How To Configure An Apache SSL Reverse Proxy on Linux?

~ tmolnar0831

What is Apache?

Apache is a free and open-source cross-platform web server software that allows users to deploy their websites on the internet. It was launched in 1995 and has been the most popular web server on the Internet since April 1996.

What is a reverse proxy?

reverse proxy is a server that sits in front of web servers and forwards client requests to those web servers. It acts as an intermediary, intercepting and inspecting incoming client requests before forwarding them to the web server. Reverse proxies can provide additional levels of abstraction, control, security, and performance optimization. They are commonly used for load balancing, web acceleration, and to hide implementation details about the web servers.

What is SSL?

SSL, or Secure Sockets Layer, is a protocol for establishing authenticated and encrypted links between networked computers. Its current iteration is called TLS (Transport Layer Security).

Join my Discord: https://discord.gg/YbSYGsQYES

Requirements

  1. A Debian Bookworm (or other Debian based) server
  2. Root access
  3. Internet connection
  4. A running web app or site (I will use an Nginx in Podman on port 8080)
  5. SSL certificate and key for our site
  6. Coffee

Enabling the necessary Apache modules

Enable the necessary modules for proxying and SSL.

The a2enmod tool is a script used in Apache2 to enable a specified module within the Apache2 configuration by creating symlinks within /etc/apache2/mods-enabled.

a2enmod proxy
a2enmod proxy_http
a2enmod ssl
systemctl restart apache2

Configuring the proxy

In the /etc/apache2/sites-available/ create a config file for the revers proxy vhost.

The following example configuration will forward the requests from http://testsite.org directly to the Nginx default page. The vhost will listen on port 443 and forward the client requests to the Nginx service backend running in Podman on port 8080.

<VirtualHost *:443>
    ServerName testsite.org

    SSLEngine on
    SSLCertificateFile "/etc/apache2/ssl/cert.pem"
    SSLCertificateKeyFile "/etc/apache2/ssl/key.pem"

    ProxyPass "/" "http://localhost:8080"
    ProxyPassReverse "/" "http://localhost:8080"
</VirtualHost>

Put the certifictate and key files in their path configured in the above step. I create a test cert and key here in place:

mkdir /etc/apache2/ssl
cd /etc/apache2/ssl/
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes

Enabling the reverse proxy site and disabling the default one

The a2ensite tool is a script that enables a specified site or virtual host within the Apache2 configuration by creating symlinks within /etc/apache2/sites-enabled.

a2dissite 000-default.conf
a2ensite testsite.org.conf

Reloading the web server

When the configuration is ready, make sure that the syntax is right with the configtest option of the apachectl command, then reload the server. Additionally you can check the running service with the status option of the systemctl command.

apachectl configtest
systemctl reload apache2

Testing and validating the configuration

Validate the configuration with opening https://testsite.org in a browser or with using curl. It must proxying the browser to the Nginx default page.

echo "192.168.1.102 testiste.org"
curl -k https://testiste.org

Join my Discord: https://discord.gg/YbSYGsQYES

Published by tmolnar0831

My name is Tom, and I’m the founder and main contributor to Tom's IT Cafe. I’m a technology enthusiast and IT professional with over two decades of experience in the industry.

Leave a comment