How to proxy a web site by apache2 in Ubuntu

Install apache2

To execute the install command in terminal:

sudo apt-get install apache2

Then, we can find that the apache2 has been installed in "/etc/" directory.

eric@eric:cd /etc/apache2

eric@eric:/etc/apache2$ apache2 -version

Server version: Apache/2.4. (Ubuntu)

Server built:   Apr    ::

eric@eric:/etc/apache2# ls -l

total

-rw-r--r--  root root   Jan   : apache2.conf

drwxr-xr-x  root root   Jun  : conf-available

drwxr-xr-x  root root   Jun  : conf-enabled

-rw-r--r--  root root   Jan   : envvars

-rw-r--r--  root root  Jan   : magic

drwxr-xr-x  root root  Jun  : mods-available

drwxr-xr-x  root root   Jun  : mods-enabled

-rw-r--r--  root root    Jan   : ports.conf

drwxr-xr-x  root root   Jun  : sites-available

drwxr-xr-x  root root   Jun  : sites-enabled

Attention:

After executing the install command, some echo exception messages may shown like that.

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message

()Address already in use: AH00072: make_sock: could not bind to address [::]:

()Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:

no listening sockets available, shutting down

If so, we need to:

1) Config the "ServerName" in apache2.conf.

eric@eric:cd /etc/apache2

eric@eric:cd vi apache2.conf

...

ServerName localhost

...

2) End the existed process which is using the 80 socket.

netstat -ap | grep

lsof -i:

kill {PID}

Or modify the listen socket. (See Config listening ports)

Then, we can restart apache2.

eric@eric:sudo /etc/init.d/apache2 restart

Config listening ports

We can change and add the listening ports by modifying port.conf file in "/etc/apache2/".

eric@eric:sudo vi /etc/apache2/ports.conf

For example, we change the default port from 80 to 81 to avoid the in used portd.

Listen 

<IfModule ssl_module>

    Listen

</IfModule>

<IfModule mod_gnutls.c>

    Listen

</IfModule>

After changing the default port, the default site configuration (/etc/apache2/sites-enabled/000-default.conf) also need be updated.

eric@eric:sudo vi /etc/apache2/sites-enabled/-default.conf

Modify

<VirtualHost *:>

<VirtualHost *:>

Config proxy or reverse proxy

Here, there is a Tomcat worked in 8080 port as our J2EE server and an application named "jreport" running in it. We will config the apache to proxy it.

1. Activate proxy module

There are "mods-available" and "mods-enabled" two directories in apache. The "mods-available" directory includes all available module configuration files. If we want to make them take effect, they must be copied or linked into the "mods-enabled" directory.

For activating the proxy module, we create some soft link for "proxy.load", "proxy_http.load" and "proxy.conf".

eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/proxy.load

eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/proxy_http.load

eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/proxy.conf

Then, execute the a2enmod command.

eric@eric:/etc/apache2$ a2enmod proxy

2. Config proxy

After activating the proxy module, we can config the "Forward Proxy" or "Reverse Proxy" for the "jreport" application in Tomcat.

Reverse Proxy

Reverse proxy is the most used way.

ProxyRequests Off

ProxyPass /jreport ${JREPORT_SERVER}/jreport

ProxyPassReverse /jreport ${JREPORT_SERVER}/jreport

ProxyRequests Off

Timeout

ProxyTimeout 

<Location /jreport/>

    ProxyPass ${JREPORT_SERVER}/jreport

    ProxyPassReverse ${JREPORT_SERVER}/jreport

    ProxyPassReverseCookiePath /jreport /

</Location>

For easy to config, we define a variable named "JREPORT_SERVER" in "/etc/apache2/envvars".

export JREPORT_SERVER=http://192.168.0.88:8080

After restarting the apache with the latest configuration, we can access the "jreport" application with:

http://localhost:81/jreport

Forward Proxy

For example, to control who can access your proxy:

ProxyRequests On

ProxyVia On

<Proxy *>

  Require ip 192.168.

</Proxy>

For more details, please see the official doc about mod_proxy.

Add SSL Support

1. Install openssl and ssl_cert

eric@eric: sudo apt-get install openssl ssl_cert

2. Generate private key and certification

eric@eric: sudo mkdir /etc/apache2/ssl

eric@eric: cd /etc/apache2/ssl

eric@eric:/etc/apache2/ssl$ sudo openssl genrsa -des3 -out my-server.key

eric@eric:/etc/apache2/ssl$ sudo openssl req -key my-server.key -x509 -out my-server.crt -config /etc/ssl/openssl.cnf -days

3. Activate SSL module

eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/ssl.load

eric@eric:/etc/apache2/mods-enabled$ sudo ln -s ../mods-available/ssl.conf

eric@eric:/etc/apache2/mods-enabled$ sudo a2enmod ssl

4. Add SSL support for site

Now, we modify the default site configuration (/etc/apache2/sites-enabled/000-default.conf) to add SSL support and make non-https access use the https automatically.

Usually, we config the 443 port for SSL support.

<VirtualHost *:>

    ...

    RewriteEngine on

    RewriteCond %{HTTPS} !=on

    RewriteRule ^/?(.*)$ https://%{SERVER_NAME}/$ [L,R]

</VirtualHost>

<VirtualHost *:>

    SSLEngine on

    SSLCertificateFile /etc/apache2/ssl/my-server.crt

    SSLCertificateKeyFiel /etc/apache2/ssl/my-server.key

    ...

</VirtualHost>

Postscript

I have just recorded my first attempt to proxy a web site by apache for memo. There are some other useful and complex modules in apache, such as rewrite, load balance and so on.

Reference

Apache official doc: http://httpd.apache.org/docs/2.4/