Think of Apache as a polite bouncer that forwards requests to your backend apps and keeps the drama out of public view. This guide shows how to enable the right modules set up virtual hosts and proxy rules and add a few security tweaks so you do not accidentally open your server to the entire internet.
On Debian derivatives the a2enmod helper will save you typing. The key modules are mod_proxy mod_proxy_http and mod_proxy_balancer. You may also want mod_headers and mod_rewrite for header work and redirects.
sudo a2enmod proxy proxy_http proxy_balancer headers rewrite
sudo systemctl restart apache2
Here is a minimal but realistic example that uses ProxyPass ProxyPassReverse and a balancer. It preserves the Host header so backend apps see the original domain.
<VirtualHost *:80>
ServerName example.com
ProxyPreserveHost On
# Public path mapped to a balancer pool
ProxyPass "/app/" "balancer://appcluster/"
ProxyPassReverse "/app/" "balancer://appcluster/"
<Proxy 'balancer://appcluster/'>
BalancerMember 'http://10.0.0.10:8080'
BalancerMember 'http://10.0.0.11:8080'
# Optional stickyness or load methods go here if needed
</Proxy>
# Pass client info to the backend
RequestHeader set X-Forwarded-Proto 'http'
RequestHeader set X-Forwarded-For '%{REMOTE_ADDR}s'
ErrorLog '/var/log/apache2/proxy-error.log'
CustomLog '/var/log/apache2/proxy-access.log' combined
</VirtualHost>
Reverse proxies can accidentally become open proxies if mapping is too permissive. Protect internal paths and admin interfaces and limit what gets proxied.
# Block common internal endpoints from being proxied
<LocationMatch "^/(?:server-status|server-info|\.git)">
Require all denied
</LocationMatch>
# Allow only safe methods on proxied paths
<Location "/app/">
<LimitExcept GET POST HEAD>
Require all denied
</LimitExcept>
</Location>
Terminate TLS at the proxy for public traffic and keep backend connections on the private network. If backend servers require encryption then use https in the BalancerMember URL and verify certificates where appropriate.
Reload gracefully and then poke the proxy with curl or a browser. Inspect headers and backend logs to confirm the Host and X Forwarded headers reached the app.
sudo systemctl reload apache2
# Quick checks
curl -v -H 'Host: example.com' 'http://proxy-host/app/'
curl -I 'http://proxy-host/app/'
Follow these steps and you will have a reliable Apache reverse proxy using mod_proxy with clear ProxyPass and ProxyPassReverse mappings a sensible balancer configuration and a few security fences so your server behaves like a responsible gatekeeper.
I know how you can get Azure Certified, Google Cloud Certified and AWS Certified. It's a cool certification exam simulator site called certificationexams.pro. Check it out, and tell them Cameron sent ya!
This is a dedicated watch page for a single video.