How to setup an Apache Reverse Proxy server for XL Deploy/Release

Follow

Shashank Srivastava -

Scenario

There are times when you want to strip off XL Deploy or XL Release ports while accessing XL Deploy/Release in browser for security reasons. This guide will help you get started with setting up an Apache Reverse Proxy server quickly so that you can access XLD/R via this proxy. This guide is based on Ubuntu but you can easily modify it according to your OS. Please note that the purpose of this article is to provide you with a very simple working setup quickly. More complex customisations & security enhancements are out of scope.

Environment

XL Release, XL Deploy, Ubuntu

Steps to Perform

Configure Reverse Proxy Server.

1. Install core product.

Install Apache, if not already done. It is as simple as issuing –

root@shashank-reverse-proxy-server:/home/shashank# apt-get install-y apache2 apache2-doc apache2-utils

2. Install necessary modules.

Issue below command to install modules required for proxy server.

root@shashank-reverse-proxy-server:/home/shashank# apt-get install libapache2-mod-proxy-html libxml2-dev

3. Enable Apache modules.

Issue below command to enable all the required Apache modules.

root@shashank-reverse-proxy-server:/home/shashank# a2enmod proxy proxy_ajp proxy_http rewrite deflate headers proxy_balancer proxy_connect proxy_html

4. Configure proxy configuration.

We will now create an Apache proxy configuration file that will enable proxy. Start with creating a file like this.

root@shashank-reverse-proxy-server:/home/shashank# vim /etc/apache2/mods-available/mod_reverse_proxy.conf
Below are the contents.
<IfModule mod_proxy.c>

       # If you want to use apache2 as a forward proxy, uncomment the
        # 'ProxyRequests On' line and the <Proxy *> block below.
        # WARNING: Be careful to restrict access inside the <Proxy *> block.
        # Open proxy servers are dangerous both to your network and to the
        # Internet at large.
        #
        # If you only want to use apache2 as a reverse proxy/gateway in
        # front of some web application server, you DON'T need
        # 'ProxyRequests On'.

       #ProxyRequests On
        <Proxy *>
        #   AddDefaultCharset off
        #   Require all denied
        #   #Require local
        </Proxy>

       # Enable/disable the handling of HTTP/1.1 "Via:" headers.
        # ("Full" adds the server version; "Block" removes all outgoing Via: headers)
        # Set to one of: Off | On | Full | Block
        #ProxyVia Off

</IfModule>

5. Define port for proxy server.

Now we need to define the port on which our proxy server must run. Issue this command after backing up the original file. You can also use the default port i.e. 80. 

root@shashank-reverse-proxy-server:/home/shashank# sed -i -e 's/80/8889/g' /etc/apache2/ports.conf

You can see that I have replaced default port 80 with 8889. Choose any port that you like & is available. Default will also do.

6. Define a Virtual Host.

Its now time to define a Virtual Host which is a separate instance of your web-server(remember you can host multiple sites on a single Apache server). We are defining it to enable more fine-grained logs & customise proxy settings. Start with backing up the original default Virtual Host.

root@shashank-forward-proxy-server:/home/shashank# cp -p /etc/apache2/sites-enabled/000-default.conf /etc/apache2/sites-enabled/000-default.conf.orig


Now edit this /etc/apache2/sites-enabled/000-default.conf file to define logs location & port. Below are the contents of this file.

You can see that I have customised my proxy server in a way that whenever a request is made to IP address (or hostname/FQDN depending upon DNS/hosts file), it is redirected to the XL Deploy server.

In other words, I will point my browser to IP address of my Apache Proxy Server & it will redirect me to XL Deploy GUI. I also defined the custom log location.

<VirtualHost *:*>
 # The ServerName directive sets the request scheme, hostname and port that
 # the server uses to identify itself. This is used when creating
 # redirection URLs. In the context of virtual hosts, the ServerName
 # specifies what hostname must appear in the request's Host: header to
 # match this virtual host. For the default virtual host (this file) this
 # value is not decisive as it is used as a last resort host regardless.
 # However, you must set it for any further virtual host explicitly.
 #ServerName www.example.com
 ProxyPreserveHost On
 ProxyPass / http://192.168.0.50:4516/
 ProxyPassReverse / http://192.168.0.50:4516/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
 # error, crit, alert, emerg.
 # It is also possible to configure the loglevel for particular
 # modules, e.g.
 #LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error_reverse_proxy.log
 CustomLog ${APACHE_LOG_DIR}/access_reverse_proxy.log combined
# For most configuration files from conf-available/, which are
 # enabled or disabled at a global level, it is possible to
 # include a line for only one particular virtual host. For example the
 # following line enables the CGI configuration for this host only
 # after it has been globally disabled with "a2disconf".
 #Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

7. Enable the Virtual Host.

Now enable your newly created Virtual Host.

root@shashank-forward-proxy-server:/home/shashank# a2ensite 000-default.conf

8. Restart Apache.

Configuration is now done & we must restart Apache to load these new settings.

root@shashank-reverse-proxy-server:/home/shashank# service apache2 restart
 * Restarting web server apache2 [Wed Dec 13 07:55:31.032735 2017] [proxy_html:notice] [pid 2940:tid 140143966525312] AH01425: I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly.
Access XL Deploy.

My example is based off of XL Deploy, hence I have used XLD port in proxy settings. You can replace that with XLR port if needed.

To access XL Deploy or Release, point your browser to IP address/hostname/FQDN of your Apache proxy server. If you defined a non-default port in step #5, suffix that port.

Additional Information

If you check /var/log/apache2/access_reverse_proxy.log file, you will see that requests made to proxy server are redirecting to your XLD/R server.

Also, see the attached configuration files.

Tags

xl-release, xl-deploy, how-to, proxy, apache, reverse, system administration

Have more questions? Submit a request
Powered by Zendesk