Simple Apache reverse proxy example
Category : How-to
Background
Apache can be used as a reverse proxy to relay HTTP/ HTTPS requests to other machines. This is common practice and comes with two main benefits:
- Security – Your Apache instance can be put in a DMZ and exposed to the world while the web servers can sit behind it with no access to the outside world.
- Reduce load – You can reduce the load on the web servers with various methods such as web caching at the proxy, load balancing and deflecting traffic for invalid requests.
The interesting stuff – ProxyPass
To set up Apache as a reverse proxy server you will need to enable mod_proxy. Some other common mods you may need are below.
- mod_proxy
- mod_http
- mod_headers
- mod_html
To enable mods in Ubuntu/ Debian you need to make sure they are installed, then enabled. For example, installing and enabling mod_proxy would look like this:
apt-get install libapache2-mod-proxy-html a2enmod mod_proxy
Once these mods are enabled, we can begin editing the Apache config. The locations of these vary depending on your Linux distribution. For RHEL based distributions, this will be your httpd.conf; for Debian based, sites-available/default.
Inside your VirtualHost tag create a Location tag which matches the external path you wish to use. For this example we will use /.
<Location /> # commands go here </Location>
Inside the Location tag add the proxy options ProxyPass and ProxyPassReverse followed by the site address which will be the target of the proxy. You will also need a couple of lines to allow access.
ProxyPass http://mywebsite.jamescoyle.net/ ProxyPassReverse http://mywebsite.jamescoyle.net/ Order allow,deny Allow from all
Outside of the location tags, towards the top of the virtual host add a few extras:
ProxyHTMLStripComments on ProxyRequests off SetOutputFilter proxy-html ProxyHTMLDoctype XHTML
If you will be proxying SSL traffic, you will also need to add:
SSLProxyEngine on
Restart apache or reload the settings for the changes to take effect:
service apache2 reload
You will now have a working proxy – all requests sent to / will be fetched from http://mywebsite.jamescoyle.net.
Example Apache reverse proxy VirtualHost
The below example shows an Apache VirtualHost which is listening on port 80. The confiiguration accepts requests on which match the www.jamescoyle.net hostname and proxys the requests to the backend server mywebsite.jamescoyle.net.
<VirtualHost *:80>
ServerAdmin [email protected]
ProxyRequests off
DocumentRoot /var/www
SSLProxyEngine on
ProxyPreserveHost On
ServerName www.jamescoyle.net
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel error
<Location />
ProxyPass http://mywebsite.jamescoyle.net/
ProxyPassReverse http://mywebsite.jamescoyle.net/
Order allow,deny
Allow from all
</Location>
</VirtualHost>
19 Comments
R Hejc
20-Feb-2014 at 5:06 pmAre you able to proxy Java Console (KVM for servers)? I’m getting message Connected to sevrer on port 5900, but Java never start when behind proxy…
james.coyle
20-Feb-2014 at 5:27 pmI have not found a way to do this with Apache.
Reinaldo
28-Apr-2014 at 3:25 pmThank you.
Your tip worked for me.
Ian Miell
3-Jun-2014 at 8:23 pmI’ve long struggled with getting this working when playing with it casually until stumbling across this article, so have written this up into a ShutIt module:
https://github.com/ianmiell/shutit/blob/master/library/apache_proxypass/apache_proxypass.py
To get a copy of the container:
docker pull imiell/apache_proxypass
More context:
http://ianmiell.github.io/shutit/
praween
25-Jan-2015 at 4:21 amJames,
I am newbie to reverse proxy and i came across your articles in google when i was searching for reverse proxy. I am impressed with your work. I am having proxmox at my home. Would you please guide step by step how to setup reverse proxy for proxmox or atleast give the order of your links to follow. I followed this page but unable to install the packages.
Thanks
Praween
james.coyle
26-Jan-2015 at 9:59 amWhat errors are you getting?
hem
22-Jan-2016 at 8:43 pmI need to block one URL
https://example.com/opensso/UI/Login?service=adminconsoleservice&locale=
but same time my main URL should work like
https:/example.com/opensso/UI/Login
any idea How to do that
Rgds..Hem
Adam
7-Mar-2016 at 10:38 pmHi
Thanks for the great tutorial!
is it possible to make the proxy preserve the original url? i can see that you set the “ProxyPreserveHost On” but the address seems to be overwritten.
Thanks
Gunnar
10-May-2016 at 5:47 pmHi,
if you want to use apache only as a reverse proxy, why is it neccessary to implement the line “ProxyPass http://mywebsite.jamescoyle.net/“? Not only “ProxyPassReverse http://mywebsite.jamescoyle.net/“?
Thanks for answer.
