Apache Reverse Proxy

Apache Reverse Proxy

Apache HTTP can function as a reverse proxy server, instead of its normal use as a web server. As a reverse proxy server, Apache wouldn’t host the web pages and other data, but would instead rely on other Apache HTTP servers behind it to provide those web services. Again, the Apache Reverse Proxy Server would act as a gateway to one or more servers, protecting them from direct traffic.

This layout provides an extra layer of security, as well as assisting with load balancing and increasing a clsuter’s high-availability. Regarding security, it not only provides a barrier to outside traffic, but it can handle authentication for all of the servers it protects. This is provided that the back-end servers, as well as the structure and processing of traffic are done right, so that they are insulated from external attacks. Key to this is that the reverse proxy server is the only entry point and all traffic passes through it.

For more information on Apache Reverse Proxy and related directives, see the Apache Reverse Proxy documentation.

Apache Reverse Proxy with Humio

When using an Apache Reverse Proxy server to act as a gateway and a load balancer for other Apache HTTP web servers, you can integrate the Reverse Proxy server with Humio. To do this, you would have to modify the Apache configuration file to provide a VirtualHost for Humio traffic.

Below is the basic configuration, a set of Apache directives for integration with Humio:

ini
<VirtualHost *:443>
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/demo.humio.xyz/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/demo.humio.xyz/privkey.pem
    DocumentRoot "/var/www/html"
    ServerName demo.humio.xyz
    ErrorLog "/var/log/httpd/demo.error_log"
    CustomLog "/var/log/httpd/demo.access_log" common
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
    RewriteEngine on
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) "ws://localhost:8080/$1" [P,L]
</VirtualHost>

You would, of course, change the values for some of these directives to suit your servers. In particular, the values for the SSLCertificateFile, the SSLCertificateKeyFile, and the ServerName directives will need to be changed.