How to Configure Apache HTTPS Reverse Proxy on CentOS Linux

What is a reverse proxy?

A reverse proxy accepts connections and then routes them to the appropriate backend server. For example, if we have a Ruby application running on 127.0.0.1:3000, we can configure
a reverse proxy to accept connections on HTTP or HTTPS, which can then transparently proxy requests to the ruby backend.

What are reverse proxies used for?

  • Backend routing logic/transparent routing
  • Network ACLs
  • Logging
  • URL rewriting
  • Virtualhost configuration
  • Easy SSL configuration

Configure Apache reverse proxy on CentOS Linux

In this tutorial, we will learn how to configure a reverse proxy with HTTPS in Apache on CentOS Linux. We will not cover obtaining SSL certificates in this particular tutorial, but you can follow this tutorial on obtaining free SSL certificates on CentOS Linux with Let’s Encrypt.

We’ll use example application running on 127.0.0.1:3000 as the backend service that we want to reverse proxy requests to.

1. Firstly, ensure that Apache is installed

yum install httpd mod_ssl -y

2. Define Apache reverse proxy configuration

For this config, we’ll use example virtualhost myapp.centosblog.com

vim /etc/httpd/conf.d/app.centosblog.com.conf
# HTTP
<VirtualHost *:80>

ServerName myapp.centosblog.com

# Redirect any HTTP request to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]

# Logging
LogLevel warn
ErrorLog myapp.centosblog.com-error_log
CustomLog myapp.centosblog.com-access_log combined

</VirtualHost>

# HTTPS
<VirtualHost *:443>

ServerName myapp.centosblog.com

# Logging
LogLevel warn
ErrorLog myapp.centosblog.com-error_log
CustomLog myapp.centosblog.com-access_log combined

# SSL Configuration - uses strong cipher list - these might need to be downgraded if you need to support older browsers/devices
SSLEngine on
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
SSLCertificateFile /path/to/your/certificate.crt
SSLCertificateKeyFile /path/to/your/certificate.private_key
SSLCertificateChainFile /path/to/your/certificate/chainfile.crt

# HSTS (optional)
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;"
# Remove this if you need to use frames or iframes
Header always set X-Frame-Options DENY
# Prevent MIME based attacks
Header set X-Content-Type-Options "nosniff"

# Reverse proxy configuration
<Location />
ProxyPass http://localhost:3000/
ProxyPassReverse http://localhost:3000/
</Location>

</VirtualHost>

Apologies – the syntax highlighting plugin that I use does not honour leading tabs or whitespace, so formatting is a bit ugly here!

3. Enable and start the Apache service

systemctl enable httpd && systemctl start httpd

Final Notes

Your Apache reverse proxy should now be running! You can now access your application via https://myapp.centosblog.com/

This config demonstrates the simplest form of using Apache as a reverse proxy – a single backend service. The Apache reverse proxy module is quite powerful, and supports configuring multiple backends, clusters and load balancing algorithms. You can find out more about Apache’s reverse proxy configuration module from Apache’s Reverse Proxy Guide.

Scan to Donate Bitcoin
Like this? Donate Bitcoin to at:
Bitcoin 13KzxfEoFPzt5ccoQvSkUEytTgQV8JN5ej
Donate
Share This Post

About Author: Curtis K

Hi! My name is Curtis, and I am the author of CentOS Blog. Please feel free to comment with any suggestions, feedback or questions!