What is Apache?
Apache is a free and open-source cross-platform web server software that allows users to deploy their websites on the internet. It was launched in 1995 and has been the most popular web server on the Internet since April 1996.
What is a reverse proxy?
A reverse proxy is a server that sits in front of web servers and forwards client requests to those web servers. It acts as an intermediary, intercepting and inspecting incoming client requests before forwarding them to the web server. Reverse proxies can provide additional levels of abstraction, control, security, and performance optimization. They are commonly used for load balancing, web acceleration, and to hide implementation details about the web servers.
What is SSL?
SSL, or Secure Sockets Layer, is a protocol for establishing authenticated and encrypted links between networked computers. Its current iteration is called TLS (Transport Layer Security).
Join my Discord: https://discord.gg/YbSYGsQYES
Requirements
- A Debian Bookworm (or other Debian based) server
- Root access
- Internet connection
- A running web app or site (I will use an Nginx in Podman on port 8080)
- SSL certificate and key for our site
- Coffee
Enabling the necessary Apache modules
Enable the necessary modules for proxying and SSL.
The a2enmod
tool is a script used in Apache2 to enable a specified module within the Apache2 configuration by creating symlinks within /etc/apache2/mods-enabled
.
a2enmod proxy
a2enmod proxy_http
a2enmod ssl
systemctl restart apache2
Configuring the proxy
In the /etc/apache2/sites-available/
create a config file for the revers proxy vhost.
The following example configuration will forward the requests from http://testsite.org
directly to the Nginx default page. The vhost will listen on port 443 and forward the client requests to the Nginx service backend running in Podman on port 8080.
<VirtualHost *:443>
ServerName testsite.org
SSLEngine on
SSLCertificateFile "/etc/apache2/ssl/cert.pem"
SSLCertificateKeyFile "/etc/apache2/ssl/key.pem"
ProxyPass "/" "http://localhost:8080"
ProxyPassReverse "/" "http://localhost:8080"
</VirtualHost>
Put the certifictate and key files in their path configured in the above step. I create a test cert and key here in place:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl/
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Enabling the reverse proxy site and disabling the default one
The a2ensite
tool is a script that enables a specified site or virtual host within the Apache2 configuration by creating symlinks within /etc/apache2/sites-enabled
.
a2dissite 000-default.conf
a2ensite testsite.org.conf
Reloading the web server
When the configuration is ready, make sure that the syntax is right with the configtest
option of the apachectl
command, then reload the server. Additionally you can check the running service with the status
option of the systemctl
command.
apachectl configtest
systemctl reload apache2
Testing and validating the configuration
Validate the configuration with opening https://testsite.org in a browser or with using curl
. It must proxying the browser to the Nginx default page.
echo "192.168.1.102 testiste.org"
curl -k https://testiste.org
Join my Discord: https://discord.gg/YbSYGsQYES