Recently, I used a Reverse Proxy server to work around a constraint. I wanted to host a monitoring dashboard (website) at port 80 on a corporate intranet host, but running Apache (or any software) to listen at port 80 (or any port from 1 to 1024) on UNIX requires root privilege. Since the use of root privilege has been significantly restricted by my System Administrators, it would have been very inefficient and cumbersome to administer the website because my team would have had to raise a formal request to the Sys Admins via Change Management procedures whenever it was required to restart/administer Apache. So, I used a standard user to run Apache (hosting the website) to listen the a non-privileged port 7777 and configured a reverse proxy Apache server instance to listen at port 80 and forward requests to the Apache server instances which hosted the website at port 7777. Now, we can do whatever administration work we require on the Apache web server instance hosting the website without being dependent on the Sys Admins. If the reverse proxy apache web instance goes down, we will need to seek assistance from the Sys Admins to start it, but there’s very low probability of the reverse proxy apache web instance going down. My use of a reverse proxy server, as described above, is illustrated in the figure below:
Given below, are the steps I followed to set up a reverse proxy server using Apache 2.2.12 on Solaris 9:
Note: As a prerequisite, Apache 2.2.12 must be compiled with the ––enable-so option to enable Apache to load modules dynamically at runtime.
STEP 1: Build and load the Apache proxy modules
Apache requires the mod_proxy and mod_proxy_http modules to serve as a reverse proxy server for HTTP requests. The source code (.c files) for these modules are available in the apache source code repository. Build and install the required proxy modules using the APache eXtenSion (apxs) tool as follows:
# Note that the apache ServerRoot is /apache-2.2.12 in the examples below. Run the following commands in the source repository directory containing the relevant “.c” files (httpd-2.2.12/modules/proxy/). # # Build and install mod_proxy module. /apache-2.2.12/bin/apxs -i -a -o mod_proxy.so -c mod_proxy.c proxy_util.c # Build and install mod_proxy_http module. /apache-2.2.12/bin/apxs -i -a -o mod_proxy_http.so -c mod_proxy_http.c proxy_util.c |
STEP 2: Configure the required reverse proxy directives
Having extended Apache with "proxy" functionality in STEP 1, you will now need to tell Apache how you wish to use this new functionality and to do this, you must use the Proxypass and ProxyPassReverse directives in httpd.conf. Given below are directives which I used in httpd.conf to reverse proxy all HTTP requests coming in at port 80 to a website hosted on apache at port 7777:
ProxyPass / http://www.mydomain.com:7777/ ProxyPassReverse / http://www.mydomain.com:7777/ |
STEP 3: Restart Apache for the changes to take effect
mrkips@kipsserver: /apache-2.2.12/bin/apachectl -k restart |
