You are here
Accessing a backend server through Apache HTTP server
Scenario:
You have computers that perform dedicated tasks (servers), which you need to access from the web but would like to insulate these from the world wild web. You do not want to expose these backend servers: you want visiting web users to reach your front end server (for instance, www.MyWeb.com), which will then do the necessary work to display contents from these backend servers, based on client requests.
How:
By deploying an Apache HTTPD server (or any web server, for that matter) on a dedicated front-end server, and through configuration of the HTTPD server, you will declare proxy services to redirect traffic to the servers where the contents origin from (also known as backend servers).
This makes your front-end HTTPD server act as a gateway for requests, isolating the backend servers from the web traffic at large.
You will need to edit the configuration file of your Web server to declare the proxy and your backend computers. In my example, I'll reference Apache HTTP 2.2.
My web server runs on linux, and the web server configuration file (called httpd.conf) is located in /etc/httpd/.
Using your preferred editor, make sure you enable the proxy mechanism.
Configuration:
Open the file
/etc/httpd/conf/httpd.conf
You'll need, for an Apache web server, to declare the use of the mod_proxy library:
LoadModule proxy_module modules/mod_proxy.so
You must then configure the web server to handle proxy requests:
# # Proxy Server directives. Uncomment the following lines to\ # enable the proxy server: # #ProxyRequests On # Turn ProxyRequests off to enable ReverseProxy (ie Gateway) mode ProxyRequests Off #ProxyVia On <Proxy * > Order deny,allow Deny from all Allow from all </Proxy >
You finally need to add all your backend servers. Here, you must specify the front-facing location users will see, and what this path relates to in the back server. For instance, while a user will reach 'www.myweb.com/Indexes', this will in fact reach the contents of the IndexEngine server, with the 192.168.0.150 IP address:
<Location /Indexes/>
ProxyPass http://192.168.0.150/
ProxyPassReverse http://192.168.0.150/
</Location>
<Location /IoTCapture/>
ProxyPass http://192.168.0.156/
ProxyPassReverse http://192.168.0.156/
</Location>
<Location /ProjectTrack/ >
ProxyPass http://192.168.0.185/
ProxyPassReverse http://192.168.0.185/
</Location>
It is worth noting you could use a Web Application Server as a backend server, and submit multiple backend containers from that application server to the front-end Web server. The base URL for the Proxy* entries will be the same, but the end portion will be matching the application you wish to make available to the Web server.
Once you're done, save your configuration file and restart the Apache web server. Depending on how you setup your Apache server (as services), you can either:
- Run the Apache Control process:
- apachectl restart
- Or restart the Apache service:
- service apache restart
Tests:
You can then open your favorite web browser, and type the URL for any of the new virtual server you recently declared.
For example:
http://www.myweb.com/ProjectTrack
- ... will redirect traffic to the backend server 192.168.0.185, while keeping it anonymous to the web browser
http://www.myweb.com/IoTCapture
- ... will redirect traffic to the backend server 192.168.0.156, while keeping it anonymous to the web browser
Troubleshooting:
If you put a slash ('/') at the end of you Location definition, do make sure you put a slash at the end of your ProxyPass, ProxyPassReverse definitions!
- peb_admin's blog
- Log in to post comments