This post explains how to configure Apache 2.4 (the version that comes with Ubuntu 14.04) as a fully transparent reverse proxy. If you have a single website that has multiple paths that are actually run by different web applications then this tutorial may be for you.
The proxy will serve both web applications from their own virtual host configuration. These may be on the same machine as shown below using the loop-back addresses 127.0.0.1 and 127.0.0.2 or on different machines if you use their (internal) IP addresses.
Site: http://www.yourwebsite.com/ App1: http://www.yourwebsite.com/app1 = http://127.0.0.1/app1 App2: http://www.yourwebsite.com/app2 = http://127.0.0.2/app2
This is the directory structure in which I want to load the various web apps:
maurits@nuc:/var/www/html$ ll total 28 drwxr-xr-x 4 root root 4096 Dec 1 21:43 ./ drwxr-xr-x 3 root root 4096 Apr 21 2014 ../ -rw-r--r-- 1 root root 11510 Apr 21 2014 index.html drwxr-xr-x 2 root root 4096 Dec 1 21:45 app1/ drwxr-xr-x 2 root root 4096 Dec 1 21:45 app2/
In this tutorial we run the web applications on the same paths as on the proxy. This means that the web apps run in a subdirectory, even on the machines behind the proxy. This avoids the need of rewriting and thus keeps this setup simple and easy to debug.
Setting up the reverse proxy in Apache 2.4
What we are going to do is setup a reverse proxy. First we load the “proxy_http” module in Apache 2.4 using:
sudo a2enmod proxy_http sudo service apache2 restart
Let’s setup the reverse proxy virtual host configuration in “/etc/apache2/sites-available/yourwebsite-proxy.conf” like this:
<VirtualHost *:80> ServerName www.yourwebsite.com DocumentRoot /var/www/html ProxyPreserveHost On ProxyPass /app1 http://127.0.0.1/app1 ProxyPass /app2 http://127.0.0.2/app2 </VirtualHost>
The virtual host configuration of app1 in “/etc/apache2/sites-available/yourwebsite-app1.conf” looks like this:
<VirtualHost 127.0.0.1:80> ServerName www.yourwebsite.com DocumentRoot /var/www/html ... </VirtualHost>
And the virtual host configuration of app2 in “/etc/apache2/sites-available/yourwebsite-app2.conf” looks like this:
<VirtualHost 127.0.0.2:80> ServerName www.yourwebsite.com DocumentRoot /var/www/html ... </VirtualHost>
Lets enable all sites and reload Apache using:
sudo a2ensite yourwebsite-proxy yourwebsite-app1 yourwebsite-app2 sudo service apache2 reload
Note that this works as the virtual host configurations with a specified IP address will be matched first. The “ProxyPreserveHost” will make sure the “Host” header in the request is not rewritten. The lack of a “ProxyPassReverse” will make sure that there is no rewriting done on the response.
Showing the correct remote IP address
It is important to understand that in the above setup, the proxied web application will only see a different “REMOTE_ADDR” environment variable, since there is absolutely no rewriting going on. The real visitor address is passed along in “X-Forwarded-For” header. This is a comma separated list and the last entry holds the real client IP address.
If you are on Apache 2.4, like in Ubuntu 14.04, you can correct the reported remote address by loading the “remoteip” module like this:
sudo a2enmod remoteip sudo service apache2 restart
Add the “RemoteIPHeader” and “RemoteIPInternalProxy” directives to the virtual host configurations:
<VirtualHost 127.0.0.1:80> ServerName www.yourwebsite.com DocumentRoot /var/www/html RemoteIPHeader X-Forwarded-For RemoteIPInternalProxy 127.0.0.0/8 ... </VirtualHost>
Note that the “RemoteIPInternalProxy” you must specify the internal IP address of the proxy. To test if you did it right you can run a PHP script that calls “phpinfo()”. If you see that the “REMOTE_ADDR” value is not set to the proxy, then it is working.
Adding headers to the upstream request
We want to make Apache2 add upstream headers and therefor we need to load the “headers” module in Apache 2.4 using:
sudo a2enmod headers sudo service apache2 restart
Next, we have to adjust the reverse proxy virtual host configuration in “/etc/apache2/sites-available/yourwebsite-proxy.conf” like this:
<VirtualHost *:80> ServerName www.yourwebsite.com DocumentRoot /var/www/html ProxyPreserveHost On RewriteEngine On RequestHeader add X-SSL off RewriteRule ^/app1/(.*) http://127.0.0.1/app1/$1 [P,L] RewriteRule ^/app2/(.*) http://127.0.0.2/app2/$1 [P,L] </VirtualHost>
In this example we add a “X-SSL” header with the value “off” to the proxied request. If you want to add headers to the response you can use the “Header” directive.
If you have any questions, please use the comments below.