Implementation of Apache24 as a Reverse Proxy on FreeBSD Systems

Reverse proxy is a type of proxy server that accepts HTTP/HTTPS requests and distributes them transparently to one or more backend servers. Reverse proxies are useful because many modern web applications handle incoming HTTP/HTTPS requests using backend application servers that do not need to be directly accessible to the user and often only support rudimentary HTTP functionality.

For this we can use a reverse proxy to prevent direct access to the main application server. Reverse proxies can also be used to balance incoming requests across different application servers, improving performance at scale and providing fault tolerance. Reverse proxies will fill this void with application server features that they don't provide, such as caching, compression, and SSL encryption.

This article will explain how to set up Apache as a primary Reverse proxy server using the mod_proxy extension to redirect incoming connections to one or more internal servers running on the same network.



1. System Specifications
OS: FreeBSD 13.2
IP Server: 192.168.5.2
Domain: unixwinbsd.site
Apache version: Apache24
IP Jenkin: 192.168.5.2
Port Jenkin: 8180
IP Apache: 192.168.5.2
Ports Reverse Proxy Apache: 8080


2. Enable Apache24 proxy mod

In order for Apache24 to be used as a reverse proxy server, the proxy module in Apache24 must first be activated. To do this, edit the /usr/local/etc/apache24/httpd.conf file and delete the "#" sign in the loadmodule script, as in the example below:

root@ns1:~ # ee /usr/local/etc/apache24/httpd.conf
LoadModule proxy_module libexec/apache24/mod_proxy.so
LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so
LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so
LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so


So far, we haven't talked much about mod_proxy. However, it's a little more complicated than that. In keeping with Apache's modular architecture, mod_proxy itself is modular, and a typical proxy server needs to enable multiple modules. Those relevant to proxies and this article include:
  1. mod_proxy: The core module deals with proxy infrastructure and configuration and managing proxy requests.
  2. mod_proxy_http: This handles document retrieval with HTTP and HTTPS.
  3. mod_proxy_ftp: This handles document retrieval with FTP.
  4. mod_proxy_connect: This handles the CONNECT method for secure tunneling (SSL).
  5. mod_proxy_ajp: This handles the AJP protocol for Tomcat and similar backend servers.
  6. mod_proxy_balancer: Implements clustering and load balancing across multiple backends.
  7. mod_cache, mod_disk_cache, mod_mem_cache: This mod deals with document cache management. To enable caching requires mod_cache and one or both disk_cache and mem_cache.
  8. mod_proxy_html: This mod will rewrite HTML links into the proxy address space.
  9. mod_headers: Will modify HTTP request and response headers.
  10. mod_deflate: Negotiates compression with client and backend.
Because Apache runs on port 8080, the reverse proxy must also be on port 8080, replace the apache24 port in the /usr/local/etc/apache24/httpd.conf file.

root@ns1:~ # ee /usr/local/etc/apache24/httpd.conf
Listen 192.168.5.2:8080
ServerName www.unixwinbsd.site:8080


Now, let's configure a default HTTP vhost that will accept all proxy requests. Open the httpd-vhosts.conf file and edit it. In this article we will make Jenkins a "Backend" proxy for apache24.



Read the article above to use Jenkins as a proxy Backend from Apache24. After we configure Jenkins, we get the Jenkins ID: iwanse1212. Enter the script below in the /usr/local/etc/apache24/extra/httpd-vhosts.conf file.

root@ns1:~ # ee /usr/local/etc/apache24/extra/httpd-vhosts.conf
<Virtualhost 192.168.5.2:8080>
ServerName iwanse1212
ProxyRequests Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode

<Proxy http://192.168.5.2:8180/*>
Order deny,allow
Allow from all
</Proxy>

ProxyPass / http://192.168.5.2:8180/ nocanon
ProxyPassReverse / http://192.168.5.2:8180/
ProxyPassReverse / http://iwanse1212/
</Virtualhost>

In the script above, it is clear that we will run the apache24 reverse proxy with the private IP 192.168.5.2 with port 8080. While the server name "iwanse1212 is the Jenkins user ID. After that we restart the apache web server, so that it can load the Jenkins proxy.

root@ns1:~ # service apache24 restart
Performing sanity check on apache24 configuration:
Syntax OK
Stopping apache24.
Waiting for PIDS: 74121.
Performing sanity check on apache24 configuration:
Syntax OK
Starting apache24.

After that, we test by opening the Yandex or Google Chrome web browser, typing "http://192.168.5.2:8080" in the browser address bar menu. See the results on your Google Chrome screen.

If it appears like the image above, then apache24 can run the reverse proxy with the Jenkins backend.
Iwan Setiawan

I Like Adventure: Mahameru Mount, Rinjani Mount I Like Writer FreeBSD

Post a Comment

Previous Post Next Post