In this tutorial, we'll explain how to use Apache as a Reverse Proxy with mod_proxy on Ubuntu 24.04 server.
Using Apache as a reverse proxy allows you to forward client requests to other backend servers. It can be useful for load balancing, hiding your application server from direct public access, or serving multiple applications under different subdomains or URL paths. We will walk through how to set up Apache with the mod_proxy module to configure it as a reverse proxy on Ubuntu 24.04.
Prerequisites
- Ubuntu 24.04 KVM VPS or dedicated server with root or sudo privileges.
- Apache installed on your system.
- A basic understanding of Apache and web servers.
- Backend application running on the same or different server.
How to use Apache as a Reverse Proxy with mod_proxy on Ubuntu
Step 1: Update Your Server
To ensure that your server is up-to-date with the latest security patches and software, run the following commands:
sudo apt update
sudo apt upgrade
Step 2: Configure Firewall
Next, add HTTP and HTTPS ports in the firewall:
ufw allow 80/tcp
ufw allow 443/tcp
ufw reload
Step 3: Install Apache Web Server
If Apache is not already installed, you can install it by running the following command:
sudo apt install apache2
Once the installation is complete, enable Apache to start automatically on boot:
sudo systemctl enable apache2
Step 4: Enable mod_proxy and Related Modules
Apache provides the mod_proxy module to set up the reverse proxy. By default, this module might not be enabled in a fresh installation of Apache, so you need to enable it manually along with other required modules.
Enable the necessary modules:
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo a2enmod headers
- proxy: Core module for handling proxying.
- proxy_http: For handling HTTP protocol when proxying.
- proxy_balancer: For load balancing when multiple backend servers are used.
- lbmethod_byrequests: Load balancing method that uses the number of requests to distribute traffic.
- headers: Allows manipulation of HTTP request/response headers.
After enabling the modules, restart Apache for the changes to take effect:
sudo systemctl restart apache2
Step 5: Configure Apache Virtual Host as a Reverse Proxy
Now, we’ll set up a virtual host configuration to act as a reverse proxy.
Create a new Virtual Host file for your reverse proxy configuration:
sudo nano /etc/apache2/sites-available/reverse-proxy.conf
Add the following configuration to the file, replacing <domain-or-ip> with your actual domain or IP, and the backend server address with the actual IP or domain of your backend application.
<VirtualHost *:80>
ServerAdmin admin@example.com
ServerName <domain-or-ip>
DocumentRoot /var/www/html
# Enabling Reverse Proxy
ProxyRequests Off
ProxyPreserveHost On
# Define backend server
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# Optional: Set headers for better security
Header always set X-Frame-Options DENY
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options nosniff
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Here’s a breakdown of key directives:
- ProxyRequests Off: Disables forward proxying (we only want reverse proxying).
- ProxyPreserveHost On: Ensures the host header of the original client request is passed to the backend server.
- ProxyPass: Defines the mapping between a URL on the Apache server and the backend application URL.
- ProxyPassReverse: Adjusts the headers in responses from the backend server to the client, ensuring the client gets the correct URL.
In the above example, we are forwarding requests from the Apache server (on port 80) to a backend application running locally on port 8080. You can change the backend server to any other server and port as required.
Enable the new Virtual Host configuration:
sudo a2ensite reverse-proxy.conf
Disable the default Virtual Host (optional):
sudo a2dissite 000-default.conf
Restart Apache to apply the changes:
sudo systemctl restart apache2
Step 6: Set Up a Simple Backend (For Testing)
You can set up a simple temporary backend service for testing purposes. For example, simple Flask app.
Create a virtual environment. It's a good practice to use virtual environments to manage your Python packages.
sudo apt install python3-venv -y
mkdir ~/flaskapp && cd ~/flaskapp
python3 -m venv fastapi-env
source fastapi-env/bin/activate
Next, install Flask
pip install flask
Create a Python file for the Flask app:
nano app.py
Add the following code to app.py:
from flask import Flask
app = Flask(__name__)
@app.route('/')
def home():
return 'Hello world!'
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8080)
Save and exit the file.
This simple Flask app listens on 0.0.0.0 (which allows it to be accessed from outside the localhost) on port 8080, and returns "Hello world!" when the root URL / is accessed.
Run the Flask Application. You can now run the Flask app:
python3 app.py
Your Flask app should now be running and accessible on localhost:8080.
Now, open your browser and visit your domain name http://your-domain.com. Apache should forward the request to the Flask app, and you should see "Hello world!" as the response.
Step 7: Enabling SSL (Optional but Recommended)
For production environments, it is strongly recommended to serve your application over HTTPS. You can achieve this by enabling SSL on your Apache server.
Enable the SSL module:
sudo a2enmod ssl
Obtain an SSL Certificate: You can use Let’s Encrypt to obtain a free SSL certificate. Install certbot to automate the process:
sudo apt install certbot python3-certbot-apache
Then run:
sudo certbot --apache -d <your-domain>
Restart Apache to apply the changes:
sudo systemctl restart apache2
Now, all traffic will be automatically redirected to HTTPS, providing a secure connection for your reverse proxy.
Conclusion
You have successfully set up Apache as a reverse proxy on Ubuntu 24.04 using mod_proxy. This configuration allows you to forward client requests to a backend server, making it useful for load balancing, centralizing access to multiple services, or securing backend applications. With SSL enabled, your reverse proxy setup will also ensure secure communication between clients and your application.
