Apache: configure for reverse proxy

An Apache reverse proxy configuration allows you to get the URL used by the JGAS when a reverse proxy server is used.

Warning: Apache configuration subject to change

Configuration instructions provided in this page will probably work in the majority of situations, but sometimes they may require adaptation depending on the version of Apache you have. Therefore, we recommend that you refer to the Apache documentation (external link) if you need to know about specific configuration options. In production environments, the configuration of the Apache HTTP server should be carried out by a system administrator to avoid security issues.

For information on Apache reverse proxy configuration, refer to the Apache documentation.
Tip:

Simplifying the configuration

In your network configuration for reverse proxy it is recommended to use the same URI (for example, /gas) for the reverse proxy as the backends where the JGAS is running. This means that you will not need to do any further configuration than what is outlined in the steps in this task.

On the other hand, if the URI for your proxy server is at, for example, http://host:port/main and the JGAS is listening on http://host:port/backend, you will need to also configure the following directive:
ProxyFCGISetEnvIf "true" SCRIPT_NAME "/main"

This directs the Apache web server to build URLs with the /main URI instead of the /backend URI.

About this task:

When the JGAS sits behind a proxy, the Apache reverse proxy configuration ensures the JGAS URLs are reachable provided the following X-Forwarded headers are available: X-Forwarded-Proto should contain HTTP or HTTPS, X-Forwarded-Host should contain host:port, and X-Forwarded-Prefix should contain the PathBase (/path/base) of the URI.

The JGAS will automatically use these header values (if present) to build the URL used by the client.

In this task, you configure Apache for the X-Forwarded headers. For more information on forwarded HTTP headers, see rfc7239.

  1. Find the Apache configuration file (for example, httpd.conf). It is likely to be located in the /etc/apache2/ path.
  2. Ensure the modules mod_headers and mod_rewrite are enabled.
  3. Configure the virtual host for reverse proxy:
    ProxyPass and ProxyPassReverse directives typically need to be added to your virtual host configuration (identified by the element <VirtualHost>). In the examples for both HTTP and HTTPS, these directives ensure Apache performs the reverse proxy actions:
    • Apache delivers requests with the URI /gas to the backend server specified in ProxyPass.
    • Apache modifies headers generated by the backend, specified by ProxyPassReverse, to point to the reverse proxy server instead of back to the backend server.
    For HTTP:
    ...
    <VirtualHost _default:80>
      ServerName mymainserver.com
      ...
      <Location "/gas">
        ProxyPass http://mybackend.com:9080/gas/
        ProxyPassReverse http://mybackend.com:9080/gas/
      </Location
    </VirtualHost>
    ... 

    For HTTPS:

    Typically, the reverse proxy and web server exchange data via HTTP on an internal network, while clients connecting to the reverse proxy come from the internet and communicate over a secure HTTPS connection.

    ... 
    <VirtualHost _default_:443>
      ServerName mymainserver.com
      SSLEngine on
      RequestHeader set "X-Forwarded-Proto" https
      ... 
      <Location "/gas">
        ProxyPass http://mybackend.com:9080/gas/
        ProxyPassReverse http://mybackend.com:9080/gas/
      </Location
    </VirtualHost>
    ...