{"id":392053,"date":"2022-01-10T17:14:52","date_gmt":"2022-01-10T14:14:52","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/"},"modified":"2022-01-10T17:14:52","modified_gmt":"2022-01-10T14:14:52","slug":"how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/","title":{"rendered":"#How to Set Up a Reverse Proxy With Apache \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a29a5b4bf87a\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a29a5b4bf87a\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/#Enabling_The_Proxy_Module\" >Enabling The Proxy Module<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/#Setting_Up_a_Proxied_Virtual_Host\" >Setting Up a Proxied Virtual Host<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/#Using_SSL\" >Using SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/#Proxy_Options\" >Proxy Options<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/#Load_Balancing\" >Load Balancing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/buradabiliyorum.com\/en\/how-to-set-up-a-reverse-proxy-with-apache-cloudsavvy-it\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#How to Set Up a Reverse Proxy With Apache \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n\u00a0<\/p>\n<figure style=\"width: 1200px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-15060\" data-pagespeed-lazy-srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/12\/27cf8f38.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/12\/27cf8f38.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" data-pagespeed-lazy-src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/12\/27cf8f38.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Photo of the Apache web server logo on a computer screen\" width=\"1200\" height=\"675\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/ryazan-russia-june-05-2018-homepage-1112047739\">Sharaf Maksumov\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>Apache is a versatile web server which offers a full complement of supporting features, some of them via extensions. In this article, we\u2019ll use the <code>mod_proxy<\/code> module to configure Apache in a reverse proxy role.<\/p>\n<p>While Apache might not be your first choice as a reverse proxy, with more modern alternatives like NGINX tending to steal attention, <code>mod_proxy<\/code> is useful for servers which are already running Apache and now need to route traffic to another service. You can set up an Apache virtual host to pass on requests for a given domain to a separate web server.<\/p>\n<p>We\u2019re using Apache 2.4 with a Debian-based system for the purposes of this guide. We\u2019ll also assume the servers you want to proxy traffic to are already network-accessible from your Apache host. This article focuses on enabling proxying based on a unique virtual host but <code>mod_proxy<\/code> is also configurable globally, as part of your Apache server config, or at the directory-level via <code>.htaccess<\/code> files.<\/p>\n<h2 id=\"enabling-the-proxy-module\"><span class=\"ez-toc-section\" id=\"Enabling_The_Proxy_Module\"><\/span>Enabling The Proxy Module<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><code>mod_proxy<\/code> is included with the default Apache installation. Use <code>a2enmod<\/code> to activate the module and its independent HTTP component now:<\/p>\n<pre>sudo a2enmod proxy&#13;\nsudo a2enmod proxy_http<\/pre>\n<p>This sets up Apache to support proxying HTTP connections to other hosts. The module is configured using <code>Proxy<\/code>-prefixed instructions in your Apache config files. We\u2019ll set these up next.<\/p>\n<h2 id=\"setting-up-a-proxied-virtual-host\"><span class=\"ez-toc-section\" id=\"Setting_Up_a_Proxied_Virtual_Host\"><\/span>Setting Up a Proxied Virtual Host<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Let\u2019s set up a virtual host that forwards <code>example.com<\/code> to the internal IP address <code>192.168.0.1<\/code>. You should add a DNS record for <code>example.com<\/code> that points to your Apache host.<\/p>\n<p>Proxying in this scenario lets visitors transparently access your internal web server via an external address. Apache is acting as the gatekeeper that routes traffic to its final destination. The user will see <code>example.com<\/code>, even though Apache actually resolves requests via the separate server.