This post shows students and new users steps to setup a reverse proxy with Apache HTTP server. Apache is is mostly used as web server and not reverse proxy. However, Apache comes with wide range of powerful extensions to enable reverse proxy and other features. A reverse proxy is a service sits between the client and backend servers.
The proxy server takes and directs client requests to the appropriate backend servers. A proxy server can also perform additional tasks such as SSL encryption, caching, compression and load balancing to take the load off the backend servers.
A reverse proxy server is typically used in front of Node.js, Python, Java and other popular applications that do not have web server features enabled. In this case, Apache is usually the proxy server used to handle requests for clients.
Below we’ll show you how to use Apache as a reverse proxy for most applications and backend servers. We’ll give you some basic settings that may be used in your environments.
Also, for students and new users learning Linux, the easiest place to start learning is on Ubuntu Linux. Ubuntu is the modern, open source Linux operating system for desktop, servers and other devices.
To get started with using Apache as a reverse proxy, follow the steps below.
How to use Apache as reverse proxy server
Before using Apache to serve as a reverse proxy, you must enable necessary modules. These modules will allow Apache to serve as reverse proxy to backend apps and other hosts.
Run the commands below to enables these Apache modules.
sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod proxy_ajp sudo a2enmod rewrite sudo a2enmod deflate sudo a2enmod headers sudo a2enmod proxy_balancer sudo a2enmod proxy_connect sudo a2enmod proxy_html
The basic configuration to allow Apache to serve as a proxy server can be done using the line code below. You configure a VirtualHost for the domain and specify a location to the backend server for Apache to send requests it receives.
<VirtualHost *:*>
ServerName example.com
ProxyPreserveHost On
# Servers to proxy the connection, or;
ProxyPass /
ProxyPassReverse /
</VirtualHost>
The simple configuration above tells Apache to pass all requests to the / (root) of example.com domain to the proxied server at http://127.0.0.1:8080.
For example, if a client request http://example.com/, Apache will forward the requests to the backend server defined on the ProxyPass and ProxyPassReverse lines: http://127.0.0.1:8080.
There are lots of advanced setup one can perform with proxy server. However, the simple configuration above gives you a good idea of how a proxy server works.
Proxy servers can also handle request for non-HTTP server such as:
- proxy_fcgi – reverse proxy to a FastCGI server.
- proxy_uwsgi – reverse proxy to a uwsgi server.
- proxy_scgi – reverse proxy to an SCGI server.
A common Apache reverse proxy to non-HTTP hosts is done with the use of PHP-FPM. An example is how Apache serve PHP scripts.
<VirtualHost *:*> ServerName example.com ProxyPreserveHost On # Servers to proxy the connection, or; <FilesMatch \.php$> # 2.4.10+ can proxy to unix socket SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost" </FilesMatch> </VirtualHost>
You will need to enable a few modules for apache2 to work with PHP-FPM:
sudo a2enmod actions fcgid alias proxy_fcgi
How to configure Apache reverse proxy options
Reverse proxy servers have common options that define how requests are handled and served to the backend servers or apps. These configuration options are recommended to use with Apache proxy. In most cases, these headers and parameters should work in all environments where Apache is being used as a reverse proxy.
<VirtualHost *:*>
ServerName example.com
UseCanonicalName on
ProxyPreserveHost on
CacheStaleOnError on
RemoteIPHeader X-Forwarded-For
ProxyRequests Off
ProxyPass /
ProxyPassReverse /
</VirtualHost>
You can visit the site for more options to use in your environment.
That should do it!
Conclusion:
This post showed you how to use Apache as reverse proxy server to handle requests for backend applications or other HTTP servers. If you find any errors above or have something to add, please use the comment form below.