How to Configure Basic Apache Reverse Proxy
What is Reverse Proxy in Apache?
To understand reverse proxy we need to think of security in apache. There is no webserver that can be called as a completely secure webserver. And if you have a large website which is very popular and get a lot of requests from the internet, then security is always a headache and concern for the system administrator.
Its the policy of every system administrator to expose as minimum as possible to the Internet. Running all the applications that are completely different from each other in a website in one platform (one server), which is also the main webserver serving requests on the internet is not a good idea. Also increasing performance and loadbalencing the applications available on a website is also important.
The idea is depicted in the below picture.
from the above figure we can see that the application servers are behind the firewall and are not accessible from the internet directly. Points to note about the application servers behind the firewall is as below.
- The application servers are not publicly accessible
- They do not have public IP address
- Their DNS entry if present is only for internal DNS servers
- the client is not even aware of their presence
- to the client the server present is only the Proxy Server.
Configuring Apache Reverse Proxy
The current HTTP/1.1 is supported in apache version 2 onwards, and also provides good caching and load balancing capabilities.
Modules Required for Reverse Proxy to Work:
mod_proxy is the module that deals with proxying in apache. And mod_proxy_http handles connections with both http and https. both the modules must be enabled in the config file as shown below.
An important thing to note is that, you should never enable public proxy by doing "ProxyRequests On" in the config file
the main argument thats required in the httpd.conf file to enable proxying is the below one
Now lets setup the proxy rules for our reverse proxy in apache. Now lets imagine we have a domain called www.example.com and there are urls called www.example.com/firsturl and www.example.com/secondurl and /firsturl and /secondurl are different applications(which are fetched from application1 and application 2 servers as shown in the above explanation figure.)
We want the public to requst www.example.com from internet but, URL's /firsturl and /secondurl must be fetched by the proxy server from internal private network hosts(application1 and application2), with private network address.
We can easily do this by simply writing the below two rules in our httpd.conf file.
ProxyPass /firsturl/ http://192.168.0.1/
ProxyPassReverse /firsturl/ http://192.168.0.1/
ProxyPass /secondurl/ http://192.168.0.2/
ProxyPassReverse /secondurl/ http://192.168.0.2/
Now by adding the above four lines in the httpd.conf file we asked to fetch data for www.example.com/firsturl from http://192.168.0.1/ and www.example.com/secondurl from http://192.168.0.2/
Proxypass: This directive asks the apache server to fetch data for /firsturl from http://192.168.0.1/
ProxyPassReverse: This directive rewrites the original URL available to the Internet when the traffic is send back.
Now reload the httpd service and you are done with reverse proxying!