Apache Reverse Proxy Vhost Examples

For certain projects I’ll use Nginx or Apache as a reverse proxy to back end web servers. While Nginx is far more light weight and faster, Apache is the swiss army knife of web servers and has just about every feature you could need.

Here’s a couple of examples of Apache Reverse proxy vhosts.

SSL Proxy with SSL back end origin:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName yourdomain.com
	ServerAlias www.yourdomain.com
	SSLProxyEngine on
	ProxyPreserveHost On
	ProxyPass / https://192.10.2.11:443/
	ProxyPassReverse / https://192.10.2.11:443/
 
	ErrorLog ${APACHE_LOG_DIR}/yourdomainerror.log
        CustomLog ${APACHE_LOG_DIR}/yourdomainaccess.log combined
 
	SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Standard HTTP proxy with HTTP back end origin (Forced SSL Rewrite):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<VirtualHost *:80>
	ServerName yourdomain.com
	ServerAlias www.yourdomain.com
        ProxyPreserveHost On
        ProxyPass / http://192.10.2.11:80/
        ProxyPassReverse / http://192.10.2.11:80/
 
        ErrorLog ${APACHE_LOG_DIR}/yourdomainerror.log
        CustomLog ${APACHE_LOG_DIR}/yourdomainaccess.log combined
 
	RewriteEngine on
	RewriteCond %{SERVER_NAME} =yourdomain.com [OR]
	RewriteCond %{SERVER_NAME} =www.yourdomain.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

I’ll do a write up in the future on the benefits of reverse proxy configurations.

Enabling X-Forwarded-For Logging In Apache 2.4

It’s critical to enable X-Forwarded-For Logging when behind a proxy or load balancer in order grab the true IP address of visitors.

To enable this in your Apache vhost configuration, simply add the following logging options:

1
2
3
4
5
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog "/var/log/httpd/youraccess.log" combined env=!forwarded
CustomLog "/var/log/httpd/youraccess.log" proxy env=forwarded

This is a simple fix to get real data on the IPs hitting your website!