Apache Reverse Proxy

Apache HTTP can function as a reverse proxy server, instead of its normal use as a web server. As a reverse proxy server, Apache wouldn't host the web pages and other data, but would instead rely on other Apache HTTP servers behind it to provide those web services. Again, the Apache Reverse Proxy Server would act as a gateway to one or more servers, protecting them from direct traffic.

This layout provides an extra layer of security, as well as assisting with load balancing and increasing a cluster's high-availability. Regarding security, it not only provides a barrier to outside traffic, but it can handle authentication for all of the servers it protects. This is provided that the back-end servers, as well as the structure and processing of traffic are done right, so that they are insulated from external attacks. Key to this is that the reverse proxy server is the only entry point and all traffic passes through it.

For more information on Apache Reverse Proxy and related directives, see the Apache Reverse Proxy documentation.

<VirtualHost *:443>
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/demo.humio.xyz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/demo.humio.xyz/privkey.pem
    DocumentRoot "/var/www/html"
    ServerName demo.humio.xyz
    ErrorLog "/var/log/httpd/demo.error_log"
    CustomLog "/var/log/httpd/demo.access_log" common
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) "ws://localhost:8080/$1" [P,L]
</VirtualHost>