How To Use Apache as a Reverse Proxy on Ubuntu 20.04
A reverse proxy is a type of proxy server that accepts HTTP (S) requests and transparently distributes them to one or more backend servers.
You can use a reverse proxy to prevent direct access to these underlying application servers. They can also be used to distribute the load of incoming requests to different application servers.
In this tutorial, you will configure Apache as a basic reverse proxy using the mod_proxy extension to redirect incoming connections to one or more backend servers running on the same network.
Install the Apache Web Server.
1 |
sudo apt install apache2 |
Enabling Necessary Apache Modules.
1 2 3 4 |
sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod proxy_balancer sudo a2enmod lbmethod_byrequests |
If you need to enable the SSL module in Apache.
1 |
sudo a2enmod ssl |
You can also enable Apache Mod_Rewrite that provides URL manipulation capability.
1 |
sudo a2enmod rewrite |
To put these changes into effect, restart Apache.
1 |
sudo systemctl restart apache2 |
Now you will need to disable the default configuration to avoid that your reverse proxy works as a web server
1 2 3 4 |
cd /etc/apache2/sites-available/ sudo a2dissite 000-default-ssl sudo a2dissite 000-default sudo a2dissite default-ssl |
1 |
sudo systemctl reload apache2 |
Example of a load balancer configuration:
Create a configuration to serve two or more backend services with this prerequirement:
- redirect http request to https
- serve https when your be services are clear text (http)
- balacing with two services
suppose to configure a domain name “mydomain.com” and the be services responds on 10.10.01.20:18000 and 10.10.01.20:22000
now you need to edit the conf file at /etc/apache2/site-available/ :
1 |
sudo nano /etc/apache2/sites-available/mydomain.com.conf |
insert this code and replace with your custom settings:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
<VirtualHost *:80> ServerName mydomain.com ServerAlias mydomain.com *.mydomain.com RewriteEngine On #RewriteCond %{HTTP_HOST} ^(.+)\.mydomain\.com$ #RewriteRule ^(.*)$ https://%1.mydomain.com$1 [R=302,L] RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </VirtualHost> <VirtualHost *:443> ServerName mydomain.com ServerAlias mydomain.com *.mydomain.com ProxyRequests On ProxyPreserveHost On <Proxy balancer://myset> BalancerMember http://10.10.01.20:18000 BalancerMember http://10.10.01.20:22000 #ProxySet lbmethod=bytraffic Order deny,allow Allow from all </Proxy> SSLProxyEngine on ProxyPass "/" "balancer://myset/" ProxyPassReverse "/" "balancer://myset/" AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript #SSLProxyCheckPeerName off #SSLProxyCheckPeerCN off SSLProxyCheckPeerExpire off <Location /> Order deny,allow Allow from all SetOutputFilter INFLATE;DEFLATE </Location> SSLEngine on SSLCertificateFile /home/certs/ssl-mydomain.com/mydomain.com.crt SSLCertificateKeyFile /home/certs/ssl-mydomain.com/mydomain.com.key SSLCertificateChainFile /home/certs/ssl-mydomain.com/ca-bundle.crt </VirtualHost> |
enable the configuration:
1 2 3 |
cd /etc/apache2/sites-available sudo a2ensite mydomain.com sudo systemctl reload apache2 |
thats it