When talking about apache proxy, we usually mean apache forward proxy. There is another kind of apache proxy: apache reverse proxy. The difference between apache forward proxy and apache reverse proxy is that apache forward server accepts connections from clients and transfers the requests to (possibly) unlimited real servers, while apache reverse proxy accepts requests from (possibly) unlimited clients and transfers them to several real servers. In this tutorial, we will teach you how to setup apache proxy server in Linux. We will cover the topics about setting up apache as forward server and apache reverse proxy setup as well.
Although configuring apache proxy server sounds complex, it is actually very simple:
- Uncomment all the mod_proxy*.so lines in /etc/httpd/conf.modules.d/00-proxy.conf.
- Add a virtual host in /etc/httpd/conf/httpd.conf:
1234<VirtualHost *:3128>ProxyRequests OnProxyVia On</VirtualHost>
3128 is the port of the proxy server. Here, we did not use name-based virtual host, which means the virtual host is matched against ip address. You must fill the ip address of the apache proxy server in the edit box when configuring application software(such as firefox). If you use a name-based virtual host, you can fill a domain name (of the proxy server) when configuring a client application. - Add the following line to /etc/httpd/conf/httpd.conf outside any virtual host:
Listen 3128
This way, after restarting apache, httpd will listen on port 3128 to accept proxy requests. - make sure firewall not to block port 3128
iptables -I INPUT -p tcp –dport 3128 -j ACCEPT - restart httpd
service httpd restart
You are done!
Now, you can configure your client software to use this proxy server. Many software have a UI for you to configure a proxy server. In Firefox, you can configure proxy by clicking the menu Tools/Settings/General/Network Settings.
On Centos, you can use some environment variables to instruct most software such as wget and curl to use proxy. Add the following lines to /etc/profile:
1 2 3 4 5 6 7 8 9 10 11 |
PROXY_URL="http://localhost:3128/" export http_proxy="$PROXY_URL" export https_proxy="$PROXY_URL" export ftp_proxy="$PROXY_URL" # For curl export HTTP_PROXY="$PROXY_URL" export HTTPS_PROXY="$PROXY_URL" export FTP_PROXY="$PROXY_URL" |
This way, when you login, the environment variables are in effect and the traffic issued by wget and curl will go through the local apache server. If your software doesn’t have a shell, such as httpd itself, you can add the following lines to /etc/environment:
1 2 3 4 5 |
http_proxy=http://localhost:3128/ HTTP_PROXY=http://localhost:3128/ https_proxy=http://localhost:3128/ HTTPS_PROXY=http://localhost:3128/ |
This way, when those applications restart, they will get those environment variables. Note that if you use /etc/environment, there is no need to add environment variables to /etc/profile. The shell will automatically read the environment variables in /etc/environment on login.
Unfortunately, the above methods are not enough to let all software to use proxy server. The file_get_contents function and the fsocketopen function in php do not respect those environment variables. You need to configure proxy server for them separately.
Configuring apache reverse server is also easy. You just need to change the stuff in virtual host as follows:
1 2 3 4 5 6 7 8 9 10 11 |
<VirtualHost *:*> ProxyPreservehost on ProxyPass /web1 http://localhost:8081 ProxyPassReverse /web1 http://localhost:8081 ProxyPass /web2 http://localhost:8082 ProxyPassReverse /web2 http://localhost:8082 ServerName localhost </VirtualHost> |
Different from forward proxy server, a reverse proxy server is just like an ordinary http server that is listening on port 80 or 443, so we use * for the port of the virtual host. A web server typically has a domain name so we use name-based virtual host here. We configure the reverse proxy to hide two real servers: the first one is serving on port 8081, and the second one is serving on port 8082. When a client visits the url /web1 of the reverse proxy server, the reverse proxy server will pass the request to the first real server behind; when a client visits the url /web2 of the reverse proxy server, the reverse proxy server will pass the request to the second real server behind.
We can also setup the apache reverse proxy server as a load balancer. Before doing that, you need to make sure one of the following modules is loaded by apache:
- lbmethod_bybusyness_module
- lbmethod_byrequests_module
- lbmethod_bytraffic_module
- lbmethod_heartbeat_module
In the following example, we will config a load balancer by request so make sure the lbmethod_byrequests_module is loaded(un-comment the corresponding line in /etc/httpd/conf.modules.d/00-proxy.conf).
1 2 3 4 5 6 7 8 9 10 11 12 |
<VirtualHost *:*> <Proxy "balancer://mycluster"> BalanceMember "http://localhost:8081" BalanceMember "http://localhost:8081" </Proxy> ProxyPass "/web" "balancer://mycluster" ProxyPassReverse "/web" "balancer://mycluster" ServerName localhost </VirtualHost> |
Now, when the load balancer receives requests as “/web” from clients, it will distribute the requests randomly to the servers defined in mycluster.