Apache Reverse Proxy Setup

Jul 1, 2025

Overview

This lecture explains how to configure Apache HTTP Server (httpd) as a reverse proxy, enabling features like load balancing, failover, and centralized control of backend servers.

Introduction to Reverse Proxy

  • Apache httpd can function as a reverse proxy, forwarding client requests to backend servers.
  • The reverse proxy hides backend infrastructure from clients for better security and control.
  • Common reasons for reverse proxy use include security, high availability, load balancing, and centralized authentication.

Simple Reverse Proxying

  • Use ProxyPass to map incoming requests to a backend server.
  • ProxyPassReverse rewrites Location: headers in backend responses to refer to the proxy server.
  • You can proxy all or only specific URIs using these directives.

Clusters and Balancers

  • A group of backend servers, or "balancer", provides load balancing and failover.
  • Define a balancer with <Proxy> and BalancerMember directives.
  • ProxySet sets the load balancing method, e.g., balancing by I/O bytes.

Balancer and BalancerMember Configuration

  • Balancer members' behavior can be adjusted using parameters like loadfactor (traffic distribution) and timeout.
  • Example: Assign more traffic or set timeouts per worker (backend server).

Failover Strategies

  • Configure hot spares (replacements) and hot standbys for advanced failover.
  • Spares take over if a worker fails; standbys are used only if all others are unavailable.
  • Balancer sets are tried in order for failover.

Balancer Manager

  • The embedded balancer-manager tool displays and allows live adjustment of balancer and worker settings.
  • Dynamic changes, including adding/removing workers, can be made via a web interface.
  • Restrict access to balancer-manager for security.
  • Use BalancerPersist to keep changes after restarts.

Dynamic Health Checks

  • The ping parameter and mod_proxy_hcheck module support automatic and dynamic health checks of workers before proxying requests.

BalancerMember Status Flags

  • Workers have status flags (e.g., Dis, Stop, Err) indicating availability and behavior.
  • Flags help manage load, failover, and error handling in the proxy setup.

Key Terms & Definitions

  • Reverse Proxy — Server that forwards client requests to backend servers and returns responses.
  • Balancer — A group of backend servers for load balancing and failover.
  • BalancerMember/Worker — Individual backend server in a balancer group.
  • ProxyPass — Directive mapping requests to backend.
  • ProxyPassReverse — Rewrites backend response headers for the client.
  • Hot Spare — Backup worker used if another fails.
  • Hot Standby — Worker activated only if no main or spare workers are available.
  • Balancer Manager — Web interface for managing proxy balancer settings.

Action Items / Next Steps

  • Secure the balancer-manager interface before enabling it.
  • Enable BalancerPersist to save configuration changes across restarts.
  • Review the mod_proxy_hcheck documentation for detailed health check configuration.

View note source

https://httpd.apache.org/docs/2.4/howto/reverse_proxy.html