Ahoy there! This is my personal blog which I use as my memory extension and a medium to share stuff that could be useful to others.

How to configure Apache 2.x as a Reverse Proxy

Recently, I used a Reverse Proxy server to work around a constraint. I wanted to host a monitoring dashboard (website) at port 80 on a corporate intranet host, but running Apache (or any software) to listen at port 80 (or any port from 1 to 1024) on UNIX requires root privilege. Since the use of root privilege has been significantly restricted by my System Administrators, it would have been very inefficient and cumbersome to administer the website because my team would have had to raise a formal request to the Sys Admins via Change Management procedures whenever it was required to restart/administer Apache. So, I used a standard user to run Apache (hosting the website) to listen the a non-privileged port 7777 and configured a reverse proxy Apache server instance to listen at port 80 and forward requests to the Apache server instances which hosted the website at port 7777. Now, we can do whatever administration work we require on the Apache web server instance hosting the website without being dependent on the Sys Admins. If the reverse proxy apache web instance goes down, we will need to seek assistance from the Sys Admins to start it, but there’s very low probability of the reverse proxy apache web instance going down. My use of a reverse proxy server, as described above, is illustrated in the figure below:

 

Reverse Proxy

Given below, are the steps I followed to set up a reverse proxy server using Apache 2.2.12 on Solaris 9:

Note: As a prerequisite, Apache 2.2.12 must be compiled with the ––enable-so option to enable Apache to load modules dynamically at runtime.

STEP 1: Build and load the Apache proxy modules

Apache requires the mod_proxy and mod_proxy_http modules to serve as a reverse proxy server for HTTP requests. The source code (.c files) for these modules are available in the apache source code repository. Build and install the required proxy modules using the APache eXtenSion (apxs) tool as follows:

# Note that the apache ServerRoot is /apache-2.2.12 in the examples below. Run the following commands in the source repository directory containing the relevant “.c” files (httpd-2.2.12/modules/proxy/).
#
# Build and install mod_proxy module. 
/apache-2.2.12/bin/apxs -i -a -o mod_proxy.so -c mod_proxy.c proxy_util.c

# Build and install mod_proxy_http module. 
/apache-2.2.12/bin/apxs -i -a -o mod_proxy_http.so -c mod_proxy_http.c proxy_util.c

STEP 2: Configure the required reverse proxy directives

Having extended Apache with "proxy" functionality in STEP 1, you will now need to tell Apache how you wish to use this new functionality and to do this, you must use the Proxypass and ProxyPassReverse directives in httpd.conf. Given below are directives which I used in httpd.conf to reverse proxy all HTTP requests coming in at port 80 to a website hosted on apache at port 7777:

ProxyPass / http://www.mydomain.com:7777/
ProxyPassReverse / http://www.mydomain.com:7777/

STEP 3: Restart Apache for the changes to take effect

mrkips@kipsserver: /apache-2.2.12/bin/apachectl -k restart
VN:F [1.9.22_1171]
Rating: +4 (from 6 votes)

Sometimes, you may want to use multiple locations for documents on the same website using Apache. It’s very straightforward to configure multiple document locations in Apache using the Alias directive in either the server config or VirtualHost config. Given below are the steps I used to configure a document root (/webserver/apache-2.2.12/phpMyAdmin) for the phpMyAdmin application to store it outside my default web application’s document root (/webserver/apache-2.2.12/htdocs).

 

 

STEP 1: Modify the Apache httpd.conf to add the Alias directive and ensure the new document root is accessible. Example below:

#
# DocumentRoot and Alias to point to pma's location outside DocumentRoot
#
DocumentRoot "/webserver/apache-2.2.12/htdocs"
Alias /pma /webserver/apache-2.2.12/phpMyAdmin
#
# Config options for pma document root
#
<Directory "/webserver/apache-2.2.12/phpmyadmin">
    Options -Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Note: I explicitly configured Directory options for /webserver/apache-2.2.12/phpMyAdmin as my default Directory options (for /) were very restrictive.

 

STEP 2: Restart Apache. Example below:

/webserver/apache-2.2.12/bin/apachectl -k restart

 

Using my browser, I could access the new document root at http://xx.xx.xx.xx/pma

 

Points to remember:

(1) Apache permits only one DocumentRoot (understandably) for a website and so you cannot have "multiple document roots". However, you access documents stored in locations outside the DocumentRoot, thereby permitting "multiple document locations". If you have more than one domain name for your website, then you may use the VirtualHost directive to configure a DocumentRoot for each website domain.

(2) Ensure you do not add a trailing / to the url (/pma) in the Alias directive. If you do so, you will see “Not Found” errors.

