Skip to content

Instantly share code, notes, and snippets.

@awabcodes

awabcodes/apache-reverse-proxy.md

Last active June 18, 2022 21:39
Show Gist options
  • Save awabcodes/761ea75a91e64ea2d6042880036fd513 to your computer and use it in GitHub Desktop.
Save awabcodes/761ea75a91e64ea2d6042880036fd513 to your computer and use it in GitHub Desktop.
Download ZIP
[Apache Config] #apache #server #config #reverse_proxy #virtual_host #certbot #letsencrypt
Raw
apache-reverse-proxy.md

Apache Config

Installation

sudo apt update
sudo apt install apache2

Creating the Directory

sudo mkdir -p /var/www/example.com

Granting permissions to user

sudo chown -R $USER:$USER /var/www/example.com

Allow read access

sudo chmod -R 755 /var/www

Enabling Necessary Apache Modules

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_ajp
sudo a2enmod rewrite
sudo a2enmod deflate
sudo a2enmod headers
sudo a2enmod proxy_balancer
sudo a2enmod proxy_connect
sudo a2enmod proxy_html
sudo a2enmod ssl
sudo a2enmod remoteip

Apache VirtualHost Config

sudo nano /etc/apache2/sites-available/example.com.conf
<VirtualHost *:80>
    ServerAdmin mail@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<Directory /var/www/example.com>
      Options -Indexes
</Directory>

Enable the new site and disable the default site

sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf

Syntax check

sudo apache2ctl configtest

Reverse Proxy Config

sudo nano /etc/apache2/sites-enabled/example.com-le-ssl.conf
ProxyPreserveHost on
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Port 443

ProxyPass /webapp1/ http://127.0.0.1:8080/
ProxyPassReverse /webapp1/ http://127.0.0.1:8080/

ProxyPass /webapp2/ http://127.0.0.1:8181/
ProxyPassReverse /webapp2/ http://127.0.0.1:8181/

ProxyPass /webapp3/ http://127.0.0.1:8282/
ProxyPassReverse /webapp3/ http://127.0.0.1:8282/

Check firewall status and allow apache

sudo ufw status

sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'

Restart Apache

sudo apache2ctl configtest
sudo systemctl restart apache2

Lets Encrypt SSL using Certbot

Installation

sudo apt install certbot python-certbot-apache

Create the SSL certificate

sudo certbot --apache -d example.com -d www.example.com

Check the certbot timer service

sudo systemctl status certbot.timer

Test the certificate autorenewal

sudo certbot renew --dry-run
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment