Introduction
Apache is a web server application that can serve dynamic web content or act as a reverse proxy —forwarding client requests to back-end applications. This article explains how to configure Apache to work as a reverse proxy with mod_proxy.
This guide proxies an ownCloud application on port 8080 under Docker, but you can use the same technique to host another application on a different port.
Prerequisites
A Ubuntu 20.04 server is used in this article, but these instructions work for any Linux server running Apache.
- Set up a DNS "A" record pointing to the server's IP address. This guide uses the name
app.example.com
. - Connect to the server.
- Log in as a non-root user with sudo privileges.
- Update the server.
- Install Apache.
- Install Docker.
1. Enable mod_Proxy
Enable the Apache mod_proxy module.
$ sudo a2enmod proxy
Enable additional modules.
$ sudo a2enmod proxy_http $ sudo a2enmod proxy_balancer $ sudo a2enmod proxy_wstunnel
Here is what each module does:
mod_proxy
: Implements proxying on the Apache server.proxy_http
: Handles proxy HTTP and HTTPS requests.proxy_balancer
: Enables load balancing.proxy_wstunnel
: Tunnels web socket connections to a back-end server.
Restart Apache to activate modules.
$ sudo systemctl restart apache2
2. Set up the Back-end Application
As an example, set up an ownCloud container listening on port 8080
under Docker.
Create the ownCloud docker container.
$ docker run -d --name owncloud -p 8080:8080 owncloud/server
Start ownCloud.
$ docker start owncloud
Verify that ownCloud is running.
$ docker ps
Output:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3eaea7b55cfe owncloud/server "/usr/bin/entrypoint…" 36 seconds ago Up 35 seconds 0.0.0.0:8080->8080/tcp, :::8080->8080/tcp owncloud
3. Setup Apache as a Reverse Proxy
Back up the default Apache virtual host configuration file.
$ sudo mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/origdefault.backup
Create a new configuration file.
$ sudo nano /etc/apache2/sites-available/app.example.com.conf
Add the following contents to the file. Change
app.example.com
to your server name. If you are setting up a proxy for a different app than the ownCloud example, you may need to update port 8080 to your application's port number in the file below.<VirtualHost *:80> ServerName app.example.com ProxyPreserveHost On ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ </VirtualHost>
Save and close the file.
Here is what each directive means:
ProxyPreserveHost
: Forwards the original host header to the back-end application.ProxyPass
: Specifies that all requests/
are forwarded to the back-end application port.ProxyPassReverse
: NegatesProxyPass
by modifying response headers from the back-end application.
Activate the configuration file.
$ sudo ln -s /etc/apache2/sites-available/app.example.com.conf /etc/apache2/sites-enabled/app.example.com.conf
Test the Apache configuration for errors.
$ sudo apachectl configtest
Restart Apache to load changes.
$ sudo service apache2 restart
4. Secure the server
Configure the firewall to allow HTTP traffic on port
80
.$ sudo ufw allow 80/tcp
Allow HTTPS on port
443
.$ sudo ufw allow 443/tcp
Restart the firewall.
$ sudo ufw reload
5. Setup SSL
Install Certbot.
$ sudo apt install certbot python3-certbot-apache
Request a Let's Encrypt SSL Certificate.
$ sudo certbot -d app.example.com
Test Auto-renewal.
$ sudo certbot renew --dry-run
6. Test
Open a web browser, and visit your subdomain.
https://app.example.com
The ownCloud login page should be displayed. Log in with the username admin
, and password admin
to start using the application.
More Information
You have configured Apache as a reverse proxy and set up ownCloud as the back-end application. For further information, refer to the following resources.