Using Apache as a Reverse Proxy

  • enable modules (ssl.conf, ssl.load, proxy.conf, proxy.load, proxy_html.conf, proxy_html.load, proxy_http.conf, proxy_http.load, rewrite.load, socache_shmcb.load)
  • this is done by creating symlinks in /etc/apache2/mods-enabled/ pointing to /etc/apache2/mods-available/*
  • sample for one module other modules equivalent
    $ cd /etc/apache2/mods-enabled
    $ ln -s ../mods-available/ssl.conf ssl.conf
  • edit 000-default.conf
    $ nano /etc/apache2/sites-available/000-default.conf
    add to config in the appropriate section as follows
<VirtualHost *:80>
ServerName example.org
Redirect / https://example.org

DocumentRoot /var/www/example.org
</VirtualHost>

<VirtualHost *:80>
ServerAlias *.example.org
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

<VirtualHost *.443>
ServerName example.org
DocumentRoot /var/www/example.org

SSLEngine On
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyPeerName Off
SSLProxyCheckPeerExpire Off
ProxyPreserveHost On

SSLCertificateFile /etc/letsencrypt/live/example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.org/fullchain.pem

ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>

<VirtualHost *:443>
ServerAlias *.example.org

SSLEngine On
SSLProxyEngine On
SSLProxyVerify None
SSLProxyCheckPeerCN Off
SSLProxyPeerName Off
SSLProxyCheckPeerExpire Off
ProxyPreserveHost On

SSLCertificateFile /etc/letsencrypt/live/example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.org/fullchain.pem

ProxyPass / https://localhost:8443/
ProxyPassReverse / https://localhost:8443/
</VirtualHost>
  • edit default-ssl.conf
    $ nano /etc/apache2/sites-available/default-ssl.conf
    add to config in the appropriate section as follows
<VirtualHost _default_:443>
ServerName example.org:443
DocumentRoot /var/www/example.org

SSLEngine on

SSLCertificateFile /etc/letsencrypt/live/example.org/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.org/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.org/fullchain.pem
</VirtualHost>

$ systemctl restart apache2