(3) You should not have a directory in the document root having the same name as a URL in any of the Alias directives as you will never be able to access it. Based on the example above, if I create a directory called pma in the document root /webserver/apache-2.2.12/htdocs, then I will never be able to access any files in this directory as the Alias /pma tells Apache that it must look elsewhere (/webserver/apache-2.2.12/phpMyAdmin). However, you may create the directory pma as a subdirectory withing directories in the document root (e.g. /webserver/apache-2.2.12/htdocs/test/pma)

VN:F [1.9.22_1171]
Rating: +7 (from 19 votes)

This is what I did to install Apache 2.2.12 and PHP 5.3.0 on Solaris 9 (SPARC/Sun-Fire-V490). I chose an application user (applusr) to install Apache as I did not require to launch it on a reserved port (1-1024). Installation instructions could differ for you depending on how Solaris 9 was installed on your host (available packages).

(1) Download the following Solaris packages (not source code) from http://www.sunfreeware.com :

  • libiconv (libiconv-1.11-sol10-sparc-local.gz)
  • gcc (gcc-3.4.6-sol10-sparc-local.gz)
  • libxml2 (libxml2-2.6.31-sol9-sparc-local.gz)

 

(2) Using root user privilege, install the Solaris packages downloaded in step (1) as given below (adhere to the order of installation commands). Comments (prefixed by #) provided for clarity.

 

# First, change directory to location of the downloaded packages.

cd 

# Install the libiconv package

pkgadd -d libiconv-1.11-sol10-sparc-local.gz

# Install the gcc package

pkgadd -d gcc-3.4.6-sol10-sparc-local.gz

# Install the libxml2 package

pkgadd -d libxml2-2.6.31-sol9-sparc-local.gz

NOTE: You may try implementing steps (1) and (2) above with the latest versions of the packages.

 

(3) Download Apache HTTP Server 2.2.12 (httpd-2.2.12.tar.gz) at http://httpd.apache.org/download.cgi and PHP 5.3.0 (php-5.3.0.tar.gz) at http://us2.php.net/downloads.php . Verify the integrity of the downloads using PGP or MD5 (if downloading to a Windows machine, you may use winmd5sum to verify the md5 signature).

 

(4) Set the PATH variable correctly, so that binaries like gcc (typically in /usr/local/bin) and make (typically in /usr/ccs/bin) can be accessed. For example, my PATH is /bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/ccs/bin

 

(5) Compile and Build Apache (I used a non-root user and specified where I want to install Apache with the –prefix option):

 

# Unpack and extract the apache source

gunzip httpd-2.2.12.tar.gz
tar xvf httpd-2.2.12.tar
cd httpd-2.2.12

# Compile and build the apache source
# The –enable-so option is used to load the mod_so module at compile time in order
# to enable DSO Support for shared modules like PHP, mod_proxy, etc.).
# For illustration, apache will be installed in /webserver/apache-2.2.12

./configure --prefix=/webserver/apache-2.2.12 --enable-so
make
make install

(6) Install PHP (I used a non-root user and specified where I want to install PHP with the –prefix option)

 

# Unpack and extract the PHP source

gunzip php-5.3.0.tar.gz
tar xvf php-5.3.0.tar
cd php-5.3.0

# Compile and build the PHP source. For illustration, PHP will be installed in /webserver/PHP-5.3.0.

./configure --prefix=/webserver/PHP-5.3.0 --with-apxs2=/webserver/apache-2.2.12/bin/apxs --with-config-file-path=/webserver/PHP-5.3.0
make
make install

NOTE: If you are installing PHP on a computer that has access to the internet, you may run “make test” after make and before “make install” to assist the PHP community in further development of PHP.

 

(7) Configure PHP

  • If you’ve installed Apache with non-root privileges, then modify ListenPort to a port > 1024 (For example, I configured Listen xx.xx.xx.xx:7777 to enable my apache to listen at port 7777)
  • Add the following snippet to the apache 2.2.12 httpd.conf file

 

#
# The following lines enable Apache to handle PHP requests
#
<Filesmatch  \.php$>
	SetHandler application/x-httpd-php
</Filesmatch>

(8) Test Apache 2.2.12 and PHP 5.3.0

  • Create and save file (e.g. index.php) in the document root (/webserver/apache-2.2.12/htdocs) with the following line:

 

<?php phpinfo() ?>
  • Start Apache 2.2.12 as follows:

 

/webserver/apache-2.2.12/bin/apachectl -k start
  • Access the file using your browser (e.g. http://localhost:7777/index.php).

References:

(1) Apache 2.2 Installation documentation

(2) PHP Installation documentation

VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)