Protect Your Ports with a Reverse Proxy

In a previous article, I discussed Apache Tomcat, which is the ideal way to run Java applications from your server. I explained that you can run those apps from Tomcat's default 8080 port, or you can configure Tomcat to use port 80. But, what if you want to run a traditional Web server and host Java apps on port 80? The answer is to run a reverse proxy.

The only assumption I make here is that you have a Web-based application running on a port other than port 80. This can be a Tomcat app, like I discussed in my last article, or it can be any Web application that has its interface via the Web (such as Transmission, Sick Beard and so on). The other scenario I cover here is running a Web app from a second server, even if it's on port 80, but you want it to be accessed from your central Web server. (This is particularly useful if you have only one static IP to use for hosting.)

The way reverse proxying works, at least with the Apache Web server, is that every application is configured as a virtual host. Just like you can host multiple Web sites from a single server using virtual hosting, you also can host separate Web apps as virtual hosts from that same server. It's not terribly difficult to configure, but it's very useful in practice. First things first. On your server, you have the Web server installed (Figure 1). You also have a Web application on port 8080 (Figure 2). Along with the working Apache Web server, you need to make sure virtual hosting (by name) is enabled.

Figure 1. I have Apache installed, and it's hosting a very simple page. on port 80.

Figure 2. I have a Web application running on port 8080 on the server located at 192.168.1.11.

Enabling Name-Based Virtual Hosts

Enabling name-based virtual hosting on Apache is extremely common, and it's very simple to do. Depending on what distribution you're using, the "proper" location for enabling name-based virtual hosting may differ. The nice thing about Apache, however, is that generally as long as the directive is specified somewhere in the configurations, Apache will honor it.

My local test server is running Ubuntu. In order to determine where the "proper" place to enable name-based virtual hosting is, I simply went to the /etc/apache2 directory and executed:


grep NameVirtualHost *

That command searches for the NameVirtualHost directive, and it returned this:


root@server:/etc/apache2# grep NameVirtualHost *
ports.conf:NameVirtualHost *:80
ports.conf:    # If you add NameVirtualHost *:443 here, 
               # you will also have to change

Those results tell me that the NameVirtualHost directive is specified in the /etc/apache2/ports.conf file. (Note that grep will return only the lines that contain the search term, which is why it shows those two out-of-context lines above. The important thing is the filename ports.conf, which is what I was looking for.) Again, with Apache, it generally doesn't matter where you specify directives, but I like to stick with the standards of the particular distribution I'm using, if only for the sake of future administrators.

To enable name-based virtual hosting, you simply uncomment:


NameVirtualHost *:80

from the file, and save it. If you can't find a file that contains such a directive commented out, just add the line to your apache.conf or httpd.conf file. Then you need to specify a VirtualHost directive for the virtual host you want to create. This process is the same whether you're making a traditional virtual host or a reverse proxy virtual host.

______________________

Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

CANADA WEB PROXY?

canada web proxy's picture

Our internet site delivers web-based proxies that can be used to be able

to unblock websites such as Vimeo by skipping system filtration systems

made because of your business.

With laptop or computer communities, a proxy server is really a server
that will functions as an intermediary with regard to asks through

customers seeking methods through various other hosting space. Litigant

links towards the proxy server, asking for several program, for instance a

report, connection, web page, as well as various other learning resource

offered from a different server and the proxy server measures this demand

as a way to simplify and command the difficulty. Proxies were being

created to include construction and encapsulation to help spread devices.

Today, the majority of proxies are world wide web proxies, facilitating

access to information in online.

The Design The Lamborghini

sollen's picture

The Design The Lamborghini Veneno brings the aerodynamic efficiency of a racing prototype to the road. Every detail of its form pursues a clear function Off-road Vehicle Work Lights exceptional dynamics, optimum downforce with minimal drag and perfect cooling of the high-performance engine.

Excellent article Shawn! We

Nicky Helmkamp's picture

Excellent article Shawn! We just wanted to let you know we included it in our Monthly Resource Roundup http://www.interworx.com/community/the-monthly-round-up-decembers-best-s...

Cheers!

Domains By Proxy

Anonymous's picture

nice and good comment from you and i have good site and there is useful for all most student and some place ,

http://domainsby-proxy.blogspot.com/

Thanks Shawn

Carbonsink's picture

Good post Shawn. I have used Squid in the past as a reverse proxy but your method is simpler, and better if your needs are simple and have Apache installed already. Thanks!

BTW, how about designating a small number of readers as moderators to have the power to remove comment spam from the site? I'd volunteer to do it. It would be less work to delete the spam afterwards than to review it before it got posted (even through the latter method would be more effective).

debian way

dns's picture

A few points for debian / ubuntu that you should use the debian tools to manage the config instead of creating some of the config yourself.
These tools set up the symlinks to manage modules and sites.

Instead of creating the symlinks yourself the best way is to use a2ensite and a2dissite.

sudo a2ensite reverseprox
sudo a2dissite reverseproxy

Likewise you should not include the load module statements with your site, instead you should use a2enmod and a2dismod to include the modules
sudo a2enmod proxy_http

If you do it this way the module is loaded once.

You do not need to restart Apache to update the configuration.
sudo a2enmod proxy_http

Re: debian way

boltronics's picture

This. The article should be changed to use those tools. I cringed with every ln command I read. :)

Reply to comment | Linux Journal

Jens's picture

Nice post. I learn something new and challenging on sites I stumbleupon on a daily basis.

It will always be interesting to read articles from other writers and use a
little something from other sites.

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState