Connect your website from Apache with a virtual host and reverse proxy
Learn how to connect your website from Apache with a virtual host and reverse proxy.
When doing a new Web system development with Perl, it is complex such as security, development efficiency, real-time Web, cloud server support, etc. For that reason, we recommend that you create your website in a reverse proxy configuration.
Why operate with a reverse proxy configuration
I will write the reason why it is recommended to operate with a reverse proxy configuration instead of the method that can be operated just by arranging it like a CGI program.
Mitigating security risks
Compared to CGI programs, web frameworks can be used to minimize security risks. Generally speaking, the web framework takes measures in advance against vulnerabilities in the web, such as escaping when outputting a character string to HTML. Of course, that's not the only thing that's safe, but by following the framework's style, you can reduce your security risks.
Development efficiency
The web framework allows you to test your website in a user environment. Instead of running CGI on Apache, you can launch a website and develop in each user's home directory. The error messages that the web framework displays are kind. You can improve development efficiency.
Execution speed
If you use a web framework to launch a website on a Perl web server, you can get fast execution speed without launching the process every time like CGI.
Real-time Web
There are modern web techniques called push notifications, streaming, real-time updates, and real-time chat, which cannot be achieved with CGI. You can do this by launching a website using a web framework that supports the real-time web and connecting with a reverse proxy from Apache.
Cloud server support
CGI programs are slow to execute and do not have scalability such as increasing the number of servers and connecting them to load balancers. On the other hand, if you start the website and connect it from the Apache reverse proxy, this is a loose coupling between servers, so you can change the connection from the Apache reverse proxy to the connection from the load balancer. , Can be done naturally.
Main features of Apache virtual hosts
First, I will explain the functions of Apache's virtual host. Apache virtual hosting is simply a feature for running multiple websites in different domains.
In other words, if you want to run multiple websites with different domains, you'll want to use Apache's virtual host feature. If you want to run multiple sites, it happens very often, so it is recommended to create an Apache configuration file on a virtual host from the beginning, even for one website.
What is a reverse proxy?
A reverse proxy is simply a function that transfers access to Apache to another server. Users connect to Apache from an HTTP client such as a web browser. You can connect that connection to another server.
Start a Perl website as an HTTP server and listen on a specific port. This is a feature provided by the web framework. For example, listen on port 8080.
Set up a reverse proxy in Apache and connect it to your Perl website. With a virtual host, you can connect to different ports in different domains, so you can operate multiple websites by launching websites on different ports and connecting according to the domain. increase.
Apache module required for reverse proxy
The Apache modules required to configure the reverse proxy are mod_proxy, mod_proxy_http.
You also need mod_rewrite to redirect HTTP to HTTPS.
Mod_ssl is required to support HTTPS.
You will need the mod_headers module to tell in the HTTP headers that it is HTTPS.
Apache virtual host and reverse proxy settings
First, place the configuration file in the following directory.
/ etc / apache2 / sites-available
The directory of this configuration file is explained in detail on the following page.
vi < Create a configuration file with the / a> command.
cd / etc / apache2 / sites-available sudo vi www.mydomain.example.conf
The contents of the configuration file are as follows. Notice that we are using the virtual host feature to connect "www.mydomain.example" to "port 8080" with a reverse proxy. Although it is a description that supports HTTPS, I have not used a real SSL certificate yet, and I am using Self SSL certificate.
<VirtualHost *: 80> ServerName www.mydomain.example RewriteEngine on RewriteRule (. *)? $Https: //%{HTTP_HOST}%{REQUEST_URI} [L, R = 301] </VirtualHost> <VirtualHost *: 443> ServerName www.mydomain.example <Proxy *> Require all granted </Proxy> ProxyRequests Off ProxyPreserveHost On ProxyPass / http: // localhost: 8080 / keepalive = On ProxyPassReverse / http: // localhost: 8080 / RequestHeader set X-Forwarded-Proto "https" SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost>
A brief explanation of the configuration file
<VirtualHost *: 80> ServerName www.mydomain.example RewriteEngine on RewriteRule (. *)? $Https: //%{HTTP_HOST}%{REQUEST_URI} [L, R = 301] </VirtualHost>
ServerName describes the domain name of your website. The connection to http (port 80) is redirected to https (port 443) using mod_rewrite.
<VirtualHost *: 443> ServerName www.mydomain.example <Proxy *> Require all granted </Proxy> ProxyRequests Off ProxyPreserveHost On ProxyPass / http: // localhost: 8080 / keepalive = On ProxyPassReverse / http: // localhost: 8080 / RequestHeader set X-Forwarded-Proto "https" SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key </VirtualHost>
ServerName describes the domain name of your website.
The Proxy directive is mandatory. Allow proxy requests.
"Proxy Requests Off" turns off the forward proxy (a normal proxy connection that is not a reverse proxy).
"Proxy Preserve Host On" passes the host name of the client that accessed Apache to the Web application as it is.
ProxyPass / http: // localhost: 8080 / keepalive = On ProxyPassReverse / http: // localhost: 8080 /
The above is the setting to connect to port 8080 of the local host. I need to write two things.
"Request Header set X-Forwarded-Proto" https "" tells you that your Perl web application is an HTTPS connection.
SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
The above is the setting of Self SSL certificate.
Enable configuration file
After completing the settings, enable the configuration file.
sudo a2ensite www.mydomain.example
Restart Aapache after activation.
sudo systemctl reload apache2
Make sure the website is running in Perl on port 8080.
If you can display the website with "https://www.mydomain.example", it is successful.
Operate with HTTPS
If you want to obtain an SSL certificate and operate it over HTTPS in a production environment, the following article explains how to set the SSL certificate.