APACHE2 REVERSE PROXY
This is a simple guide to setting up your Apache vhost to be reverse-proxied. This tactic allows for you to setup port 80/443 to be the port exposed for a web service or application that listens on another port, and can be used to enable SSL certificates for applications that do not have a configuration, or an easily configurable option to setup SSL. Many Docker containers from DockerHub fall into the latter category (sadly). To proxy many applications or services on the same Apache host, setup multiple domains and configurations (detailed below). These applications do not need to be on the same physical or virtual host as Apache, and can be another physical or virtual host, or container elsewhere on the LAN.
Throughout this page:
- $FQDN is your fully qualified domain name. Such as linux.schotty.com or linux.schotty.org or www.linux.schotty.com or www.linux.schotty.org.
- $SERVER_IP is your reverse-proxied IP. This will be your system that has the server that Apache is reverse proxying.
- $PORT is the $SERVER_IP port that the application or web service is listening on.
SYSTEM PREPARATION
-
Packages
sudo yum install mod_ssl mod_proxy_html
-
SELinux
sudo setsebool -P httpd_can_network_connect 1
VHOST CONFIG
Modify the following to suit your needs. You want to save this as /etc/httpd/conf.d/$FQDN.conf
<VirtualHost *:80>
ServerName $FQDN
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName $FQDN
ProxyPreserveHost On
#####################
#Use as many of these are needed for your web application/services
#####################
ProxyPass "/" "http://$SERVER_IP:$PORT/"
ProxyPassReverse "/" "http://$SERVER_IP:$PORT/"
SSLEngine on
</VirtualHost>
</IfModule>
GET SSL CERTS
I use LetsEncrypt for free SSL certs, but if you have another method apply them to your system appropriately. The following will be how to get your LE certs installed and your vhost(s) appropriately configured.
-
Install Certbot
sudo yum install certbot python2-certbot-apache python2-certbot
-
Run certbot. Add as many domains as you need to the system via the '-d $FQDN' flags. During the setup process, have certbot redirect non-ssl to ssl if you wish, and have certbot update the config to add in the cert path.
sudo certbot --apache -d $FQDN -d www.$FQDN -d $FQDN2 -d $FQDN3
RESTART APACHE
- sudo systemctl stop httpd
- sudo systemctl start httpd
TEST CONFIG
Open your web browser or application and point it to the proxy address. It should forward without error to the proxy target server.