In this tutorial, we'll explain how to use Apache as a Reverse Proxy with mod_proxy on AlmaLinux 9 server.
Apache HTTP Server (commonly known as Apache) is a powerful, open-source web server that can serve web content and provide other services. One of the key features of Apache is the ability to use it as a reverse proxy. A reverse proxy allows you to route incoming client requests to backend servers based on specific conditions, which can help distribute traffic, provide load balancing, or secure internal services. In this tutorial, you’ll learn how to set up Apache as a reverse proxy on AlmaLinux 9 using the mod_proxy module.
Prerequisites
Before you begin, ensure the following:
- Ubuntu 24.04 KVM VPS or dedicated server with root or sudo privileges.
- Access to a user account with sudo privileges.
- Apache HTTP Server installed on your server.
- A backend application or web service running on a different port or server.
Apache as a Reverse Proxy with mod_proxy on AlmaLinux
Let’s get started!
Step 1: Update System Packages
First, update your system's package index to make sure you're working with the latest available versions of software:
sudo dnf update -y
Step 2: Install Apache HTTP Server
If Apache isn’t installed on your server yet, you can install it using the following command:
sudo dnf install httpd -y
Once installed, enable and start the Apache service:
sudo systemctl enable httpd
sudo systemctl start httpd
You can verify that Apache is running by checking the service status:
sudo systemctl status httpd
Step 3: Install and Enable mod_proxy Module
Apache uses modules to extend its functionality. The mod_proxy module is responsible for enabling reverse proxy functionality. It comes pre-installed with the Apache package, so you only need to enable it.
To enable mod_proxy and related modules, use the following commands:
sudo dnf install mod_ssl httpd-tools -y
Enable the necessary proxy modules by editing the Apache configuration file or including them directly:
sudo nano /etc/httpd/conf/httpd.conf
Find and ensure that the following modules are loaded or if you don't find it, add following modules at the end of the file:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
Save and close the file, then restart Apache to apply the changes:
sudo systemctl restart httpd
Step 4: Configure Apache as a Reverse Proxy
Now that the necessary modules are enabled, configure Apache to work as a reverse proxy. Apache configurations for virtual hosts are typically stored in /etc/httpd/conf.d/. Create a new virtual host configuration file:
sudo nano /etc/httpd/conf.d/reverse_proxy.conf
In this file, define a virtual host for your reverse proxy. Here’s an example configuration that sets up Apache to forward traffic from a public-facing domain (example.com) to a backend application running on http://localhost:8080:
<VirtualHost *:80>
ServerName example.com
# Enable ProxyRequests if you want to enable a forward proxy (not recommended for general use)
ProxyRequests Off
# Allow access to proxy functions
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Forward requests to backend server
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
# Optional: Set up logging for troubleshooting
ErrorLog /var/log/httpd/reverse_proxy_error.log
CustomLog /var/log/httpd/reverse_proxy_access.log combined
</VirtualHost>
- ProxyPass: This directive forwards incoming requests to the specified backend server.
- ProxyPassReverse: This ensures that any redirects from the backend server are properly routed back through the Apache server.
In the above example, Apache is listening on port 80 and forwarding all requests to http://localhost:8080.
Save and close the file.
Step 5: Configure Firewall
If you have a firewall enabled on your server, ensure that it allows HTTP and HTTPS traffic:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Step 6: Configure SELinux (Optional)
If you have SELinux enabled, follow this step. Execute following command:
sudo setsebool -P httpd_can_network_connect 1
Step 7: Enable SSL for Secure Reverse Proxy
Obtain an SSL Certificate: You can use Let’s Encrypt to obtain a free SSL certificate. Install certbot to automate the process:
sudo dnf install certbot python3-certbot-apache
Then run:
sudo certbot --apache -d <your-domain>
Restart Apache to apply the changes:
sudo systemctl restart httpd
Now, all traffic will be automatically redirected to HTTPS, providing a secure connection for your reverse proxy.
Step 8: Set Up a Simple Backend (For Testing)
You can set up a simple temporary backend service for testing purposes. For example, simple Flask app.
Create a virtual environment. It's a good practice to use virtual environments to manage your Python packages.
mkdir ~/flaskapp && cd ~/flaskapp
python3 -m venv fastapi-env
source fastapi-env/bin/activate
Next, install Flask
pip install flask
Create a Python file for the Flask app:
nano app.py
Add the following code to app.py:
from flask import Flask
app = Flask(__name__)
@app.route('/')
def home():
return 'Hello world!'
if __name__ == '__main__':
app.run(host='0.0.0.0', port=8080)
Save and exit the file.
This simple Flask app listens on 0.0.0.0 (which allows it to be accessed from outside the localhost) on port 8080, and returns "Hello world!" when the root URL / is accessed.
Run the Flask Application. You can now run the Flask app:
python3 app.py
Your Flask app should now be running and accessible on localhost:8080.
Now, open your browser and visit your domain name https://your-domain.com. Apache should forward the request to the Flask app, and you should see "Hello world!" as the response.
Step 9: Troubleshooting
If something isn't working as expected, check the Apache logs for errors:
sudo tail -f /var/log/httpd/error_log
You can also view the reverse proxy access logs if you enabled custom logging in your virtual host configuration:
sudo tail -f /var/log/httpd/reverse_proxy_access.log
Conclusion
In this tutorial, you learned how to set up Apache as a reverse proxy on AlmaLinux 9 using the mod_proxy module. This is a powerful technique for distributing traffic, load balancing, or providing access to backend applications through a public-facing server. By following these steps, you can deploy an Apache reverse proxy quickly and customize it to suit your needs.
Key Points to Remember:
- Ensure that the mod_proxy module and related modules are enabled.
- Use the ProxyPass and ProxyPassReverse directives to forward requests to the backend server.
- Secure the reverse proxy with SSL for added security, especially when handling sensitive traffic.
- Always check the logs for troubleshooting if something goes wrong.
By using Apache as a reverse proxy, you can gain more control over how your web traffic is handled and improve the overall performance and security of your applications.
