Thursday, May 13, 2010

Enable Apache proxy Service (mod_proxy / proxy_http)

Apache proxy is used to expose different services (running on different ports) to public as standard http, https ftp services. Its act as the middle layer in between back-end and public.

Earlier apache came with mod_proxy module but it has been replaced with proxy_http module in new apache versions(2.2.12).




1) Enable proxy_http or mod_proxy module
a2enmod proxy_http or a2enmod mod_proxy

2) Restart the server.
/etc/init.d/apache2 restart

2) Do the virtual hosting. following vhost for http proxy service.

assume you want the service running on port 8080 as default http service.



# Please note to remove ="" notations from config file. Its shows due to code-highlight error. Check lines 5 and 13.
# Eg : in the < VirtualHost *:80=""> syntax ="" should be removed


ServerAdmin admin@example.com
ServerName example.com
# DocumentRoot /home/httpd/
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined


Order deny,allow
Allow from all
#Allow from .your_domain.com

ProxyRequests Off
ProxyPreserveHost On

ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/





for expose service running on 8083 as a https connection


# Please note to remove ="" notations from your config file. Its shows due to code-highlight error. check lines 4 and 21.
# Eg : in the < VirtualHost *:443=""> syntax ="" should be removed


ServerAdmin admin@example.com
ServerName example.com
#ServerAlias example.com
#DocumentRoot /home/httpd/

ErrorLog /var/log/apache2/ssl-error.log
LogLevel warn
CustomLog /var/log/apache2/ssl-access.log combined
ServerSignature On

SSLEngine On
SSLCertificateFile /etc/apache2/certs/example.crt
SSLCertificateKeyFile /etc/apache2/certs/example.key
SSLCertificateChainFile /etc/apache2/certs/CA.crt

SSLProxyEngine on

Order deny,allow
Allow from all
#Allow from .your_domain.com


ProxyRequests Off
ProxyPreserveHost On

ProxyPass / https://127.0.0.1:8083/
ProxyPassReverse / https://127.0.0.1:8083/


2 comments:

  1. Hi Yasith!
    It is a great article, I wish I found it earlier...
    I tried to copy your settings, and I failed. When I allow from all in my <Proxy> everything goes well, but when I deny from all, and allow only .mydomain.com it is forbidden by server.
    Do you have any idea what else may go wrong?

    <Proxy *>
    #AddDefaultCharset off
    Order deny,allow
    Deny from all
    Allow from xxx.xx.xx.xx
    Allow from .mydomain.com
    Allow from localhost
    </Proxy>
    None of the allow rules above worked.
    I'd appreciate any help
    Mate Ordody

    ReplyDelete
  2. We are using session cookies, so after authentication client receives a cookie and this cookie is re-sent with every request to the backend. top vpn

    ReplyDelete