http://your-apache-server/backend-service-01, they are actually accessing http://backend-service-01.local/ behind the scenes.
ProxyPassReverse	Adjusts the URL in the Location, Content-Location, and URI headers on HTTP redirect responses. This is essential for ensuring that redirects issued by the backend server point to the reverse proxy, not the original server.

Save and exit the editor.

Restart Apache to apply the changes.

$ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES
$ sudo systemctl restart httpd # CentOS and Red Hat

Test direct access to backend service.
```
$ curl http://backend-service-01.local
I am backend-service-01.local
```
The request will fail if the backend service is hosted in a private network under a NAT.

This test could also be done by browsing the URL using a web browser.

Test accessing backend service via configured Apache reverse proxy.

$ curl http://proxy-server/backend-service-01
I am backend-service-01.local

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a skilled cloud architect with a background in development, entrepreneurship, and open-source advocacy. As the founder of Simplified Guide, he helps others understand the complexities of computing, making tech concepts accessible to all.

Discuss the article:

Comment anonymously. Login not required.