Friday, April 9, 2010

Setting Reverse Proxy With Apache2 on Ubuntu (Debian)

Apache HTTP server is probably the most used open source free web server and does not require any introduction. Also setting up reverse proxy using Apache is also not new. In fact this blog entry does not talk about anything new. Over here I'm just jotting down easy to follow steps to setup a reverse proxy using Apache 2.2 on Ubuntu or any Debian flavor.

Main reason for writing this is, I've basically used Apache2 on windows and configuration is bit different then how it's on Debian. In windows typically you will find all configuration under httpd.conf file where you can load any particular module using LoadModule. This is not how Apache2 works exactly with Debian. With a typical install, you will find httpd.conf totally empty. Also loading modules dynamically does not work by having LoadModule declaration.

Without going much into details of these differences, I'll just write down how to setup reverse proxy...

  1. Load required modules - proxy, proxy_http, proxy_connect
    sudo a2enmode proxy_connect
    sudo a2enmode proxy_http
    Above will automatically enable proxy module.

  2. Configure Site - Change your directory to the site for which you want to setup reverser proxy. For simplicity, I'll refer to the default site located at /etc/apache2/sites-enabled. You need to have root privilege to modify the site configuration. Below is the typical content for the default site i.e. 000-default
    <virtualhost *:80>
        ServerAdmin webmaster@localhost
    
        DocumentRoot /var/www
        <directory />
            Options FollowSymLinks
            AllowOverride None
        </Directory>
        <directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            Allow from all
        </Directory>
    
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
        </Directory>
    
        ErrorLog /var/log/apache2/error.log
    
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
    
        CustomLog /var/log/apache2/access.log combined
    
        Alias /doc/ "/usr/share/doc/"
        <directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    
    </VirtualHost>

    To setup a reverse proxy for URL http://localhost:8080/myapp/ please add following lines at the end of the VirtualHost tag as displayed above...
    ProxyPass /myapp/ http://localhost:8080/myapp/
    ProxyPassReverse /myapp/ http://localhost:8080/myapp/

  3. Enable access - To allow access for all requests to this proxy, edit /etc/apache2/mods-available/proxy.conf. By default access to all is denied. To enable the access, put line Allow from all. Typical proxy.conf after this change will look something like...
    <IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
            #spammers to use your proxy to send email.
    
            ProxyRequests Off
    
            <Proxy *>
                    AddDefaultCharset off
                    Order deny,allow
                    Deny from all
                    Allow from all
            </Proxy>
    
            # Enable/disable the handling of HTTP/1.1 "Via:" headers.
            # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
            # Set to one of: Off | On | Full | Block
    
            ProxyVia On
    </IfModule>

    Note the line ProxyRequests Off. This is important in order to enable reverse proxy

  4. Restart Apache2 - To get all of above configuration changes in effect, have a clean restart. Recommended way is...
    sudo apache2ctl graceful

  5. Done !!! Happy reverse proxying

Cheers !!!
- Jay

3 comments :

  1. I ve seen this scenario a few times but for some reason, I can not make my reverse proxy work. Maybe someone can help. Here is my setup:

    So Confused myself, so I need an expert reverse proxy help here please.

    Server 1 on Public IP - 173.190.180.161 port 80 (LAN IP is 10.1.10.2).

    Server 1 also has a local DNS enabler so that local users are able to browse all of our 4 registered domains within our local LAN.

    Server 2 is on local LAN with local IP 10.1.10.2

    First question is:

    Where will my proxyPass statement below should go if I want my Server 2 to be accessible from the internet? Will go to Server 1 or Server 2. Or do I need to have the same statement for both Server 1 and Server 2? I tried putting this on either but I can not make it work. It sort of work once but users only see domain1.com all the time no matter which domain they use on their browser.

    ProxyRequests Off
    ProxyPreserveHost On

    Order deny,allow
    Allow from all

    ProxyPass / http://WhichIPand:Port/
    ProxyPassReverse / http://WhichIPand:Port/
    Question 2: httpd-vhosts.conf Can I continue using virtual hosts on both Server 1 and Server 2 ? I am currently using virtual host on Server 1 with 4 registered domains. I want to move 2 domains off of Server 1 to Server 2 so that,

    Server 1 will have: domain1.com, domain2.com
    Server 2 will have: domain3.com, domain4.com
    Question 3: What would my host file look like for both Server 1 and Server 2 with each has 2 qualified domains. Will it be this way or put all local LAN IP on each Servers.

    127.0.01 domain1.com
    127.0.01 domain2.com
    127.0.01 domain3.com
    127.0.01 domain4.com
    I know this may look too much, but this really will help a lot of people also other than me. But me, I am so lost right now and someone with a great mind and teaching skills should be able to help,

    Thanks and merry christmas to all.

    ReplyDelete
  2. I have done the configuration of mod_proxy with httpd in the redhat linux server environment.
    I was able to access the projects as we have discussed but unable to access the content in it properly.

    On looking at the logs, it says that:

    [Fri Sep 27 18:57:58 2013] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/html/css, referer: http://xxx.xxx.xxx.xxx/abc
    [Fri Sep 27 18:57:58 2013] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/html/css, referer: http://xxx.xxx.xxx.xxx/abc
    [Fri Sep 27 18:57:58 2013] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/html/css, referer: http://xxx.xxx.xxx.xxx/abc
    [Fri Sep 27 18:57:58 2013] [error] [client xxx.xxx.xxx.xxx] File does not exist: /var/www/html/default, referer: http://xxx.xxx.xxx.xxx/abc

    ReplyDelete
  3. Very nice article, exactly what I was looking for.

    Also visit my homepage ... file share android

    ReplyDelete

 
Disclaimer : This is a personal blog and all content represent what I think and it does not advocate/support/advertise any other person/company. I do not earn money or intended to do so with this blog or any of the contents the blog hosts (except the google ads which you see). If I post something here that you find helpful, that's wonderful. Just in case, if I say something stupid, the stupidity is mine, and mine alone and I can not be held for anything if you fall for such stupidity :-). I cannot be held responsible for any kind of damage that may be caused by downloading or viewing the files or information provided herewith. Anybody and everybody can use/refer the contents of this blog at their own will and of course at own risk. There is no need for any kind of approval of the author. Although it would be great if feedback is left for any such usage to the author.