<\/p>\n<p>Add a new virtual host file inside <code>\/etc\/apache2\/sites-available<\/code> with the following content:<\/p>\n<pre>&lt;VirtualHost *:80&gt;&#13;\n    ServerName example.com&#13;\n&#13;\n    ProxyPass \/ http:\/\/192.168.0.1\/ nocanon&#13;\n    ProxyPassReverse \/ http:\/\/192.168.0.1\/&#13;\n&lt;\/VirtualHost&gt;<\/pre>\n<p>The <code>ProxyPass<\/code> and <code>ProxyPassReverse<\/code> directives specify that traffic to <code>example.com<\/code> should be proxied to <code>192.168.0.1<\/code>. The optional <code>nocanon<\/code> keyword instructs Apache to pass the raw URL to the remote server. Without this keyword, Apache will automatically canonicalize the URL, which can be incompatible with some servers and frameworks. Using <code>nocanon<\/code> guarantees compatibility but <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_proxy.html#proxypass\">can affect your security posture<\/a> as it disables Apache\u2019s built-in protection against URL-based proxy attacks.<\/p>\n<p><code>ProxyPassReverse<\/code> must be provided to distinguish your configuration as a reverse proxy setup. Apache will use the provided URL to rewrite <code>Location<\/code>, <code>Content-Location<\/code>, and <code>URI<\/code> response headers issued by your backend. This ensures subsequent requests continue to hit the reverse proxy, instead of trying to reach the internal server directly.<\/p>\n<p>This configuration will proxy all requests. You can restrict proxying to a specific path such as <code>\/<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a><\/code> by adjusting the <code>ProxyPass<\/code> and <code>ProxyPassReverse<\/code> instructions:<\/p>\n<pre>ProxyPass \/media http:\/\/192.168.0.1\/&#13;\nProxyPassReverse \/media http:\/\/192.168.0.1\/<\/pre>\n<p>Adding multiple <code>ProxyPass<\/code> rules lets you route requests between several targets using one virtual host. Rules are matched in the order they\u2019re written. If you need more complex routing behavior, use the <code>ProxyPassMatch<\/code> directive instead. This is equivalent to <code>ProxyPass<\/code> but matches incoming URLs against a regular expression:<\/p>\n<pre>ProxyPassMatch ^\/client\/(.*)\/images$ http:\/\/192.168.0.1\/<\/pre>\n<p>Save your virtual host file and enable it using the <code>a2ensite<\/code> command. This takes the basename of your file, relative to the <code>sites-available<\/code> directory:<\/p>\n<pre>sudo a2ensite example-proxy-vhost<\/pre>\n<p>Restart Apache to <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ly your changes:<\/p>\n<pre>sudo service apache2 restart<\/pre>\n<p>Your simple proxy should now be operational. Try visiting <code>example.com<\/code> \u2013 you should see the content served by <code>192.168.0.1<\/code>. The request terminates at your Apache host which then proxies it to your internal server.<\/p>\n<h2 id=\"using-ssl\"><span class=\"ez-toc-section\" id=\"Using_SSL\"><\/span>Using SSL<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The above example omits SSL. In a production workload, you\u2019d want to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_ssl.html\">set this up by adding<\/a> <code>SSLCertificateFile<\/code> and <code>SSLCertificateKeyFile<\/code> settings to your virtual host. These specify the SSL certificate and key to use when validating SSL connections. You could also use Let\u2019s Encrypt\u2019s certbot to automate set up.<\/p>\n<p>Configuring SSL in this way means the secure connection will be terminated at your Apache host. The connection between Apache and your proxy target will be made over plain HTTP.<\/p>\n<p>If you need the proxy connection to be secured too, you must use the <code>SSLProxy<\/code> options <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_ssl.html#sslproxyengine\">provided by <code>mod_ssl<\/code><\/a>. <code>SSLProxyEngine = On<\/code> will work as the most basic config, provided both Apache and your proxy target server have access to the same certificates. This option instructs SSL information to be fed over the proxied connection.<\/p>\n<h2 id=\"proxy-options\"><span class=\"ez-toc-section\" id=\"Proxy_Options\"><\/span>Proxy Options<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Apache reverse proxies have several <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_proxy.html\">optional directives<\/a> you can use to adjust forwarding behavior. Here are some commonly used options:<\/p>\n<ul>\n<li><strong><code>ProxyAddHeaders<\/code><\/strong> \u2013 Apache passes <code>X-Forwarded-Host<\/code>, <code>XForwarded-For<\/code>, and <code>X-Forwarded-Server<\/code> headers to your backend server by default. These let your backend identify that a request was proxied via Apache. Setting this header to <code>Off<\/code> prevents Apache from adding these headers.<\/li>\n<li><strong><code>ProxyErrorOverride<\/code><\/strong> \u2013 Apache won\u2019t interfere with responses sent by your backend server unless instructed to. If your backend serves a 400, 404, 500, or any other error code, the user will receive that content as-is. Setting <code>ProxyErrorOverride<\/code> changes this, letting Apache replace the content of error pages with the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/custom-error.html\">configured <code>ErrorDocument<\/code><\/a> instead. This can be desirable in situations where you want errors from all your backends to be handled uniformly with configuration centralized on the proxy host.