Introduction of Ubuntu Server Construction

Connect your website from Apache with a virtual host and reverse proxy

Learn how to connect your website from Apache with a virtual host and reverse proxy.

When doing a new Web system development with Perl, it is complex such as security, development efficiency, real-time Web, cloud server support, etc. For that reason, we recommend that you create your website in a reverse proxy configuration.

Why operate with a reverse proxy configuration

I will write the reason why it is recommended to operate with a reverse proxy configuration instead of the method that can be operated just by arranging it like a CGI program.

Mitigating security risks

Compared to CGI programs, web frameworks can be used to minimize security risks. Generally speaking, the web framework takes measures in advance against vulnerabilities in the web, such as escaping when outputting a character string to HTML. Of course, that's not the only thing that's safe, but by following the framework's style, you can reduce your security risks.

Development efficiency

The web framework allows you to test your website in a user environment. Instead of running CGI on Apache, you can launch a website and develop in each user's home directory. The error messages that the web framework displays are kind. You can improve development efficiency.

Execution speed

If you use a web framework to launch a website on a Perl web server, you can get fast execution speed without launching the process every time like CGI.

Real-time Web

There are modern web techniques called push notifications, streaming, real-time updates, and real-time chat, which cannot be achieved with CGI. You can do this by launching a website using a web framework that supports the real-time web and connecting with a reverse proxy from Apache.

Cloud server support

CGI programs are slow to execute and do not have scalability such as increasing the number of servers and connecting them to load balancers. On the other hand, if you start the website and connect it from the Apache reverse proxy, this is a loose coupling between servers, so you can change the connection from the Apache reverse proxy to the connection from the load balancer. , Can be done naturally.

Main features of Apache virtual hosts

First, I will explain the functions of Apache's virtual host. Apache virtual hosting is simply a feature for running multiple websites in different domains.

In other words, if you want to run multiple websites with different domains, you'll want to use Apache's virtual host feature. If you want to run multiple sites, it happens very often, so it is recommended to create an Apache configuration file on a virtual host from the beginning, even for one website.

What is a reverse proxy?

A reverse proxy is simply a function that transfers access to Apache to another server. Users connect to Apache from an HTTP client such as a web browser. You can connect that connection to another server.

Start a Perl website as an HTTP server and listen on a specific port. This is a feature provided by the web framework. For example, listen on port 8080.

Set up a reverse proxy in Apache and connect it to your Perl website. With a virtual host, you can connect to different ports in different domains, so you can operate multiple websites by launching websites on different ports and connecting according to the domain. increase.

Apache module required for reverse proxy

The Apache modules required to configure the reverse proxy are mod_proxy, mod_proxy_http.

• Enable mod_proxy module in Apache
• Enable mod_proxy_http module in Apache

You also need mod_rewrite to redirect HTTP to HTTPS.

• Enable mod_rewrite module in Apache

Mod_ssl is required to support HTTPS.

• Enable mod_ssl for HTTPS communication with Apache

You will need the mod_headers module to tell in the HTTP headers that it is HTTPS.

• Enable mod_headers module in Apache

Apache virtual host and reverse proxy settings

First, place the configuration file in the following directory.

/ etc / apache2 / sites-available

The directory of this configuration file is explained in detail on the following page.

• Enable / disable Apache config file-basic config / module config / site config

vi < Create a configuration file with the / a> command.

cd / etc / apache2 / sites-available
sudo vi www.mydomain.example.conf

The contents of the configuration file are as follows. Notice that we are using the virtual host feature to connect "www.mydomain.example" to "port 8080" with a reverse proxy. Although it is a description that supports HTTPS, I have not used a real SSL certificate yet, and I am using Self SSL certificate.

<VirtualHost *: 80>
  ServerName www.mydomain.example

  RewriteEngine on
  RewriteRule (. *)? $Https: //%{HTTP_HOST}%{REQUEST_URI} [L, R = 301]
</VirtualHost>

<VirtualHost *: 443>
  ServerName www.mydomain.example

  <Proxy *>
    Require all granted
  </Proxy>

  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass / http: // localhost: 8080 / keepalive = On
  ProxyPassReverse / http: // localhost: 8080 /
  RequestHeader set X-Forwarded-Proto "https"

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>

A brief explanation of the configuration file

<VirtualHost *: 80>
  ServerName www.mydomain.example

  RewriteEngine on
  RewriteRule (. *)? $Https: //%{HTTP_HOST}%{REQUEST_URI} [L, R = 301]
</VirtualHost>

ServerName describes the domain name of your website. The connection to http (port 80) is redirected to https (port 443) using mod_rewrite.

<VirtualHost *: 443>
  ServerName www.mydomain.example

  <Proxy *>
    Require all granted
  </Proxy>

  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass / http: // localhost: 8080 / keepalive = On
  ProxyPassReverse / http: // localhost: 8080 /
  RequestHeader set X-Forwarded-Proto "https"

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>

ServerName describes the domain name of your website.

The Proxy directive is mandatory. Allow proxy requests.

"Proxy Requests Off" turns off the forward proxy (a normal proxy connection that is not a reverse proxy).

"Proxy Preserve Host On" passes the host name of the client that accessed Apache to the Web application as it is.

ProxyPass / http: // localhost: 8080 / keepalive = On
ProxyPassReverse / http: // localhost: 8080 /

The above is the setting to connect to port 8080 of the local host. I need to write two things.

"Request Header set X-Forwarded-Proto" https "" tells you that your Perl web application is an HTTPS connection.

  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

The above is the setting of Self SSL certificate.

Enable configuration file

After completing the settings, enable the configuration file.

sudo a2ensite www.mydomain.example

Restart Aapache after activation.

sudo systemctl reload apache2

Make sure the website is running in Perl on port 8080.

If you can display the website with "https://www.mydomain.example", it is successful.

Operate with HTTPS

If you want to obtain an SSL certificate and operate it over HTTPS in a production environment, the following article explains how to set the SSL certificate.

• Describe the SSL certificate settings in the Apache configuration file