Apache Reverse Proxy
Apache HTTP can function as a reverse proxy server, instead of its normal use as a web server. As a reverse proxy server, Apache wouldn't host the web pages and other data, but would instead rely on other Apache HTTP servers behind it to provide those web services. Again, the Apache Reverse Proxy Server would act as a gateway to one or more servers, protecting them from direct traffic.
This layout provides an extra layer of security, as well as assisting with load balancing and increasing a cluster's high-availability. Regarding security, it not only provides a barrier to outside traffic, but it can handle authentication for all of the servers it protects. This is provided that the back-end servers, as well as the structure and processing of traffic are done right, so that they are insulated from external attacks. Key to this is that the reverse proxy server is the only entry point and all traffic passes through it.
For more information on Apache Reverse Proxy and related directives, see the Apache Reverse Proxy documentation.
Apache Reverse Proxy with LogScale
When using an Apache Reverse Proxy server to act as a gateway and a load balancer for other Apache HTTP web servers, you can integrate the Reverse Proxy server with LogScale. To do this, you would have to modify the Apache configuration file to provide a VirtualHost for LogScale traffic.
Below is the basic configuration, a set of Apache directives for integration with LogScale:
<VirtualHost *:443>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/demo.humio.xyz/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/demo.humio.xyz/privkey.pem
DocumentRoot "/var/www/html"
ServerName demo.humio.xyz
ErrorLog "/var/log/httpd/demo.error_log"
CustomLog "/var/log/httpd/demo.access_log" common
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://localhost:8080/$1" [P,L]
</VirtualHost>
You would, of course, change the values for some of these directives to
suit your servers. In particular, the values for the
SSLCertificateFile
, the
SSLCertificateKeyFile
, and the
ServerName
directives will
need to be changed.