Apache as forward/reverse proxy server
Apache HTTPD and NGINX are some of the famous names in the world of open source for proxy solutions. What exactly does the term web proxy mean? It is something of a cross between the web server and a web client. It can be thought of as an intermediary system that sits between clients and normal web servers in order to facilitate or streamline the process of retrieving web pages. This configuration is often referred as a three-3-tier model also.
A forward proxy takes the request of the client and forwards the request to the destination based on configuration. It can be used to bypass firewall restrictions. On other hand, a reverse proxy takes requests from the internet and forward these requests to one of the web servers.
For an example, I will list three computers connected to the internet. ( credit: stackoverflow.com )
- X = your computer, or “client” computer on the internet
- Y = the proxy web site, proxy.example.org
- Z = the web site you want to visit, www.example.net
Normally, one would connect directly from
X --> Z
In the forward proxy, Y will connect to Z (
Y --> Z ) on behalf of
X, which chains as follows:
However, in some scenarios ( reverse proxy ), it is better for the administrator of
Z to restrict or disallow direct access and force visitors to go through Y first. So, as before, we have data being retrieved by
Y --> Z on behalf of
X, which chains as follows:
What is different this time compared to a “forward proxy,” is that this time the user
X does not know he is accessing
Z, because the user
X only sees he is communicating with
Z is invisible to clients and only the reverse proxy
Y is visible externally. A reverse proxy requires no (proxy) configuration on the client side.
Reasons why X would want to use a forward proxy server:
Here is a (very) partial list of uses of a forward proxy server.
X is unable to access Z directly because
I) Someone with administrative authority over
X‘s internet connection has decided to block all access to site
a ) The Storm Worm virus is spreading by tricking people into visiting
familypostcards2008.com, so the system administrator has blocked access to the site to prevent users from inadvertently infecting themselves.
b) Employees at a large company have been wasting too much time on
facebook.com, so management wants access blocked during business hours.
II) The administrator of
Z has blocked
a) The administrator of Z has noticed hacking attempts coming from X, so the administrator has decided to block X’s IP address (and/or netrange).
b) Z is a forum website.
X is spamming the forum. Z blocks X.
Reasons why Z would want to set up a reverse proxy server:
1) Z wants to force all traffic to its web site to pass through Y first.
a) Z has a large web site that millions of people want to see, but a single web server cannot handle all the traffic. So Z sets up many servers and puts a reverse proxy on the internet that will send users to the server closest to them when they try to visit Z. This is part of how the Content Distribution Network (CDN) concept works.
Examples:Apple Trailers uses Akamai
2) The administrator of Z is worried about retaliation for content hosted on the server and does not want to expose the main server directly to the public.
a) Owners of Spam brands such as “Canadian Pharmacy” appear to have thousands of servers, while in reality having most websites hosted on far fewer servers. Additionally, abuse complaints about the spam will only shut down the public servers, not the main server. ( credit for this example goes to https://bit.ly/2IrsnlJ )
Back to our main topic. Apache as forward/ reverse proxy. We will be using Ubuntu as OS for installing Apache Server.
Start with Apache Server installation
# apt install apache2 # On Ubuntu
Lets create a new Apache configuration file ( my-locallab.local.conf ). You can also edit the default Apache configuration file, but not recommended.
ServerName my-locallab.local # YOUR DOMAIN NAME
ProxyPass / http://TOMCAT-SERVER-IP:8080/
ProxyPassReverse / http://TOMCAT-SERVER-IP:8080/ # YOUR TOMCAT IP ADDRESS
Run the following command to test syntax validity
# apache2ctl configtest # On Ubuntu
Restart Apache service using following command
# service apache2 restart # On ubuntu
RSS Source: https://www.blog.anupchhetri.com/?p=1612