Apache Reverse Proxy

This is a simple guide to setting up your Apache vhost to be reverse-proxied.

Throughout this page:

  • $FQDN is your fully qualified domain name. Such as linux.schotty.com or linux.schotty.org or www.linux.schotty.com or www.linux.schotty.org.
  • $SERVER_IP is your reverse-proxied IP. This will be your system that has the server that Apache is reverse proxying.
  • $PORT is the $SERVER_IP port that the application or web service is listening on.

SYSTEM PREPARATION

  • Packages

    sudo yum install mod_ssl mod_proxy_html
    
  • SELinux

    sudo setsebool -P httpd_can_network_connect 1
    

VHOST CONFIG

Modify the following to suit your needs. You want to save this as /etc/httpd/conf.d/$FQDN.conf

    <VirtualHost *:80>
      ServerName $FQDN
    </VirtualHost>
    <IfModule mod_ssl.c>
    <VirtualHost *:443>
      ServerName $FQDN
      ProxyPreserveHost On
      #####################
      # Use as many of these are needed for your web application/services
      #####################
      ProxyPass "/" "http://$SERVER_IP:$PORT/"
      ProxyPassReverse "/" "http://$SERVER_IP:$PORT/"
      SSLEngine on
    </VirtualHost>
    </IfModule>

GET SSL CERTS

I use LetsEncrypt for free SSL certs, but if you have another method apply them to your system appropriately. The following will be how to get your LE certs installed and your vhost(s) appropriately configured.

  • Install Certbot

    sudo yum install certbot python2-certbot-apache python2-certbot
    
  • Run certbot. Add as many domains as you need to the system via the '-d $FQDN' flags. During the setup process, have certbot redirect non-ssl to ssl if you wish, and have certbot update the config to add in the cert path.

    sudo certbot --apache -d $FQDN -d www.$FQDN -d $FQDN2 -d $FQDN3
    

RESTART APACHE

  • sudo systemctl stop httpd
  • sudo systemctl start httpd

TEST CONFIG

Open your web browser or application and point it to the proxy address. It should forward without error to the proxy target server.