Friday, April 9, 2010

Setting Reverse Proxy With Apache2 on Ubuntu (Debian)

Apache HTTP server is probably the most used open source free web server and does not require any introduction. Also setting up reverse proxy using Apache is also not new. In fact this blog entry does not talk about anything new. Over here I'm just jotting down easy to follow steps to setup a reverse proxy using Apache 2.2 on Ubuntu or any Debian flavor.

Main reason for writing this is, I've basically used Apache2 on windows and configuration is bit different then how it's on Debian. In windows typically you will find all configuration under httpd.conf file where you can load any particular module using LoadModule. This is not how Apache2 works exactly with Debian. With a typical install, you will find httpd.conf totally empty. Also loading modules dynamically does not work by having LoadModule declaration.

Without going much into details of these differences, I'll just write down how to setup reverse proxy...

  1. Load required modules - proxy, proxy_http, proxy_connect
    sudo a2enmode proxy_connect
    sudo a2enmode proxy_http
    Above will automatically enable proxy module.

  2. Configure Site - Change your directory to the site for which you want to setup reverser proxy. For simplicity, I'll refer to the default site located at /etc/apache2/sites-enabled. You need to have root privilege to modify the site configuration. Below is the typical content for the default site i.e. 000-default
    <virtualhost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www
        <directory />
            Options FollowSymLinks
            AllowOverride None
        <directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            Allow from all
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
        ErrorLog /var/log/apache2/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        Alias /doc/ "/usr/share/doc/"
        <directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from ::1/128

    To setup a reverse proxy for URL http://localhost:8080/myapp/ please add following lines at the end of the VirtualHost tag as displayed above...
    ProxyPass /myapp/ http://localhost:8080/myapp/
    ProxyPassReverse /myapp/ http://localhost:8080/myapp/

  3. Enable access - To allow access for all requests to this proxy, edit /etc/apache2/mods-available/proxy.conf. By default access to all is denied. To enable the access, put line Allow from all. Typical proxy.conf after this change will look something like...
    <IfModule mod_proxy.c>
        #turning ProxyRequests on and allowing proxying from all may allow
            #spammers to use your proxy to send email.
            ProxyRequests Off
            <Proxy *>
                    AddDefaultCharset off
                    Order deny,allow
                    Deny from all
                    Allow from all
            # Enable/disable the handling of HTTP/1.1 "Via:" headers.
            # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
            # Set to one of: Off | On | Full | Block
            ProxyVia On

    Note the line ProxyRequests Off. This is important in order to enable reverse proxy

  4. Restart Apache2 - To get all of above configuration changes in effect, have a clean restart. Recommended way is...
    sudo apache2ctl graceful

  5. Done !!! Happy reverse proxying

Cheers !!!
- Jay
Disclaimer : This is a personal blog and all content represent what I think and it does not advocate/support/advertise any other person/company. I do not earn money or intended to do so with this blog or any of the contents the blog hosts (except the google ads which you see). If I post something here that you find helpful, that's wonderful. Just in case, if I say something stupid, the stupidity is mine, and mine alone and I can not be held for anything if you fall for such stupidity :-). I cannot be held responsible for any kind of damage that may be caused by downloading or viewing the files or information provided herewith. Anybody and everybody can use/refer the contents of this blog at their own will and of course at own risk. There is no need for any kind of approval of the author. Although it would be great if feedback is left for any such usage to the author.