Apache2 reverse proxy (with http https virtualhosting)
This weekend I was updating and reconfiguring my apache2 installation, I run a server with multiple domains both with http and https, they are sitting behind a firewall. I also had some tomcat installations running on port 8080 on my server. In my previous configuration in the firewall I had port 80,443 and 8080 forwarded to my apache server and it worked perfectly. but as you know it’s easy to educate users to use both http(port 80) and https(port443) but not that easy to tell them to write https://yourserver:8080/blabla to redirect them to the tomcat server.
Having this I decided to change the way things work but using a reverse proxy this way I can have all the users using just http and https and at the same time redirect the traffic to the t0mcat behind the the firewall.
How did I do it?
First you have to enable the following modules on your apache2 server (I won’t explain how to do it as you can do it multiple ways and even use your distro tools to help you):
I also recommend you to use virtualhosts for doing this as you’ll be able to serve multiple domains with ease:
and edit your virtual host to look like this:
<VirtualHost *:80>ServerAdmin firstname.lastname@example.orgServerName www.yourdomain.comDocumentRoot /srv/www/htdocsServerSignature OnDirectoryIndex index.php index.html index.htmProxyRequests OffProxyPreserveHost OnProxyPass / http://your.internalserver.local:8080/ProxyPassReverse / http://your.internalserver.local:8080/</virtualhost><proxy>Order deny,allowAllow from all</proxy>
or if you are using https your virtualhost config file might look like:
<IfDefine SSL><IfDefine !NOSSL><VirtualHost *:443>ServerName www.yourdomain.comDocumentRoot "/srv/www/htdocs"ErrorLog /var/log/apache2/error.logTransferLog /var/log/apache2/access.logSSLEngine onSSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULLSSLCertificateFile /etc/apache2/certs/www.yourdomain.com.crtSSLCertificateKeyFile /etc/apache2/certs/www.yourdomain.com.keySSLCertificateChainFile /etc/apache2/certs/www.yourdomain.com_intermediate_bundle.crt<Files ~ "\.(cgi|shtml|phtml|php3?)$">SSLOptions +StdEnvVars</Files><Directory "/srv/www/cgi-bin">SSLOptions +StdEnvVars</Directory>SetEnvIf User-Agent ".*MSIE.*" \nokeepalive ssl-unclean-shutdown \downgrade-1.0 force-response-1.0CustomLog /var/log/apache2/ssl_request_log ssl_combinedProxyPreserveHost OnProxyRequests OffProxyPass / http://www.your_domain.local:8080/ProxyPassReverse / http://www.your_domain.local:8080/</VirtualHost></IfDefine></IfDefine>
Well hope this is helpful to someone.
Pedro M. S. Oliveira
Found this article about APACHE2 as a OWA proxy which I really liked 🙂 bellow there are some excerpts that I frequently use. I’m copying them for my reference:
<VirtualHost *:443> DocumentRoot "/var/www/owa" ServerName mail.mycompany.com:443 ServerAdmin email@example.com DirectoryIndex index.html index.php SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLProxyEngine on RewriteEngine On RewriteRule ^/$ /exchange [L,R] RequestHeader set Front-End-Https On ProxyRequests On ProxyPreserveHost On ProxyVia full <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /exchange https://mxbsas.example.local/exchange ProxyPassReverse /exchange https://mxbsas.example.local/exchange ProxyPass /exchweb https://mxbsas.example.local/exchweb ProxyPassReverse /exchweb https://mxbsas.example.local/exchweb ProxyPass /public https://mxbsas.example.local/public ProxyPassReverse /public https://mxbsas.example.local/public ProxyPass /exchangerng https://mxrng.example.local/exchangerng ProxyPassReverse /exchangerng https://mxrng.example.local/exchangerngProxyPass /Microsoft-Server-ActiveSync https://mxbsas.example.local/Microsoft-Server-ActiveSync ProxyPassReverse /Microsoft-Server-ActiveSync https://mxbsas.example.local/Microsoft-Server-ActiveSync