A reverse proxy server forwards client requests to backend servers and returns the responses to the clients. Using Apache as a reverse proxy can help improve network security and manage traffic flow. This setup allows you to control access to internal servers while presenting a unified interface to clients.

To configure Apache as a reverse proxy, you need to enable the necessary modules and set up proxy directives in the virtual host file. This configuration directs Apache to handle client requests by forwarding them to specific backend servers.

The process of setting up an Apache reverse proxy is straightforward but requires attention to detail. Ensuring that the configuration is correct will result in a stable and secure proxy environment, enhancing your network's efficiency and security.

Steps to configure Apache as a reverse proxy server:

  1. Launch terminal application.
  2. Enable the mod_proxy and mod_proxy_http modules.
    $ sudo a2enmod proxy proxy_http
    [sudo] password for user: 
    Enabling module proxy.
    Considering dependency proxy for proxy_http:
    Module proxy already enabled
    Enabling module proxy_http.
    To activate the new configuration, you need to run:
      systemctl restart apache2
    • Distribution with a2enmod support can simply run the command above without having to manually enable the required modules.
    • CentOS and Red Hat enables both modules by default so requires no manual action to enable the modules.
    Options Debian, Ubuntu openSUSE and SLES Fedora Core, CentOS, RHEL macOS homebrew xampp
    a2enmod support yes yes no no no no
    Modules to install none
    Module name n/a proxy, proxy_http
    Loadmodule directive n/a LoadModule proxy_module <module_locations>/mod_proxy.so
    LoadModule proxy_http_module <module_locations>/mod_proxy_http.so
  3. Create or edit the virtual host configuration file.
    $ sudo vi /etc/apache2/sites-available/your-site.conf
  4. Add the necessary proxy directives to the virtual host file.
    <VirtualHost *:80>
            ProxyRequests Off
     
            <Proxy *>
              Order deny,allow
              Allow from all
            </Proxy>
     
            ProxyPass "/backend-service-01" "http://backend-service-01.local/"
            ProxyPassReverse "/backend-service-01"  "http:///backend-service-01.local"
     
            ProxyPass "/backend-service-02" "http://backend-service-02.local/"
            ProxyPassReverse "/backend-service-02"  "http://backend-service-02.local"
    </VirtualHost>
    Directive/Option Description
    ProxyRequests Off Disables forward proxy requests. This is important for a reverse proxy setup to ensure that your server doesn't unintentionally act as a forward proxy.
    <Proxy *> … </Proxy> Defines access control for a proxy. The * means it applies to all proxied content.
    Order deny,allow Sets the order of processing the Deny and Allow directives. In this case, deny rules are processed before allow rules.
    Allow from all Allows access from all IP addresses.
    ProxyPass Maps remote servers into the namespace of the local server. For example, ProxyPass "/backend-service-01" "http://backend-service-01.local/" means that when someone accesses http://your-apache-server/backend-service-01, they are actually accessing http://backend-service-01.local/ behind the scenes.
    ProxyPassReverse Adjusts the URL in the Location, Content-Location, and URI headers on HTTP redirect responses. This is essential for ensuring that redirects issued by the backend server point to the reverse proxy, not the original server.
  5. Save the changes to the configuration file.
  6. Restart the Apache service to apply the new settings.
    $ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES
    $ sudo systemctl restart httpd # CentOS and Red Hat
  7. Test access to the backend server directly.
    $ curl http://backend-service-01.local
    I am backend-service-01.local

    The request will fail if the backend service is hosted in a private network under a NAT.

    This test could also be done by browsing the URL using a web browser.

  8. Test access through the configured Apache reverse proxy.
    $ curl http://proxy-server/backend-service-01
    I am backend-service-01.local
Discuss the article:

Comment anonymously. Login not required.