Phil Gardner
2-Nov-2016 at 4:09 pmThis isn’t working in Ubuntu 16.04 – Apache rejects the code and reverts the virtual host config file to the previous version. Any ideas?
james.coyle
2-Nov-2016 at 6:07 pmWhat does it reject? Does the error.log give any more information?
Daniel Cunil
14-Jun-2017 at 6:04 pmHey, I’m trying to do the same for nginx. Get error:
[proxy:error] [pid 2158:tid 140667709277952] (111)Connection refused: AH00957: HTTPS: attempt to connect to 127.0.1.1:9654 (xxx.xxxx.com) failed
[proxy_http:error] [pid 2158:tid 140667709277952] [client x.x.x.x:61269] AH01114: HTTP: failed to make connection to backend: xxx.xxxx.com
Ashish
5-Aug-2017 at 4:48 amWe have a server1 as xyz.co.in and we have setup reverse proxy on this such that xyz.co.in/promotions will serve contents from server2. Server2 also has apache2 and domain name configured in VirtualHost is abc.co.in… we want this server2 to also pass contents when xyz.co.in/promotions is called…
I understand settings at server1 and have also done other relevant settings. However, can you please help with what settings I need to do on server2?
Many thanks
Mallinath
30-Sep-2017 at 5:59 pmHi,
I need your help in configuring multi domain authentication through ldap in httpd.conf
constantinos
8-Jul-2018 at 3:20 pmi did as the above example but my apache dies?
Carlos de Luna Saenz
12-Jun-2020 at 4:48 pmI am getting a “strange behavour , muy Virtual host section is:
ServerAdmin [email protected]
ProxyRequests off
DocumentRoot /var/www
# SSLProxyEngine on
ProxyPreserveHost Off
ServerName beisbolicos
ErrorLog ${APACHE_LOG_DIR}/beisbolicos_error.log
CustomLog ${APACHE_LOG_DIR}/beisbolicos_access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
# LogLevel error
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080
Order allow,deny
Allow from all
ProxyPass http://www.beisbolicos.com/
ProxyPassReverse http://www.beisbolicos.com/
Order allow,deny
Allow from all
ProxyPass http://www.beisbolicos.com/beisbolicos.nsf/
ProxyPassReverse http://www.beisbolicos.com/beisbolicos.nsf/
Order allow,deny
Allow from all
ProxyPass http://www.beisbolicos.com/beisbolicos.nsf/
ProxyPassReverse http://www.beisbolicos.com/beisbolicos.nsf/
Order allow,deny
Allow from all
The result is tat everything is send to the localhost:8080 definition for /.
It does not matter if the / location is at the beggin or at the end
Carlos de Luna Saenz
12-Jun-2020 at 4:53 pmI saw the tags are not whown on the commentary… again ghe Virtual host part of the file:
<VirtualHost *:80>
ServerAdmin [email protected]
ProxyRequests off
DocumentRoot /var/www
# SSLProxyEngine on
ProxyPreserveHost Off
ServerName beisbolicos
ErrorLog ${APACHE_LOG_DIR}/beisbolicos_error.log
CustomLog ${APACHE_LOG_DIR}/beisbolicos_access.log combined
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
# LogLevel error
<Location />
ProxyPass http://localhost:8080/
ProxyPassReverse http://localhost:8080
Order allow,deny
Allow from all
</Location>
<Location /old/>
ProxyPass http://www.beisbolicos.com/
ProxyPassReverse http://www.beisbolicos.com/
Order allow,deny
Allow from all
</Location>
<Location /beisbolicos.nsf/>
ProxyPass http://www.beisbolicos.com/beisbolicos.nsf/
ProxyPassReverse http://www.beisbolicos.com/beisbolicos.nsf/
Order allow,deny
Allow from all
</Location>
<Location /86257D08000EE918/>
ProxyPass http://www.beisbolicos.com/beisbolicos.nsf/
ProxyPassReverse http://www.beisbolicos.com/beisbolicos.nsf/
Order allow,deny
Allow from all
</Location>
</VirtualHost>
Tuxmika
22-Aug-2021 at 7:57 pmHi
What is the fonction of ProxyPreserveHost On
Cordially
Jim Kinter
11-Jan-2022 at 6:05 pmIs it possible to use reverse proxy for specific paths/things on a private server? Or does it just aim at the whole private IP itself?
For instance, I have a Raspberry PI with a webcam on it on the private network. I have a full fledged Apache HTTPD web server that sits both on the private and public IP’s (dual-homed NICs).
Id like to allow a only video stream URL from the Pi to be visible on a webpage on the server, while not allowing any visitor to hit the whole Pi (guessing/scanning for URL paths), where controls and such would not be seen/accessible.
Thanks