<\/li>\n<li><strong><code>ProxyPassReverseCookieDomain<\/code><\/strong> \u2013 This functions similarly to the mandatory (for reverse proxying) <code>ProxyPassReverse<\/code> directive. It will rewrite the domain in <code>Set-Cookie<\/code> headers to reference the virtual host\u2019s name, rather than the hostname of the backend server they originate from.<\/li>\n<li><strong><code>ProxyPreserveHost<\/code><\/strong> \u2013 Apache usually sends its own hostname to your backend servers as the value of the <code>Host<\/code> header. Setting this directive means the <em>original<\/em> <code>Host<\/code> header will be sent instead. This may be necessary when your backend software performs its own hostname-based routing.<\/li>\n<li><strong><code>ProxyTimeout<\/code><\/strong> \u2013 Use this directive to adjust the time Apache will wait while your backend server processes a proxied request. Apache will abort the request and return an error code to the client if the timeout is exceeded. It defaults to the server-level <code>Timeout<\/code> value.<\/li>\n<\/ul>\n<p>You can set these directives as additional lines in your virtual host file. Remember to restart the Apache service each time you apply a change.<\/p>\n<h2 id=\"load-balancing\"><span class=\"ez-toc-section\" id=\"Load_Balancing\"><\/span>Load Balancing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Apache\u2019s reverse proxy implementation also supports load balancing between multiple different backends. This lets a request to <code>example.com<\/code> hit any of the servers in your balancing pool.<\/p>\n<pre>&lt;Proxy balancer:\/\/example-balancer&gt;&#13;\n    BalancerMember http:\/\/192.168.0.1&#13;\n    BalancerMember http:\/\/192.168.0.2&#13;\n    ProxySet lbmethod=bytraffic&#13;\n&lt;\/Proxy&gt;&#13;\n&#13;\nProxyPass \/ balancer:\/\/example-balancer&#13;\nProxyPassReverse \/ balancer:\/\/example-balancer<\/pre>\n<p>This example routes requests to one of two servers in the <code>example-balancer<\/code> pool. The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_proxy_balancer.html\">load balancing algorithm<\/a> is defined by the <code>lbmethod<\/code> setting; the <code>bytraffic<\/code> value used here tries to ensure each of the servers handle an equal amount of traffic.<\/p>\n<p>The alternative\u00a0\u00a0<code><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_lbmethod_byrequests.html\">byrequests balancing method<\/a><\/code> is a simpler version of bytraffic that gives each backend an equal share of the incoming requests. The\u00a0\u00a0<code><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/2.4\/mod\/mod_lbmethod_bybusyness.html\">bybusyness balancer<\/a><\/code> tracks how many requests each backend is serving, then assigns new ones to the least \u201cbusy\u201d backend.<\/p>\n<h2 id=\"summary\"><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The <code>mod_proxy<\/code> module can turn Apache into a reverse proxy host that lets you use name-based routing to access multiple independent services. You can add load balancing too to ensure stability and uptime by distributing requests across your server fleet.<\/p>\n<p>Other proxy flavors are available too. You can proxy FTP, WebSocket, and HTTP2 connections, among others, by installing additional addons alongside <code>mod_proxy<\/code>. The full <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/httpd.apache.org\/docs\/current\/mod\/mod_proxy.html\">list of modules<\/a> is available in the Apache docs.\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/15059\/how-to-set-up-a-reverse-proxy-with-apache\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#How to Set Up a Reverse Proxy With Apache \u2013 CloudSavvy IT&#8221; \u00a0 Sharaf Maksumov\/Shutterstock.com Apache is a versatile web server which offers a full complement of supporting features, some of them via extensions. In this article, we\u2019ll use the mod_proxy module to configure Apache in a reverse proxy role. While Apache might not be&#8230;<\/p>\n","protected":false},"author":1,"featured_media":392054,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/12\/27cf8f38.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-392053","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/392053","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=392053"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/392053\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/392054"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=392053"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=392053"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=392053"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}