How To Use Apache as a Reverse Proxy on Ubuntu 16.04

How To Use Apache as a Reverse Proxy with mod_proxy on Ubuntu 16.04


A reverse proxy is a type of proxy server that takes HTTP(S) requests and transparently distributes them to one or more backend servers. Reverse proxies are useful because many modern web applications process incoming HTTP requests using backend application servers which aren’t meant to be accessed by users directly and often only support rudimentary HTTP features.

You can use a reverse proxy to prevent these underlying application servers from being directly accessed. They can also be used to distribute the load from incoming requests to several different application servers, increasing performance at scale and providing fail-safeness. They can fill in the gaps with features the application servers don’t offer, such as caching, compression, or SSL encryption too.


Step 1 — Enabling Necessary Apache Modules

Apache has many modules bundled with it that are available but not enabled in a fresh installation. First, we’ll need to enable the ones we’ll use in this tutorial.

The modules we need are mod_proxy itself and several of its add-on modules, which extend its functionality to support different network protocols. Specifically, we will use:

  1. mod_proxy, the main proxy module Apache module for redirecting connections; it allows Apache to act as a gateway to the underlying application servers.
  2. mod_proxy_http, which adds support for proxying HTTP connections.
  3. mod_proxy_balancer and mod_lbmethod_byrequests, which add load balancing features for multiple backend servers.

To enable these four modules, execute the following commands in succession.

To put these changes into effect, restart Apache.

Apache is now ready to act as a reverse proxy for HTTP requests. In the next (optional) step, we will create two very basic backend servers.


Step 2 — Create New Virtual Host Files

This method uses Apache2 virtual host configuration files on the primary server (to which the router sends port 80 traffic).

Create a new virtual host file:

Add the following lines to suit your needs:

Save and close the file.

Enable new virtual host file:

When you are finished, you need to restart Apache to make these changes take effect:



Step 3 — Log Client IP AND X-Forwarded-For IP

When placing apache web servers behind a load-balancing proxy like the BigIP or Pound or behind a caching proxy like Squid or a BlueCoat proxy, the client IP address from the browser is replaced with the IP address of the load-balancer/proxy.

Install mod_remoteip

You can configure your Apache server to log the X-Forwarded-For request header. Configure Apache to log the X-Forwarded-For header by completing the following steps:

  1. Locate the main Apache configuration file httpd.conf. This file is usually located at /etc/httpd/conf/httpd.conf
  2. Edit the configuration file and find the section that contains LogFormat.
  3. Add the following to your combined LogFormat: “%{X-Forwarded-For}i
  4. Consider the following example code in logformat:
  5. After making these changes, you must restart the apache2 service:


Enable SSL Reverse-Proxy Support

If you want to enable SSL support to your Reverse-Proxy connections, then you will need to enable the SSL module first.

To enable this module, run:

After you have enabled SSL, you’ll have to restart the Apache service for the change to be recognized.

Next, you will need to generate self-signed certificate for Reverse-Proxy Server read this for more info

Generate self-signed certificate on redirect server ( in this example

Copy all certificates file from redirect server to Reverse-Proxy Server

add this config to /etc/apache2/sites-available/proxy-host.conf file

now /etc/apache2/sites-available/proxy-host.conf file look like this

To put these changes into effect, restart Apache.

If certificates file from redirect server change or update, dont forget to copy it to Reverse-Proxy Server