Apache 2.4: Configure mod_proxy_fcgi for remote server

Configure Apache 2.4 fastCGI with mod_proxy_fcgi module for a remote GAS server. If authorization is used, configure a rewrite rule.

If you are configuring mod_proxy_fcgi to connect to a remote GAS server, your Apache configuration file needs to be configured correctly.

Note: Starting with Apache 2.4.11:
  • To ensure application URLs with spaces are decoded correctly, proxy-fcgi-pathinfo must be set to unescape. There is no PATH_INFO with mod_proxy_fcgi unless this is set.
  • You can add the enablereuse=on option in the ProxyPass configuration line, in order to recycle connections to the fastcgi dispatcher.
  • To avoid timeout issues, set the ProxyPass timeout greater than the REQUEST_RESULT GAS configuration. If, for instance, REQUEST_RESULT is set to 60 seconds (default setting), you need to ensure you set the ProxyPass timeout higher at 100 seconds.
  1. Find the Apache configuration file (for example, httpd.conf). It is likely to be located in the /etc/apache2/ path.
  2. Ensure the modules mod_proxy and mod_proxy_fcgi are enabled.
    For example, check your Apache configuration file for the load module directives for these modules; bearing in mind that your configuration may be different. Make sure the hash symbol (#) is removed from the start of the line.
    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
  3. Add the following configuration to the GAS virtual host:

    These directives typically need to be added to your GAS virtual host configuration (identified by the element <VirtualHost>) for both HTTP and HTTPS.

    ...
    <VirtualHost _default_>
      <IfModule proxy_fcgi_module>
    
        # Unescapes the path component of the request URL.
        SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
    
        # Maps the fastcgi server to the GAS URL space
        ProxyPass /gas/ fcgi://<gas-server-ip>:<gas-server-port>/ enablereuse=on timeout=100
         
    
      </IfModule>
    </VirtualHost >
    ... 
    Where:
    • <gas-server-ip> is the address of the remote server where the GAS is running.
    • <gas-server-port> is the port where fastcgidispatch is listening.
    • /gas/ directory is just a virtual directory, no need to create one.

Rewrite-rule for authorization headers

If you are using authorization headers, the module mod_rewrite must be enabled in your Apache configuration file. For example, the load module directive for this module must appear without the hash (#) at the start of the line:

LoadModule rewrite_module modules/mod_rewrite.so
Also you need to be aware of the following:
  • Authorization headers need to be base64 encoded. Apache discards the Authorization header if it is not a base64-encoded user/password combination. A rewrite rule (see Apache 2.4 documentation) can be used to rewrite it from the server variable.
  • A ProxyPassReverse directive is set to adjust or rewrite URLs in response headers before forwarding them on to the client. For example, an authorization request will cause a redirect to an authentication server and Apache adjusts this URL to the local URL before forwarding the HTTP redirect response to the client.

    For more details on Apache, see Apache 2.4 documentation.

    An example configuration is shown:

...
<VirtualHost _default_>
  
  <IfModule proxy_fcgi_module>
    ...
    # Unescapes the path component of the request URL
    SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape

    # Recreates the authorization header from the %{HTTP:Authorization} variable
    RewriteEngine on
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Maps the fastcgi server to the GAS URL space
    ProxyPass /gas/ fcgi://<gas-server-ip>:<gas-server-port>/gas/ enablereuse=on timeout=100
     
 

    # Rewrites URL in response headers
    ProxyPassReverse /gas/ http://<gas-server-ip>:<gas-server-port>/gas/

  </IfModule>

</VirtualHost>
...