Apache Reverse Proxy Configuration (Step by Step) for CentOS


apache reverse proxy configuration centos

A reverse proxy allows you to take requests and distribute them among one or more backend servers. This protects your website from malicious attacks as well as enabled load balancing. Let us take a look at Apache Reverse Proxy Configuration (Step by Step) for CentOS.

 

Apache Reverse Proxy Configuration (Step by Step) for CentOS

Here’s the Apache Reverse Proxy Configuration (Step by Step) for CentOS. Before we begin please ensure that you have installed Apache web server on CentOS.

 

1. Verify Required Apache modules

Apache needs 2 modules for reverse proxy management (mod_proxy and mod_proxy_http), and 2 for load balancing(mod_proxy_balancer and mod_lbmethod_byrequests). They are enabled by default on CentOS.

You can test them with the command


$ httpd -M

This will output all enabled modules. Look for the 4 lines mentioned below


Output
. . .
proxy_module (shared)
. . .
lbmethod_byrequests_module (shared)
. . .
proxy_balancer_module (shared)
. . .
proxy_http_module (shared)

 

If they are not enabled, open Apache configuration file in a text editor


$ sudo nano /etc/httpd/conf.modules.d/00-proxy.conf

 

And uncomment the following 4 lines. You can uncomment a line by removing the # sign at its beginning.


. . .
LoadModule proxy_module modules/mod_proxy.so
. . .
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
. . .
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
. . .
LoadModule proxy_http_module modules/mod_proxy_http.so
. . .

 

Save the file and restart Apache


$ sudo systemctl restart httpd

 

Apache is ready to work as a reverse proxy

 

2. Update Apache Configuration to Enable Reverse Proxy

In this example, we will update the default Apache virtual host to to work as a reverse proxy for

  1. Single backend server
  2. Multiple backend servers

If you want to create a separate virtual host file for this purpose, here’s how you can do it.

Open the default virtual hosts file in a text editor


$ sudo nano /etc/apache2/sites-available/000-default.conf

 

On the first line, you’ll see a <VirtualHost *:80> block.

 

1. Reverse Proxy for Single Backend Server

Replace all code in <VirtualHost> block with the following:


<VirtualHost *:80>
 ProxyPreserveHost On

 ProxyPass / http://127.0.0.1:8080/
 ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>

In the above code,

  • ProxyPreserveHost – Makes Apache pass the Host header in original request. It allows backend server to know the origin
  • ProxyPass – It is the main reverse proxy directive that specifies that all requests under the root (/) URL should be sent to the back end server.
  • ProxyPassReverse – It makes Apache modify response headers before sending it to the client. So, in case of location redirect headers, the client is redirected to the reverse proxy and not back end servers.

 

Restart Apache to apply changes


$ sudo systemctl restart httpd

 

Now if you open a browser and go to http://your_domain.com, you’ll see the response from your backend server, and not the Apache welcome page.

 

2. Reverse Proxy for Multiple Backend Servers

You can also reverse proxy Apache to distribute traffic across multiple backend servers.

In this case, replace the VirtualHost block with the following code:


<VirtualHost *:80>
 <Proxy balancer://cluster>
  BalancerMember http://127.0.0.1:8080
  BalancerMember http://127.0.0.1:8081
 </Proxy>

 ProxyPreserveHost On

 ProxyPass / balancer://cluster/
 ProxyPassReverse / balancer://cluster/
</VirtualHost>

 

The above configuration is similar to the one for single backend server, except for the Proxy block. We have called it cluster, (balancer://cluster). You can name it whatever you want. It should have a list of IP addresses and ports across whom your traffic should be distributed. In our example, we use 127.0.0.1:8080 and 127.0.0.1:8081.

So, in this case, ProxyPass and ProxyPassReverse refer to the balancer by its name (e.g cluster), instead of its IP address

 

Restart Apache to apply changes


$ sudo systemctl restart httpd

 

Now if you open a browser and go to http://your_domain.com, you’ll see the response from your backend servers, and not the Apache welcome page. If each of these servers serve a different response, you can easily make out that your traffic is being sent to different backend servers.

Congratulations! You have set up Apache Rever Proxy Configuration for CentOS.

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!