Apache Reverse Proxy

by K8CTR

Posted Thursday, April 10, 2014 3:00 PM


For hosting multiple servers (Gitlab and some dev servers) through a single router port forward, I used the following configuration on a local Apache instance. There was a bit of an SSL issue which seemed to resolve when the reverse proxy hosted the SSL certificates for the configured domain as well. GitLab has a page on setting up https here.

SSL Cert

The SSL cert and private keys were generated on the destination server, then copied to the reverse proxy.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sub.example.com.key -out sub.example.com.crt

ports.conf

NameVirtualHost *:443

Virtual Host (sites-available/000-default.conf)

    <VirtualHost *:80>
        ServerName sub.example.com
        ServerAdmin josh@example.com
    
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        LogLevel error
    
        SSLProxyEngine on
    
        ProxyPreserveHost On
        ProxyRequests off 
        ProxyPass / http://192.168.1.100/
        ProxyPassReverse / http://192.168.1.100/ 
    </VirtualHost>

    <IfModule mod_ssl.c>
        <VirtualHost *:443>
            ServerName sub.example.com
            SSLEngine On
            SSLProxyEngine On
            ProxyRequests Off
            SSLCertificateFile /etc/apache2/ssl/sub.example.com.crt
            SSLCertificateKeyFile /etc/apache2/ssl/sub.example.com.key
            #SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
            SSLCACertificateFile /etc/apache2/ssl/sub.example.com.crt
            SetOutputFilter INFLATE;proxy-html;DEFLATE;
            ProxyHTMLInterp On
            ProxyHTMLExtended On
            ProxyHTMLURLMap (.*)192.168.1.100(.*) https://sub.example.com$2 [Rin]
            ProxyPass / https://192.168.1.100/
            ProxyPassReverse / https://192.168.1.100/
        </VirtualHost>
    </IfModule>

Labels: , ,

3 Comments