[Apache] Creating a reverse-proxy

Sometimes, we have several application servers on different computers and we want that applications hosted on them can be accessed from a unique entry point.
This entry point is often behind a domain name mapped on a unique IP address. It's possible to provide several application serves with one httpd Apache server which will be the entry point.

This one can authorize access to applications with htaccess.

Different kinds of reverse proxy
Setting the scene
Reverse-Proxy with URL rewriting
Reverse-Proxy with mod_proxy

Different kinds of reverse proxy :

With httpd it's possible to do reverse proxy by 2 ways :

by URL rewriting
with the Proxy module

URL rewriting advantages is that this module is often integrated by default in httpd and o, easy to use.
On the other hand, the Proxy module isn't set up and therefore it must be added. This last module is totally dedicated to this task and so, it is optimum.

Sometimes, we have to use both in the same time.
For example, in my company, we have Ruby On Rails and Java applications. Strangely, the reverse proxy made with the URL rewriting works with Rails applications but doesn't with Java apps and the Proxy module works with Java app but doesn't with Rails apps...

It's possible to use both methods in the same time without problem.

Setting the scene :

The reverse proxy is the only entry point and behind it, some applications must be protected by htaccess.

To do this, I'd used VirtualHost of httpd, each one redirecting to the same "application" : a simple PHP page as a portal.
Each application responses by a subdomain name.

extract from the index.php portal page :

<html>
<head>
<title>Pavnay's backoffice portal</title>
<link href="/stylesheets/mycss.css" media="screen" rel="Stylesheet" type="text/css" />
</head>
<body>
    
<a href="/" title="Back-Office"><img src="/images/pavnay.gif" width="230" height="51" alt="Pavnay" /></a>                    
<div id="overDiv" style="position:absolute; visibility:hidden; z-index:1000;"></div>
    <div>    
        <div>
        
        <ul class="Menu" />
        <div id="session-navhelp" />        
    </div>        
   </div>
   <div id="page">
    <div id="tips"><br /></div>
            <div id="content" align="center">
                <br />
                <p><strong>Access to</strong></p>
                <br />

                <ol>     
                    <li> <a href="http://app1.<?php echo $_SERVER['HTTP_HOST']; ?>">Application 1<a><br />
                    <li> <a href="http://app2.<?php echo $_SERVER['HTTP_HOST']; ?>">Application 2<a><br />
                    <li> <a href="http://app3.<?php echo $_SERVER['HTTP_HOST']; ?>">Application 3<a><br />
                    <li> <a href="http://app4.<?php echo $_SERVER['HTTP_HOST']; ?>">Application 4<a><br />

                </ol>

           </div>
    </div>
</body>
</html>

This simple page provides a portal to intra and extra net... This portal listens for example and the http://pavnay.fr address and applications behind have address ass http://app1.pavnay.fr.
Now, creation and configuration of VirtualHost .

Reverse-Proxy with URL rewriting :

It's easy to create a reverse-proxy with URL rewriting.
To do this, httpd must have the mod_rewrite module.

RewriteEngine On    
RewriteLogLevel 100    
RewriteLog "/usr/local/apache2/logs/rewrite.log"    
RewriteMap mapping txt:/usr/local/apache2/conf/mapping.txt    
RewriteCond ${mapping:%{SERVER_NAME}|NOT-FOUND} !=NOT-FOUND    
RewriteRule ^/(.*)$  http://${mapping:%{SERVER_NAME}}/$1 [QSA,NC,P,L]

Some explanations :

RewriteEngine On activates the URL rewriting module
RewriteMap declares the mapping file
RewriteCond allows to map a domaine name with an associated application
RewriteRule is the internal redirection between the client and the targeted application. The reverse-proxy works because of the P flag at the end of line

In this example, the mapping between the URL and the application is done by the /usr/local/apache2/conf/mapping.txt file :

app1.pavnay.fr server.pavnay.local:3001 
app2.pavnay.fr server.pavnay.local:3002  
app3.pavnay.fr 192.168.1.100:80

Here, the public URL app1.pavnay.fr is rewritten to point to the hosted application on a server (server.pavnay.local) listening in the 3001 port.

The complete VirtualHost setting up for a reverse-proxy using the URL rewriting :

 <VirtualHost *:80>
   ServerAdmin postmaster@pavnay.fr
   ServerName pavnay.fr
   ServerAlias *.pavnay.fr
   RewriteEngine On
   RewriteLogLevel 100
   RewriteLog "/usr/local/apache2/logs/rewrite.log"
   RewriteMap mapping txt:/usr/local/apache2/conf/mapping.txt
   RewriteCond ${mapping:%{SERVER_NAME}|NOT-FOUND} !=NOT-FOUND
   RewriteRule ^/(.*)$  http://${mapping:%{SERVER_NAME}}/$1 [QSA,NC,P,L]
   DocumentRoot "/usr/local/webapps/portal"
   <Directory "/usr/local/webapps/portal">
         Options Indexes
         AllowOverride None
         Order allow,deny
         Allow from all
   </Directory>
</VirtualHost>

Reverse-Proxy with mod_proxy

The mod_proxy module is the natural way to do reverse-proxy.
It's easy to it but it's necessary to compile it with httpd ot to link it later.

 <VirtualHost *:80>
    ServerName app4.pavnay.fr
    ErrorLog "logs/app4-error_log"
    CustomLog "logs/app4-access_log" common
    ProxyRequests Off
    ProxyPass / http://app4.pavnay.local/
    ProxyPassReverse / http://app4.pavnay.local/
</VirtualHost>

Quelques explication :

ProxyRequest Off is the default value and doesn't prevent ProxyPass to work
ProxyPass maps a path (URI) to an URL (here / with the remote application address)
ProxyPassReverse manages the redirection responses header Location send by the remote application

And there, nothing is simplest...

Again, I don't know why the way to do a reverse proxy is depending of remote applications.
Because I needed to manage different applications I did a generic VirtualHost with the URL rewriting and some with the Proxy module (one VirtualHost per application).