Configuring Apache as a reverse proxy means setting up Apache to listen and direct web traffic to backend servers or services. This can help manage and balance the load on your servers, improve security, and make your web services more efficient. You can also setup this to listen request on standard HTTP and HTTPS ports and redirect to backend services running on different ports.
Setting Up Apache as Reverse Proxy
In this guide, we will show you how to set up Apache as a reverse proxy in simple steps. Even if you’re new to this, don’t worry – we’ll make it easy to understand and follow. By the end, you’ll have a working reverse proxy that helps your web applications run smoothly.
Network Scenario
Imagine you have Apache installed on a server that anyone can access from the internet. Apache is listening for traffic on the usual HTTP and HTTPS ports. You also have few applications:
- One application is running on the same server as Apache but uses a different port, like 3000.
- Other applications are running on a different server within the same network, but this server is not accessible from the internet.
So, let’s the configuration start:
Step 1: Setup Apache Proxy Module
By default, this module is enabled in Apache for users who installed using rpm packages. The Debian-based users need to enable modules manually.
- Redhat-based systems: Edit the proxy configuration file /etc/httpd/conf.modules.d/00-proxy.conf uncomment the following entries. If not available, then add them.
LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so
- Debian-based systems: Use the following command to enable the Proxy module with Apache.
sudo a2enmod proxy proxy_http
After enabling the modules, you will need to restart Apache services to apply changes immediately.
Step 2: Configure Apache Virtual Host
Now will start working with the virtual host. We are creating three virtual hosts as below. You create only what is required with needed modifications. Edit Apache’s main configuration file and start with the configuration.
- Reverse Proxy to Local Application
To forward all requests sent to www.yourdomain.com to a backend application running locally on port 3000:
<VirtualHost *:80> ServerName www.yourdomain.com ProxyPreserveHost On # Reverse proxy for the application running on port 3000 on the same server ProxyPass / http://localhost:3000/ ProxyPassReverse / http://localhost:3000/ # Change log as per server # ErrorLog ${APACHE_LOG_DIR}/error.log # CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> - Reverse Proxy to Local with Sub URL
To forward specific subdirectory URL to a backend application. For example, to forward all requests sent to www.yourdomain.com/api to a backend application running locally on port 3000:
<VirtualHost *:80> ServerName www.yourdomain.com ProxyPreserveHost On # Reverse proxy for the application running on port 3000 on the same server ProxyPass /api http://localhost:3000/ ProxyPassReverse /api http://localhost:3000/ # Change log as per server # ErrorLog ${APACHE_LOG_DIR}/error.log # CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> - Reverse Proxy to Backend Host Application
To forward all requests sent to www.yourdomain.com to a backend application running on a different server (IP 192.168.1.100) on port 3000:
<VirtualHost *:80> ServerName www.yourdomain.com ProxyPreserveHost On # Reverse proxy for the application running on a different server ProxyPass / http://192.168.1.100:3000/ ProxyPassReverse / http://192.168.1.100:3000/ # Change log as per server # ErrorLog ${APACHE_LOG_DIR}/error.log # CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> - Reverse Proxy to Multiple Backend Applications
To forward requests to different backend applications based on the URL path, for example, forwarding requests to www.yourdomain.com/app1 to an application on port 3000, and requests to www.yourdomain.com/app2 to an application on port 5000 on a different server (IP 192.168.1.100):
<VirtualHost *:80> ServerName www.yourdomain.com ProxyPreserveHost On # Reverse proxy for different applications ProxyPass /app1 http://localhost:3000/ ProxyPassReverse /app1 http://localhost:3000/ ProxyPass /app2 http://192.168.1.100:5000/ ProxyPassReverse /app2 http://192.168.1.100:5000/ # Change log as per server # ErrorLog ${APACHE_LOG_DIR}/error.log # CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> - Reverse Proxy to Application on Different Ports
To forward requests to different backend applications on the same server but different ports, for example, forwarding requests to www.yourdomain.com/app1 to an application on port 3000, and requests to www.yourdomain.com/app2 to an application on port 5000:
<VirtualHost *:80> ServerName www.yourdomain.com ProxyPreserveHost On # Reverse proxy for different applications ProxyPass /app1 http://localhost:3000/ ProxyPassReverse /app1 http://localhost:3000/ ProxyPass /app2 http://localhost:5000/ ProxyPassReverse /app2 http://localhost:5000/ # Change log as per server # ErrorLog ${APACHE_LOG_DIR}/error.log # CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>
Step 3: Restart Apache to Apply Changes
Once you have successfully created Apache virtual host, you need to restart the Apache service. Use the following commands to restart the Apache service based on the operating system.
- Redhat-based systems:
sudo systemctl restart httpd - Debed-based systems:
sudo systemctl restart apache2
Conclusion
Hope this tutorial helps you to understand using reverse proxy with Apache. Setting up Apache as a reverse proxy can help manage your web applications more effectively. Whether you need to direct traffic to local applications or to the different servers, configuring a reverse proxy can improve your system’s performance and security. By following the examples provided in this tutorial, you can easily set up and customize your reverse proxy to meet your specific needs.
4 Comments
Do NOT set “ProxyRequests On”
As already said by Wesse Van Norel, this means forward proxying is enabled. As there is no specific restriction on that, all web bots will have fun through your web server, attacking third parties. The next thing you know, your IP address will be on an abuse list.
https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxyrequests
Hi Rahul,
I have separate web and tomcat server. Revers proxy is configured on Web server i.e Apache to tomcat. Now Tomcat has one application which has to hit some URL . Now the request has to from Web server .
Please suggest where I have to configure reverse proxy which will pass request to web server.
I just found this tutorial and I’m amazed that you set ProxyRequests to On.
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxyrequests
“This allows or prevents Apache httpd from functioning as a forward proxy server. (Setting ProxyRequests to Off does not disable use of the ProxyPass directive.)”
With this setting you allow anyone to use your server as an open proxy server, to be (ab)used by anyone on the internet. Are you sure you intent this?
Hi Rahul,
Your blog is useful…..but still now facing problem …I am working azure cloud vm and am installed tomcat and Apache 2.4 ….As per above setup all ..But browser when hitting site always open Apache Tomcat index page.When am hitting localhost open my war file cannot open outside access…Can u help regarding problem..Thanx.